diff --git a/umbraco/businesslogic/BasePages/BasePage.cs b/umbraco/businesslogic/BasePages/BasePage.cs
index eed3dab726..1de62ae816 100644
--- a/umbraco/businesslogic/BasePages/BasePage.cs
+++ b/umbraco/businesslogic/BasePages/BasePage.cs
@@ -151,6 +151,8 @@ namespace umbraco.BasePages {
                 if (timeout > DateTime.Now.Ticks) {
                     return true;
                 } else {
+                    // clear the usercontext id to prevent continuous logout entries
+                    BasePage.umbracoUserContextID = String.Empty;
                     BusinessLogic.Log.Add(BusinessLogic.LogTypes.Logout, BusinessLogic.User.GetUser(uid), -1, "");
 
                     return false;
diff --git a/umbraco/businesslogic/Exceptions/UserAuthorizationException.cs b/umbraco/businesslogic/Exceptions/UserAuthorizationException.cs
new file mode 100644
index 0000000000..b27d8d0ae3
--- /dev/null
+++ b/umbraco/businesslogic/Exceptions/UserAuthorizationException.cs
@@ -0,0 +1,23 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+
+namespace umbraco.businesslogic.Exceptions
+{
+    /// <summary>
+    /// Exception class when an Umbraco user either has wrong credentials or insufficient permissions
+    /// </summary>
+    public class UserAuthorizationException : Exception
+    {
+        public UserAuthorizationException()
+        {
+            
+        }
+
+        public UserAuthorizationException(string message) : base(message)
+        {
+            
+        }
+    }
+}
diff --git a/umbraco/presentation/umbraco/Trees/loadContent.cs b/umbraco/presentation/umbraco/Trees/loadContent.cs
index 67d3c9f26c..5c02bf4cd0 100644
--- a/umbraco/presentation/umbraco/Trees/loadContent.cs
+++ b/umbraco/presentation/umbraco/Trees/loadContent.cs
@@ -78,10 +78,17 @@ namespace umbraco
             }
             else
             {
-                ///add the default actions to the content tree
-                actions.Add(ActionNew.Instance);
-                actions.Add(ActionSort.Instance);
-                actions.Add(ContextMenuSeperator.Instance);
+                // we need to get the default permissions as you can't set permissions on the very root node
+                List<IAction> nodeActions = Action.FromString(CurrentUser.GetPermissions("-1"));
+                List<IAction> allowedRootActions = new List<IAction>();
+                allowedRootActions.Add(ActionNew.Instance);
+                allowedRootActions.Add(ActionSort.Instance);
+                List<IAction> allowedMenu = GetUserAllowedActions(allowedRootActions, nodeActions);
+                actions.AddRange(allowedMenu);
+                if (allowedMenu.Count > 0 )
+                    actions.Add(ContextMenuSeperator.Instance);
+
+                // default actions for all users
                 actions.Add(ActionRePublish.Instance);
                 actions.Add(ContextMenuSeperator.Instance);
                 actions.Add(ActionRefresh.Instance);