diff --git a/src/rm/RequestManagerImageAllocate.cc b/src/rm/RequestManagerImageAllocate.cc
index ce266d3a6d..1722c1a3d0 100644
--- a/src/rm/RequestManagerImageAllocate.cc
+++ b/src/rm/RequestManagerImageAllocate.cc
@@ -15,10 +15,12 @@
 /* -------------------------------------------------------------------------- */
 
 #include "RequestManager.h"
-#include "NebulaLog.h"
 
+#include "NebulaLog.h"
 #include "Nebula.h"
 
+#include "AuthManager.h"
+
 /* -------------------------------------------------------------------------- */
 /* -------------------------------------------------------------------------- */
 
@@ -55,6 +57,19 @@ void RequestManager::ImageAllocate::execute(
     }
     
     uid = rc;
+    
+    //Authorize the operation
+    if ( uid != 0 ) // uid == 0 means oneadmin
+    {
+        AuthRequest ar(uid);
+
+        ar.add_auth(AuthRequest::IMAGE,-1,AuthRequest::CREATE,0,false);
+
+        if (UserPool::authorize(ar) == -1)
+        {
+            goto error_authorize;
+        }
+    }
 
     rc = ImageAllocate::ipool->allocate(uid,image_template,&iid);
 
@@ -78,6 +93,10 @@ void RequestManager::ImageAllocate::execute(
 error_authenticate:
     oss << "User not authenticated, aborting ImageAllocate call.";
     goto error_common;
+    
+error_authorize:
+    oss << "User not authorized to allocate a new IMAGE";
+    goto error_common;
 
 error_allocate:
     if (rc == -1)