diff --git a/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java b/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java
index 9e4732596..312f003ad 100644
--- a/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java
+++ b/navalplanner-business/src/main/java/org/navalplanner/business/users/entities/UserRole.java
@@ -29,7 +29,6 @@ import static org.navalplanner.business.i18n.I18nHelper._;
  */
 public enum UserRole {
 
-    ROLE_BASIC_USER(_("Basic user")),
     ROLE_ADMINISTRATION(_("Administration")),
     ROLE_WS_READER(_("Web service reader")),
     ROLE_WS_WRITER(_("Web service writer"));
diff --git a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/OrderAuthorizationDAOTest.java b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/OrderAuthorizationDAOTest.java
index 7e8c6e1fc..a064456e1 100644
--- a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/OrderAuthorizationDAOTest.java
+++ b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/OrderAuthorizationDAOTest.java
@@ -102,7 +102,6 @@ public class OrderAuthorizationDAOTest {
 
     private Profile createValidProfile() {
         Set<UserRole> roles = new HashSet<UserRole>();
-        roles.add(UserRole.ROLE_BASIC_USER);
         return Profile.create(UUID.randomUUID().toString(), roles);
     }
 
diff --git a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/ProfileDAOTest.java b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/ProfileDAOTest.java
index 0f96bd121..2a45937d1 100644
--- a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/ProfileDAOTest.java
+++ b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/ProfileDAOTest.java
@@ -63,7 +63,6 @@ public class ProfileDAOTest {
 
     private Profile createValidProfile() {
         Set<UserRole> roles = new HashSet<UserRole>();
-        roles.add(UserRole.ROLE_BASIC_USER);
         return Profile.create(UUID.randomUUID().toString(), roles);
     }
 
diff --git a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/UserDAOTest.java b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/UserDAOTest.java
index 1e3066cc3..b3dc83fbb 100644
--- a/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/UserDAOTest.java
+++ b/navalplanner-business/src/test/java/org/navalplanner/business/test/users/daos/UserDAOTest.java
@@ -280,7 +280,6 @@ public class UserDAOTest {
 
     private Profile createProfile(String profileName) {
         Set<UserRole> roles = new HashSet<UserRole>();
-        roles.add(UserRole.ROLE_BASIC_USER);
         return Profile.create(profileName, roles);
     }
 }
diff --git a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java
index 501b2a914..fc913722f 100644
--- a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java
+++ b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/bootstrap/MandatoryUser.java
@@ -20,6 +20,7 @@
 
 package org.navalplanner.web.users.bootstrap;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
@@ -34,9 +35,8 @@ import org.navalplanner.business.users.entities.UserRole;
  */
 public enum MandatoryUser {
 
-    USER(Arrays.asList(UserRole.ROLE_BASIC_USER)),
-    ADMIN(Arrays.asList(UserRole.ROLE_BASIC_USER,
-        UserRole.ROLE_ADMINISTRATION)),
+    USER(new ArrayList<UserRole>()),
+    ADMIN(Arrays.asList(UserRole.ROLE_ADMINISTRATION)),
     WSREADER(Arrays.asList(UserRole.ROLE_WS_READER)),
     WSWRITER(Arrays.asList(UserRole.ROLE_WS_READER,
         UserRole.ROLE_WS_WRITER));
diff --git a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java
index aa5bb11e7..584d67a73 100644
--- a/navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java
+++ b/navalplanner-webapp/src/main/java/org/navalplanner/web/users/services/DBUserDetailsService.java
@@ -60,7 +60,7 @@ public class DBUserDetailsService implements UserDetailsService {
         User user;
 
         try {
-            user = userDAO.findByLoginNameNotDisabled(loginName);
+            user = userDAO.findByLoginName(loginName);
         } catch (InstanceNotFoundException e) {
             throw new UsernameNotFoundException(_("User with login name " +
                 "'{0}': not found", loginName));
@@ -73,16 +73,10 @@ public class DBUserDetailsService implements UserDetailsService {
             allRoles.addAll(eachProfile.getRoles());
         }
 
-        if(allRoles.isEmpty()) {
-            //that user doesn't have any roles, so we forbid his login
-            throw new UsernameNotFoundException(_("User with login name " +
-                    "'{0}': access forbidden", loginName));
-        }
-
         return new org.springframework.security.userdetails.User(
             user.getLoginName(),
             user.getPassword(),
-            true, // enabled
+            !user.isDisabled(),
             true, // accountNonExpired
             true, // credentialsNonExpired
             true, // accountNonLocked
diff --git a/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml b/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml
index 5d10c9e1d..80d6a4c31 100644
--- a/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml
+++ b/navalplanner-webapp/src/main/resources/navalplanner-webapp-spring-security-config.xml
@@ -7,6 +7,11 @@
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
 
+    <!--
+         NOTE: see http://static.springsource.org/spring-security/site/docs/2.0.x/apidocs/org/springframework/security/vote/AuthenticatedVoter.html
+         for an explanation of the meaning of IS_AUTHENTICATED_ANONYMOUSLY and IS_AUTHENTICATED_FULLY.
+    -->
+
     <http auto-config="true" realm="Naval Planner Web Application" >
 
         <!-- Web services -->
@@ -21,13 +26,18 @@
         <intercept-url pattern="/callback/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
         <intercept-url pattern="/zkau/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
         <intercept-url pattern="/common/layout/login.zul" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-        <intercept-url pattern="/**" access="ROLE_BASIC_USER" />
         <intercept-url pattern="/advance/**" access="ROLE_ADMINISTRATION" />
         <intercept-url pattern="/resources/criterions/**" access="ROLE_ADMINISTRATION"/>
         <intercept-url pattern="/calendars/**" access="ROLE_ADMINISTRATION" />
         <intercept-url pattern="/labels/**" access="ROLE_ADMINISTRATION" />
+        <intercept-url pattern="/materials/**" access="ROLE_ADMINISTRATION" />
+        <intercept-url pattern="/costcategories/**" access="ROLE_ADMINISTRATION" />
         <intercept-url pattern="/common/configuration.zul" access="ROLE_ADMINISTRATION" />
-        <form-login login-page="/common/layout/login.zul" authentication-failure-url="/common/layout/login.zul?login_error=x"/>
+        <intercept-url pattern="/qualityforms/**" access="ROLE_ADMINISTRATION" />
+        <intercept-url pattern="/users/**" access="ROLE_ADMINISTRATION" />
+        <intercept-url pattern="/externalcompanies/**" access="ROLE_ADMINISTRATION" />
+        <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
+        <form-login login-page="/common/layout/login.zul" authentication-failure-url="/common/layout/login.zul?login_error=true"/>
 
     </http>
 
diff --git a/navalplanner-webapp/src/main/webapp/common/layout/login.zul b/navalplanner-webapp/src/main/webapp/common/layout/login.zul
index deba0da10..1bd5d262e 100644
--- a/navalplanner-webapp/src/main/webapp/common/layout/login.zul
+++ b/navalplanner-webapp/src/main/webapp/common/layout/login.zul
@@ -81,11 +81,14 @@
         </n:tr>
     </n:table></n:td>
     <n:td width="450" height="165" valign="top">
-        <html if="${not empty param.login_error}">
-          <![CDATA[
-            <div class="login_ERROR">
-                ${i18n:_('Incorrect authentication')}
-            </div>
+        <html if="${param.login_error == 'true' and SPRING_SECURITY_LAST_EXCEPTION.class.name == 'org.springframework.security.DisabledException'}">
+            <![CDATA[
+                <div class="login_ERROR">${i18n:_('User disabled')}</div>
+            ]]>
+        </html>
+        <html if="${param.login_error == 'true' and SPRING_SECURITY_LAST_EXCEPTION.class.name == 'org.springframework.security.BadCredentialsException'}">
+            <![CDATA[
+               <div class="login_ERROR">${i18n:_('Incorrect authentication')}</div>
             ]]>
         </html>
     </n:td>