diff --git a/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php b/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php
index 3c0d5e17eb..32e2d7bf10 100644
--- a/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php
+++ b/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php
@@ -69,7 +69,8 @@ class PSExposeController extends Controller
     }
 
     /**
-     * Add or update access control entry (ACE) for a publication
+     * Add update or delete access control entry (ACE) for a publication
+     * "action" param value : "update" or "delete"
      *
      * @param PhraseaApplication $app
      * @param Request $request
@@ -84,13 +85,22 @@ class PSExposeController extends Controller
         $accessToken = $this->getAndSaveToken($exposeConfiguration);
 
         try {
-            $response = $exposeClient->put('/permissions/ace', [
+            $guzzleParams = [
                 'headers' => [
                     'Authorization' => 'Bearer '. $accessToken,
                     'Content-Type'  => 'application/json'
                 ],
                 'json' => $request->get('jsonData')
-            ]);
+            ];
+
+            if ($request->get('action') == 'delete') {
+                $response = $exposeClient->delete('/permissions/ace', $guzzleParams);
+                $message = 'Permission successfully deleted!';
+            } else {
+                $response = $exposeClient->put('/permissions/ace', $guzzleParams);
+                $message = 'Permission successfully updated!';
+            }
+
         } catch(\Exception $e) {
             return $this->app->json([
                 'success' => false,
@@ -107,7 +117,7 @@ class PSExposeController extends Controller
 
         return $this->app->json([
             'success' => true,
-            'message' => 'Permission successfully updated!'
+            'message' => $message
         ]);
     }
 
@@ -193,9 +203,6 @@ class PSExposeController extends Controller
         $accessToken = $this->getAndSaveToken($exposeConfiguration);
 
         $publication = [];
-        $permissions = [];
-        $listUsers = [];
-        $listGroups = [];
 
         $resPublication = $exposeClient->get('/publications/' . $request->get('publicationId') , [
             'headers' => [
@@ -222,45 +229,7 @@ class PSExposeController extends Controller
             ]);
         }
 
-        $resPermission = $exposeClient->get('/permissions/aces?objectType=publication&objectId=' . $request->get('publicationId') , [
-            'headers' => [
-                'Authorization' => 'Bearer '. $accessToken
-            ]
-        ]);
-
-        if ($resPermission->getStatusCode() == 200) {
-            $permissions = json_decode($resPermission->getBody()->getContents(),true);
-        }
-
-        $resUsers = $exposeClient->get('/permissions/users', [
-            'headers' => [
-                'Authorization' => 'Bearer '. $accessToken
-            ]
-        ]);
-
-        if ($resUsers->getStatusCode() == 200) {
-            $listUsers = json_decode($resUsers->getBody()->getContents(),true);
-        }
-
-        $resGroups = $exposeClient->get('/permissions/groups', [
-            'headers' => [
-                'Authorization' => 'Bearer '. $accessToken
-            ]
-        ]);
-
-        if ($resGroups->getStatusCode() == 200) {
-            $listGroups = json_decode($resGroups->getBody()->getContents(),true);
-        }
-
-        foreach ($permissions as &$permission) {
-            if ($permission['userType'] == 'user') {
-                $key = array_search($permission['userId'], array_column($listUsers, 'id'));
-                $permission = array_merge($permission, $listUsers[$key]);
-            } elseif ($permission['userType'] == 'group') {
-                $key = array_search($permission['userId'], array_column($listGroups, 'id'));
-                $permission = array_merge($permission, $listGroups[$key]);
-            }
-        }
+        list($permissions, $listUsers, $listGroups) = $this->getPermissions($exposeClient, $request->get('publicationId'), $accessToken);
 
         return $this->render("prod/WorkZone/ExposeEdit.html.twig", [
             'publication' => $publication,
@@ -271,6 +240,29 @@ class PSExposeController extends Controller
         ]);
     }
 
+    /**
+     * @param PhraseaApplication $app
+     * @param Request $request
+     * @return string
+     */
+    public function listPublicationPermissionAction(PhraseaApplication $app, Request $request)
+    {
+        $exposeConfiguration = $app['conf']->get(['phraseanet-service', 'expose-service', 'exposes'], []);
+        $exposeConfiguration = $exposeConfiguration[$request->get('exposeName')];
+
+        $exposeClient = new Client(['base_uri' => $exposeConfiguration['expose_base_uri'], 'http_errors' => false]);
+
+        $accessToken = $this->getAndSaveToken($exposeConfiguration);
+
+        list($permissions, $listUsers, $listGroups) = $this->getPermissions($exposeClient, $request->get('publicationId'), $accessToken);
+
+        return $this->render("prod/WorkZone/ExposePermission.html.twig", [
+            'permissions' => $permissions,
+            'listUsers'   => $listUsers,
+            'listGroups'  => $listGroups
+        ]);
+    }
+
     /**
      * Require params "exposeName" and "publicationId"
      * optionnal param "page"
@@ -606,6 +598,67 @@ class PSExposeController extends Controller
         ]);
     }
 
+    /**
+     * @param Client $exposeClient
+     * @param $publicationId
+     * @param $accessToken
+     * @return array
+     */
+    private function getPermissions(Client $exposeClient, $publicationId, $accessToken)
+    {
+        $permissions = [];
+        $listUsers = [];
+        $listGroups = [];
+
+        $resPermission = $exposeClient->get('/permissions/aces?objectType=publication&objectId=' . $publicationId, [
+            'headers' => [
+                'Authorization' => 'Bearer '. $accessToken
+            ]
+        ]);
+
+        if ($resPermission->getStatusCode() == 200) {
+            $permissions = json_decode($resPermission->getBody()->getContents(),true);
+        }
+
+        $resUsers = $exposeClient->get('/permissions/users', [
+            'headers' => [
+                'Authorization' => 'Bearer '. $accessToken
+            ]
+        ]);
+
+        if ($resUsers->getStatusCode() == 200) {
+            $listUsers = json_decode($resUsers->getBody()->getContents(),true);
+        }
+
+        $resGroups = $exposeClient->get('/permissions/groups', [
+            'headers' => [
+                'Authorization' => 'Bearer '. $accessToken
+            ]
+        ]);
+
+        if ($resGroups->getStatusCode() == 200) {
+            $listGroups = json_decode($resGroups->getBody()->getContents(),true);
+        }
+
+        foreach ($permissions as &$permission) {
+            if ($permission['userType'] == 'user') {
+                $key = array_search($permission['userId'], array_column($listUsers, 'id'));
+                $permission = array_merge($permission, $listUsers[$key]);
+                $listUsers[$key]['selected'] = true;
+            } elseif ($permission['userType'] == 'group') {
+                $key = array_search($permission['userId'], array_column($listGroups, 'id'));
+                $permission = array_merge($permission, $listGroups[$key]);
+                $listGroups[$key]['selected'] = true;
+            }
+        }
+
+        return [
+            $permissions,
+            $listUsers,
+            $listGroups
+        ];
+    }
+
     /**
      * Get Token and save in session
      * @param $config
diff --git a/lib/Alchemy/Phrasea/PhraseanetService/Provider/PSExposeServiceProvider.php b/lib/Alchemy/Phrasea/PhraseanetService/Provider/PSExposeServiceProvider.php
index b511c40c13..d182486df9 100644
--- a/lib/Alchemy/Phrasea/PhraseanetService/Provider/PSExposeServiceProvider.php
+++ b/lib/Alchemy/Phrasea/PhraseanetService/Provider/PSExposeServiceProvider.php
@@ -74,6 +74,10 @@ class PSExposeServiceProvider implements ControllerProviderInterface, ServicePro
             ->method('POST')
             ->bind('ps_expose_publication_permission_update');
 
+        $controllers->match('/publication/permission/list', 'controller.ps.expose:listPublicationPermissionAction')
+            ->method('GET')
+            ->bind('ps_expose_publication_permission_list');
+
         return $controllers;
     }
 
diff --git a/templates/web/prod/WorkZone/ExposeEdit.html.twig b/templates/web/prod/WorkZone/ExposeEdit.html.twig
index c73dcb7936..1e9a5198a5 100644
--- a/templates/web/prod/WorkZone/ExposeEdit.html.twig
+++ b/templates/web/prod/WorkZone/ExposeEdit.html.twig
@@ -1,7 +1,7 @@
 {% block css %}
     <style type="text/css">
         #permission-editing td, #permission-editing th {
-            min-width: 200px;
+            min-width: 150px;
             text-align: center;
             height: 50px;
         }
@@ -177,115 +177,13 @@
 
         </div>
 
-        <div style="padding: 10px;">
-
-            <div class="ui-widget">
-                <select id="group-list" name="" tabindex="-1" aria-hidden="true"
-                        class="">
-                    <option value="">Select a group</option>
-                    {% for group in listGroups %}
-                        <option value="{{ group.id }}">{{ group.name }}</option>
-                    {% endfor %}
-                </select>
-            </div>
-
-            <table>
-                <thead>
-                <tr>
-                    <th>
-                        Group
-                    </th>
-                    <th>
-                        View
-                    </th>
-                    <th>
-                        Edit
-                    </th>
-                    <th>
-                        Delete
-                    </th>
-                </tr>
-                </thead>
-                <tbody id="group-permission-list">
-                {% for permission in permissions %}
-                    {% if permission.userType == 'group' %}
-                        <tr data-group-id="{{ permission.userId }}" data-mask="{{ permission.mask }}">
-                            <td>
-                                {{ permission.name }}
-                            </td>
-                            <td>
-                                <input class="group-view" type="checkbox" {% if (permission.mask b-and 1) != 0  %} checked {% endif %} />
-                            </td>
-                            <td>
-                                <input class="group-edit" type="checkbox" {% if (permission.mask b-and 4) != 0  %} checked {% endif %}/>
-                            </td>
-                            <td>
-                                <input class="group-delete" type="checkbox" {% if (permission.mask b-and 8) != 0  %} checked {% endif %}/>
-                            </td>
-                        </tr>
-                    {% endif %}
-                {% endfor %}
-                </tbody>
-            </table>
-
-
-            <br/>
-            <br/>
-
-            <div class="ui-widget">
-                <select id="user-list" name="" tabindex="-1" aria-hidden="true"
-                        class="">
-                    <option value="">Select an user</option>
-                    {% for user in listUsers %}
-                        <option value="{{ user.id }}">{{ user.username }}</option>
-                    {% endfor %}
-                </select>
-            </div>
-
-            <table>
-                <thead>
-                    <tr>
-                        <th>
-                            User
-                        </th>
-                        <th>
-                            View
-                        </th>
-                        <th>
-                            Edit
-                        </th>
-                        <th>
-                            Delete
-                        </th>
-                    </tr>
-                </thead>
-                <tbody id="user-permission-list">
-                    {% for permission in permissions %}
-                        {% if permission.userType == 'user' %}
-                        <tr data-user-id="{{ permission.userId }}" data-mask="{{ permission.mask }}">
-                            <td>
-                                {{ permission.username }}
-                            </td>
-                            <td>
-                                <input class="user-view" type="checkbox" {% if (permission.mask b-and 1) != 0  %} checked {% endif %}/>
-                            </td>
-                            <td>
-                                <input class="user-edit" type="checkbox" {% if (permission.mask b-and 4) != 0  %} checked {% endif %}/>
-                            </td>
-                            <td>
-                                <input class="user-delete" type="checkbox" {% if (permission.mask b-and 8) != 0  %} checked {% endif %}/>
-                            </td>
-                        </tr>
-                        {% endif %}
-                    {% endfor %}
-                </tbody>
-            </table>
+        <div id="permission-list" style="padding: 10px;">
+            {% include 'prod/WorkZone/ExposePermission.html.twig' %}
         </div>
     </div>
 </div>
 
     <script type="text/javascript">
-
         var publicationEdit = $(document).find("#DIALOG-expose-edit");
 
         var publicationForm = publicationEdit.find("#publication-data-form");
@@ -295,9 +193,8 @@
         var groupList = publicationEdit.find("#group-list");
         var advancedSetting = publicationEdit.find("#advancedSetting");
 
-        var userPermissionList = publicationEdit.find('#user-permission-list');
-        var groupPermissionList = publicationEdit.find('#group-permission-list');
         var publicationFieldClass = publicationEdit.find(".publication-field");
+        var permissionList = publicationEdit.find("#permission-list");
 
         $.datepicker.regional['default'] = {
             closeText: "Close",
@@ -312,7 +209,6 @@
             altField: ".alternate",
             altFormat: "yy-mm-dd",
             minDate: 0
-
         };
 
         $(".use-datepicker").datepicker($.datepicker.regional['default']);
@@ -367,7 +263,7 @@
 
         });
 
-        bindCheckboxEvent();
+        bindEvent();
 
         publicationFieldClass.on('keyup change', function (e) {
             try {
@@ -420,66 +316,80 @@
 
         });
 
-        userList.on('change', function () {
-            let userId = $(this).val();
+        permissionList.on('change', '#input-user-list', function () {
+            let optionSelected = permissionList.find('#user-list option[value="'+this.value+'"]');
 
-            if (userId !== '') {
-                let userName = $("#user-list option:selected").text();
+            if (optionSelected.length !== 0) {
+                let userId = optionSelected.text();
 
-                let permissionLine = '<tr data-user-id="'+ userId +'" data-mask="0">\n' +
-                    '                <td>\n' + userName +
-                    '                </td>\n' +
-                    '                <td>\n' +
-                    '                <input class="user-view" type="checkbox" />\n' +
-                    '            </td>\n' +
-                    '            <td>\n' +
-                    '            <input class="user-edit" type="checkbox" />\n' +
-                    '            </td>\n' +
-                    '            <td>\n' +
-                    '            <input class="user-delete" type="checkbox" />\n' +
-                    '            </td>\n' +
-                    '            </tr>'
-                ;
+                if (userId !== '') {
+                    optionSelected.attr('disabled','disabled');
 
-                userPermissionList.append(permissionLine);
+                    let userName = this.value;
 
-                // new permission
-                updatePermission(null, userId, 0, 1, 'user', true);
+                    let permissionLine = '<tr data-user-id="'+ userId +'" data-mask="0">\n' +
+                        '                <td>\n' + userName +
+                        '                </td>\n' +
+                        '                <td>\n' +
+                        '                <input class="user-view" type="checkbox" />\n' +
+                        '            </td>\n' +
+                        '            <td>\n' +
+                        '            <input class="user-edit" type="checkbox" />\n' +
+                        '            </td>\n' +
+                        '            <td>\n' +
+                        '            <input class="user-delete" type="checkbox" />\n' +
+                        '            </td>\n' +
+                        '<td><button class="btn-danger btn-mini delete-user-permission" >Delete</button></td>\n'+
+                        '            </tr>'
+                    ;
+
+                    permissionList.find("#user-permission-list").append(permissionLine);
+
+                    // new permission
+                    updatePermission(null, userId, 0, 1, 'user', true);
+                }
             }
 
         });
 
-        groupList.on('change', function() {
-            let groupId = $(this).val();
+        permissionList.on('change', '#input-group-list', function() {
+            let optionSelected = permissionList.find('#group-list option[value="'+this.value+'"]');
 
-            if (groupId !== '') {
-                let groupName = $("#group-list option:selected").text();
+            if (optionSelected.length !== 0) {
+                let groupId = optionSelected.text();
 
-                let permissionLine = '<tr data-group-id="'+ groupId +'" data-mask="0">\n' +
-                    '                <td>\n' + groupName +
-                    '                </td>\n' +
-                    '                <td>\n' +
-                    '                <input class="group-view" type="checkbox" />\n' +
-                    '            </td>\n' +
-                    '            <td>\n' +
-                    '            <input class="group-edit" type="checkbox" />\n' +
-                    '            </td>\n' +
-                    '            <td>\n' +
-                    '            <input class="group-delete" type="checkbox" />\n' +
-                    '            </td>\n' +
-                    '            </tr>'
-                ;
+                if (groupId !== '') {
+                    optionSelected.attr('disabled','disabled');
 
-                groupPermissionList.append(permissionLine);
+                    let groupName = this.value;
 
-                // new permission
-                updatePermission(null, groupId, 0, 1, 'group', true);
+                    let permissionLine = '<tr data-group-id="'+ groupId +'" data-mask="0">\n' +
+                        '                <td>\n' + groupName +
+                        '                </td>\n' +
+                        '                <td>\n' +
+                        '                <input class="group-view" type="checkbox" />\n' +
+                        '            </td>\n' +
+                        '            <td>\n' +
+                        '            <input class="group-edit" type="checkbox" />\n' +
+                        '            </td>\n' +
+                        '            <td>\n' +
+                        '            <input class="group-delete" type="checkbox" />\n' +
+                        '            </td>\n' +
+                        '<td><button class="btn-danger btn-mini delete-group-permission">Delete</button></td>\n'+
+                        '            </tr>'
+                    ;
+
+                    permissionList.find("#group-permission-list").append(permissionLine);
+
+                    // new permission
+                    updatePermission(null, groupId, 0, 1, 'group', true);
+                }
             }
         });
 
-        function bindCheckboxEvent() {
+        function bindEvent() {
             // user right
-            userPermissionList.on('change', '.user-view', function () {
+            permissionList.on('change', '.user-view', function () {
                 updatePermission(
                     $(this),
                     $(this).parents('tr').attr('data-user-id'),
@@ -489,7 +399,7 @@
                 );
             });
 
-            userPermissionList.on('change', '.user-edit', function () {
+            permissionList.on('change', '.user-edit', function () {
                 updatePermission(
                     $(this),
                     $(this).parents('tr').attr('data-user-id'),
@@ -499,7 +409,7 @@
                 );
             });
 
-            userPermissionList.on('change', '.user-delete', function () {
+            permissionList.on('change', '.user-delete', function () {
                 updatePermission(
                     $(this),
                     $(this).parents('tr').attr('data-user-id'),
@@ -509,8 +419,13 @@
                 );
             });
 
+            permissionList.on('click', '.delete-user-permission', function () {
+                deletePermission('user', $(this).parents('tr').attr('data-user-id'));
+
+            });
+
             // group right
-            groupPermissionList.on('change', '.group-view', function () {
+            permissionList.on('change', '.group-view', function () {
                 updatePermission(
                     $(this),
                     $(this).parents('tr').attr('data-group-id'),
@@ -520,7 +435,7 @@
                 );
             });
 
-            groupPermissionList.on('change', '.group-edit', function () {
+            permissionList.on('change', '.group-edit', function () {
                 updatePermission(
                     $(this),
                     $(this).parents('tr').attr('data-group-id'),
@@ -530,7 +445,7 @@
                 );
             });
 
-            groupPermissionList.on('change', '.group-delete', function () {
+            permissionList.on('change', '.group-delete', function () {
                 updatePermission(
                     $(this),
                     $(this).parents('tr').attr('data-group-id'),
@@ -539,6 +454,10 @@
                     'group'
                 );
             });
+
+            permissionList.on('click', '.delete-group-permission', function () {
+                deletePermission('group', $(this).parents('tr').attr('data-group-id'));
+            });
         }
 
         function updatePermission(checkboxSelector, userId, mask, singleMask, userType, isNew = false) {
@@ -565,7 +484,8 @@
                         objectType: "publication",
                         objectId: "{{ publication.id }}",
                         mask: mask
-                    }
+                    },
+                    action: "update"
                 },
                 success: function (data) {
                     if (data.success) {
@@ -579,6 +499,45 @@
             });
         }
 
+        function deletePermission(userType, userId) {
+            hideInfo();
+
+            $.ajax({
+                type: "POST",
+                url: "/prod/expose/publication/permission/update",
+                dataType: 'json',
+                data: {
+                    exposeName: "{{ exposeName }}",
+                    jsonData: {
+                        userType: userType,
+                        userId: userId,
+                        objectType: "publication",
+                        objectId: "{{ publication.id }}"
+                    },
+                    action: "delete"
+                },
+                success: function (data) {
+                    if (data.success) {
+                        publicationEdit.find("#permission-error").addClass("hidden");
+                        publicationEdit.find("#permission-success").removeClass("hidden").html(data.message);
+
+                        $.ajax({
+                            type: "GET",
+                            url: "/prod/expose/publication/permission/list?exposeName={{ exposeName }}&publicationId={{ publication.id }}",
+                            success: function (data) {
+                                permissionList.empty().append(data);
+                                // bindCheckboxEvent();
+                            }
+                        });
+
+                    } else {
+                        publicationEdit.find("#permission-success").addClass("hidden");
+                        publicationEdit.find("#permission-error").removeClass("hidden").html(data.message);
+                    }
+                }
+            });
+        }
+
         function hideInfo() {
             publicationEdit.find("#permission-error").addClass("hidden");
             publicationEdit.find("#permission-success").addClass("hidden");
diff --git a/templates/web/prod/WorkZone/ExposePermission.html.twig b/templates/web/prod/WorkZone/ExposePermission.html.twig
new file mode 100644
index 0000000000..19f26b5655
--- /dev/null
+++ b/templates/web/prod/WorkZone/ExposePermission.html.twig
@@ -0,0 +1,110 @@
+<div class="ui-widget">
+    <input id="input-group-list" placeholder="Group name" list="group-list">
+    <datalist id="group-list" tabindex="-1" aria-hidden="true"
+            class="">
+        {% for group in listGroups %}
+            <option value="{{ group.name }}" {% if group.selected %} disabled {% endif %}>{{ group.id }}</option>
+        {% endfor %}
+    </datalist>
+</div>
+
+<table>
+    <thead>
+    <tr>
+        <th>
+            Group
+        </th>
+        <th>
+            View
+        </th>
+        <th>
+            Edit
+        </th>
+        <th>
+            Delete
+        </th>
+        <th>
+        </th>
+    </tr>
+    </thead>
+    <tbody id="group-permission-list">
+    {% for permission in permissions %}
+        {% if permission.userType == 'group' %}
+            <tr data-group-id="{{ permission.userId }}" data-mask="{{ permission.mask }}">
+                <td>
+                    {{ permission.name }}
+                </td>
+                <td>
+                    <input class="group-view" type="checkbox" {% if (permission.mask b-and 1) != 0  %} checked {% endif %} />
+                </td>
+                <td>
+                    <input class="group-edit" type="checkbox" {% if (permission.mask b-and 4) != 0  %} checked {% endif %}/>
+                </td>
+                <td>
+                    <input class="group-delete" type="checkbox" {% if (permission.mask b-and 8) != 0  %} checked {% endif %}/>
+                </td>
+                <td>
+                    <button class="btn-danger btn-mini delete-group-permission" >Delete</button>
+                </td>
+            </tr>
+        {% endif %}
+    {% endfor %}
+    </tbody>
+</table>
+
+<br/>
+<br/>
+
+<div class="ui-widget">
+    <input id="input-user-list" placeholder="User name" list="user-list">
+    <datalist id="user-list" tabindex="-1" aria-hidden="true"
+              class="">
+        {% for user in listUsers %}
+            <option value="{{ user.username }}" {% if user.selected %} disabled {% endif %}>{{ user.id }}</option>
+        {% endfor %}
+    </datalist>
+</div>
+
+<table>
+    <thead>
+    <tr>
+        <th>
+            User
+        </th>
+        <th>
+            View
+        </th>
+        <th>
+            Edit
+        </th>
+        <th>
+            Delete
+        </th>
+        <th>
+        </th>
+    </tr>
+    </thead>
+    <tbody id="user-permission-list">
+    {% for permission in permissions %}
+        {% if permission.userType == 'user' %}
+            <tr data-user-id="{{ permission.userId }}" data-mask="{{ permission.mask }}">
+                <td>
+                    {{ permission.username }}
+                </td>
+                <td>
+                    <input class="user-view" type="checkbox" {% if (permission.mask b-and 1) != 0  %} checked {% endif %}/>
+                </td>
+                <td>
+                    <input class="user-edit" type="checkbox" {% if (permission.mask b-and 4) != 0  %} checked {% endif %}/>
+                </td>
+                <td>
+                    <input class="user-delete" type="checkbox" {% if (permission.mask b-and 8) != 0  %} checked {% endif %}/>
+                </td>
+                <td>
+                    <button class="btn-danger btn-mini delete-user-permission" >Delete</button>
+                </td>
+            </tr>
+        {% endif %}
+    {% endfor %}
+    </tbody>
+</table>