diff -r 1a6000ff2080 -r d066ba3bb07d web/application.py
--- a/web/application.py	Tue Nov 27 11:38:03 2012 +0100
+++ b/web/application.py	Tue Nov 27 12:24:56 2012 +0100
@@ -34,7 +34,8 @@
 
 from cubicweb import set_log_methods, cwvreg
 from cubicweb import (
-    ValidationError, Unauthorized, AuthenticationError, NoSelectableObject,
+    ValidationError, Unauthorized, Forbidden,
+    AuthenticationError, NoSelectableObject,
     BadConnectionId, CW_EVENT_MANAGER)
 from cubicweb.dbapi import DBAPISession, anonymous_session
 from cubicweb.web import LOGGER, component
@@ -470,6 +471,11 @@
                                        'If you think you should, please contact the site administrator.')
             req.status_out = httplib.UNAUTHORIZED
             result = self.error_handler(req, ex, tb=False)
+        except Forbidden, ex:
+            req.data['errmsg'] = req._('This action is forbidden. '
+                                       'If you think it should be allowed, please contact the site administrator.')
+            req.status_out = httplib.FORBIDDEN
+            result = self.error_handler(req, ex, tb=False)
         except (BadRQLQuery, RequestError), ex:
             result = self.error_handler(req, ex, tb=False)
         ### pass through exception