diff --git a/README.md b/README.md
index 887d6878..290e66c8 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,7 @@ Features
 - 256-bit AES encryption
 - Tag system with relations
 - Multi-users ACL system
+- Hierarchical groups
 - Audit log
 - Comments
 - Storage quota per user
diff --git a/docs-android/app/app.iml b/docs-android/app/app.iml
index f0c4da0a..e93ef14d 100644
--- a/docs-android/app/app.iml
+++ b/docs-android/app/app.iml
@@ -77,10 +77,13 @@
       <sourceFolder url="file://$MODULE_DIR$/src/androidTest/rs" isTestSource="true" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/assets" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/blame" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/appcompat-v7/23.1.1/jars" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/recyclerview-v7/23.1.1/jars" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/support-v4/23.1.1/jars" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.shamanland/fab/0.0.6/jars" />
+      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/bundles" />
+      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/animated-vector-drawable/23.2.1/jars" />
+      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/appcompat-v7/23.2.1/jars" />
+      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/design/23.2.1/jars" />
+      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/recyclerview-v7/23.2.1/jars" />
+      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/support-v4/23.2.1/jars" />
+      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/com.android.support/support-vector-drawable/23.2.1/jars" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/it.sephiroth.android.library.easing/android-easing/1.0.3/jars" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/exploded-aar/it.sephiroth.android.library.imagezoom/imagezoom/1.0.5/jars" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/incremental" />
@@ -92,19 +95,21 @@
     </content>
     <orderEntry type="jdk" jdkName="Android API 23 Platform" jdkType="Android SDK" />
     <orderEntry type="sourceFolder" forTests="false" />
-    <orderEntry type="library" exported="" name="support-annotations-23.1.1" level="project" />
+    <orderEntry type="library" exported="" name="support-v4-23.2.1" level="project" />
     <orderEntry type="library" exported="" name="android-easing-1.0.3" level="project" />
     <orderEntry type="library" exported="" name="imagezoom-1.0.5" level="project" />
+    <orderEntry type="library" exported="" name="design-23.2.1" level="project" />
     <orderEntry type="library" exported="" name="okhttp-urlconnection-3.1.1" level="project" />
     <orderEntry type="library" exported="" name="picasso-2.5.2" level="project" />
-    <orderEntry type="library" exported="" name="recyclerview-v7-23.1.1" level="project" />
-    <orderEntry type="library" exported="" name="support-v4-23.1.1" level="project" />
-    <orderEntry type="library" exported="" name="fab-0.0.6" level="project" />
-    <orderEntry type="library" exported="" name="appcompat-v7-23.1.1" level="project" />
+    <orderEntry type="library" exported="" name="animated-vector-drawable-23.2.1" level="project" />
+    <orderEntry type="library" exported="" name="recyclerview-v7-23.2.1" level="project" />
+    <orderEntry type="library" exported="" name="support-annotations-23.2.1" level="project" />
     <orderEntry type="library" exported="" name="okhttp-3.1.1" level="project" />
     <orderEntry type="library" exported="" name="okio-1.6.0" level="project" />
+    <orderEntry type="library" exported="" name="support-vector-drawable-23.2.1" level="project" />
     <orderEntry type="library" exported="" name="picasso2-okhttp3-downloader-1.0.2" level="project" />
     <orderEntry type="library" exported="" name="tokenautocomplete-1.2.1" level="project" />
+    <orderEntry type="library" exported="" name="appcompat-v7-23.2.1" level="project" />
     <orderEntry type="library" exported="" name="eventbus-3.0.0" level="project" />
   </component>
 </module>
\ No newline at end of file
diff --git a/docs-android/app/build.gradle b/docs-android/app/build.gradle
index 418302c4..1b86dd75 100644
--- a/docs-android/app/build.gradle
+++ b/docs-android/app/build.gradle
@@ -3,7 +3,7 @@ buildscript {
         jcenter()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:2.0.0-beta5'
+        classpath 'com.android.tools.build:gradle:2.1.0-alpha3'
     }
 }
 apply plugin: 'com.android.application'
@@ -50,11 +50,11 @@ android {
 
 dependencies {
     compile fileTree(dir: 'libs', include: '*.jar')
-    compile 'com.android.support:appcompat-v7:23.1.1'
-    compile 'com.android.support:recyclerview-v7:23.1.1'
+    compile 'com.android.support:appcompat-v7:23.2.1'
+    compile 'com.android.support:recyclerview-v7:23.2.1'
+    compile 'com.android.support:design:23.2.1'
     compile 'it.sephiroth.android.library.imagezoom:imagezoom:1.0.5'
     compile 'org.greenrobot:eventbus:3.0.0'
-    compile 'com.shamanland:fab:0.0.6'
     compile 'com.squareup.picasso:picasso:2.5.2'
     compile 'com.squareup.okhttp3:okhttp:3.1.1'
     compile "com.squareup.okhttp3:okhttp-urlconnection:3.1.1"
diff --git a/docs-android/app/src/main/AndroidManifest.xml b/docs-android/app/src/main/AndroidManifest.xml
index ff234698..55966780 100644
--- a/docs-android/app/src/main/AndroidManifest.xml
+++ b/docs-android/app/src/main/AndroidManifest.xml
@@ -47,6 +47,16 @@
             android:name=".activity.DocumentEditActivity"
             android:label="@string/new_document">
         </activity>
+        <activity
+            android:name=".activity.AuditLogActivity"
+            android:label="@string/latest_activity">
+        </activity>
+        <activity
+            android:name=".activity.UserProfileActivity">
+        </activity>
+        <activity
+            android:name=".activity.GroupProfileActivity">
+        </activity>
         <activity
             android:name=".activity.SettingsActivity"
             android:label="@string/settings">
diff --git a/docs-android/app/src/main/java/com/sismics/docs/activity/AuditLogActivity.java b/docs-android/app/src/main/java/com/sismics/docs/activity/AuditLogActivity.java
new file mode 100644
index 00000000..391e9c81
--- /dev/null
+++ b/docs-android/app/src/main/java/com/sismics/docs/activity/AuditLogActivity.java
@@ -0,0 +1,121 @@
+package com.sismics.docs.activity;
+
+import android.content.Intent;
+import android.os.Bundle;
+import android.support.v4.widget.SwipeRefreshLayout;
+import android.support.v7.app.AppCompatActivity;
+import android.view.MenuItem;
+import android.view.View;
+import android.widget.AdapterView;
+import android.widget.ListView;
+import android.widget.ProgressBar;
+
+import com.sismics.docs.R;
+import com.sismics.docs.adapter.AuditLogListAdapter;
+import com.sismics.docs.listener.HttpCallback;
+import com.sismics.docs.model.application.ApplicationContext;
+import com.sismics.docs.resource.AuditLogResource;
+
+import org.json.JSONObject;
+
+/**
+ * Audit log activity.
+ *
+ * @author bgamard.
+ */
+public class AuditLogActivity extends AppCompatActivity {
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        // Check if logged in
+        if (!ApplicationContext.getInstance().isLoggedIn()) {
+            startActivity(new Intent(this, LoginActivity.class));
+            finish();
+            return;
+        }
+
+        // Handle activity context
+        if (getIntent() == null) {
+            finish();
+            return;
+        }
+
+        // Input document ID (optional)
+        final String documentId = getIntent().getStringExtra("documentId");
+
+        // Setup the activity
+        setContentView(R.layout.auditlog_activity);
+        if (getSupportActionBar() != null) {
+            getSupportActionBar().setDisplayHomeAsUpEnabled(true);
+            getSupportActionBar().setHomeButtonEnabled(true);
+        }
+
+        // Configure the swipe refresh layout
+        SwipeRefreshLayout swipeRefreshLayout = (SwipeRefreshLayout) findViewById(R.id.swipeRefreshLayout);
+        swipeRefreshLayout.setColorSchemeResources(android.R.color.holo_blue_bright,
+                android.R.color.holo_green_light,
+                android.R.color.holo_orange_light,
+                android.R.color.holo_red_light);
+        swipeRefreshLayout.setOnRefreshListener(new SwipeRefreshLayout.OnRefreshListener() {
+            @Override
+            public void onRefresh() {
+                refreshView(documentId);
+            }
+        });
+
+        // Navigate to user profile on click
+        final ListView auditLogListView = (ListView) findViewById(R.id.auditLogListView);
+        auditLogListView.setOnItemClickListener(new AdapterView.OnItemClickListener() {
+            @Override
+            public void onItemClick(AdapterView<?> parent, View view, int position, long id) {
+                if (auditLogListView.getAdapter() == null) {
+                    return;
+                }
+                AuditLogListAdapter adapter = (AuditLogListAdapter) auditLogListView.getAdapter();
+                String username = adapter.getItem(position).optString("username");
+                Intent intent = new Intent(AuditLogActivity.this, UserProfileActivity.class);
+                intent.putExtra("username", username);
+                startActivity(intent);
+            }
+        });
+
+        // Get audit log list
+        refreshView(documentId);
+    }
+
+    /**
+     * Refresh the view.
+     */
+    private void refreshView(String documentId) {
+        final SwipeRefreshLayout swipeRefreshLayout = (SwipeRefreshLayout) findViewById(R.id.swipeRefreshLayout);
+        final ProgressBar progressBar = (ProgressBar) findViewById(R.id.progressBar);
+        final ListView auditLogListView = (ListView) findViewById(R.id.auditLogListView);
+        progressBar.setVisibility(View.VISIBLE);
+        auditLogListView.setVisibility(View.GONE);
+        AuditLogResource.list(this, documentId, new HttpCallback() {
+            @Override
+            public void onSuccess(JSONObject response) {
+                auditLogListView.setAdapter(new AuditLogListAdapter(response.optJSONArray("logs")));
+            }
+
+            @Override
+            public void onFinish() {
+                progressBar.setVisibility(View.GONE);
+                auditLogListView.setVisibility(View.VISIBLE);
+                swipeRefreshLayout.setRefreshing(false);
+            }
+        });
+    }
+
+    @Override
+    public boolean onOptionsItemSelected(MenuItem item) {
+        switch (item.getItemId()) {
+            case android.R.id.home:
+                finish();
+                return true;
+        }
+
+        return super.onOptionsItemSelected(item);
+    }
+}
diff --git a/docs-android/app/src/main/java/com/sismics/docs/activity/DocumentViewActivity.java b/docs-android/app/src/main/java/com/sismics/docs/activity/DocumentViewActivity.java
index c5e8d12a..ec38eae4 100644
--- a/docs-android/app/src/main/java/com/sismics/docs/activity/DocumentViewActivity.java
+++ b/docs-android/app/src/main/java/com/sismics/docs/activity/DocumentViewActivity.java
@@ -154,7 +154,7 @@ public class DocumentViewActivity extends AppCompatActivity {
      *
      * @param document Document in JSON format
      */
-    private void refreshDocument(JSONObject document) {
+    private void refreshDocument(final JSONObject document) {
         this.document = document;
 
         String title = document.optString("title");
@@ -249,7 +249,7 @@ public class DocumentViewActivity extends AppCompatActivity {
             @Override
             public void onClick(View view) {
                 DialogFragment dialog = DocExportPdfFragment.newInstance(
-                        DocumentViewActivity.this.document.optString("id"), DocumentViewActivity.this.document.optString("title"));
+                        document.optString("id"), document.optString("title"));
                 dialog.show(getSupportFragmentManager(), "DocExportPdfFragment");
             }
         });
@@ -259,11 +259,22 @@ public class DocumentViewActivity extends AppCompatActivity {
         button.setOnClickListener(new View.OnClickListener() {
             @Override
             public void onClick(View view) {
-                DialogFragment dialog = DocShareFragment.newInstance(DocumentViewActivity.this.document.optString("id"));
+                DialogFragment dialog = DocShareFragment.newInstance(document.optString("id"));
                 dialog.show(getSupportFragmentManager(), "DocShareFragment");
             }
         });
 
+        // Action audit log
+        button = (Button) findViewById(R.id.actionAuditLog);
+        button.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View view) {
+                Intent intent = new Intent(DocumentViewActivity.this, AuditLogActivity.class);
+                intent.putExtra("documentId", document.optString("id"));
+                startActivity(intent);
+            }
+        });
+
         // Button add a comment
         ImageButton imageButton = (ImageButton) findViewById(R.id.addCommentBtn);
         imageButton.setOnClickListener(new View.OnClickListener() {
@@ -300,7 +311,7 @@ public class DocumentViewActivity extends AppCompatActivity {
         // Grab the attached files
         updateFiles();
 
-        // Grab the full document (used for ACLs and writable status)
+        // Grab the full document (used for ACLs, remaining metadata and writable status)
         updateDocument();
     }
 
@@ -630,6 +641,7 @@ public class DocumentViewActivity extends AppCompatActivity {
                     menu.findItem(R.id.delete_file).setVisible(writable);
                 }
 
+                // Action only available if the document is writable
                 findViewById(R.id.actionEditDocument).setVisibility(writable ? View.VISIBLE : View.INVISIBLE);
                 findViewById(R.id.actionUploadFile).setVisibility(writable ? View.VISIBLE : View.INVISIBLE);
                 findViewById(R.id.actionSharing).setVisibility(writable ? View.VISIBLE : View.INVISIBLE);
@@ -637,7 +649,36 @@ public class DocumentViewActivity extends AppCompatActivity {
 
                 // ACLs
                 ListView aclListView = (ListView) findViewById(R.id.aclListView);
-                aclListView.setAdapter(new AclListAdapter(document.optJSONArray("acls")));
+                final AclListAdapter aclListAdapter = new AclListAdapter(document.optJSONArray("acls"));
+                aclListView.setAdapter(aclListAdapter);
+                aclListView.setOnItemClickListener(new AdapterView.OnItemClickListener() {
+                    @Override
+                    public void onItemClick(AdapterView<?> parent, View view, int position, long id) {
+                        AclListAdapter.AclItem acl = aclListAdapter.getItem(position);
+                        if (acl.getType().equals("USER")) {
+                            Intent intent = new Intent(DocumentViewActivity.this, UserProfileActivity.class);
+                            intent.putExtra("username", acl.getName());
+                            startActivity(intent);
+                        } else if (acl.getType().equals("GROUP")) {
+                            Intent intent = new Intent(DocumentViewActivity.this, GroupProfileActivity.class);
+                            intent.putExtra("name", acl.getName());
+                            startActivity(intent);
+                        }
+                    }
+                });
+
+                // Remaining metadata
+                TextView creatorTextView = (TextView) findViewById(R.id.creatorTextView);
+                final String creator = document.optString("creator");
+                creatorTextView.setText(creator);
+                creatorTextView.setOnClickListener(new View.OnClickListener() {
+                    @Override
+                    public void onClick(View v) {
+                        Intent intent = new Intent(DocumentViewActivity.this, UserProfileActivity.class);
+                        intent.putExtra("username", creator);
+                        startActivity(intent);
+                    }
+                });
             }
         });
     }
diff --git a/docs-android/app/src/main/java/com/sismics/docs/activity/GroupProfileActivity.java b/docs-android/app/src/main/java/com/sismics/docs/activity/GroupProfileActivity.java
new file mode 100644
index 00000000..e25b00c5
--- /dev/null
+++ b/docs-android/app/src/main/java/com/sismics/docs/activity/GroupProfileActivity.java
@@ -0,0 +1,92 @@
+package com.sismics.docs.activity;
+
+import android.content.Intent;
+import android.os.Bundle;
+import android.support.v7.app.AppCompatActivity;
+import android.view.MenuItem;
+import android.view.View;
+import android.widget.ProgressBar;
+import android.widget.TextView;
+
+import com.sismics.docs.R;
+import com.sismics.docs.listener.HttpCallback;
+import com.sismics.docs.model.application.ApplicationContext;
+import com.sismics.docs.resource.UserResource;
+
+import org.json.JSONArray;
+import org.json.JSONObject;
+
+/**
+ * Group profile activity.
+ *
+ * @author bgamard.
+ */
+public class GroupProfileActivity extends AppCompatActivity {
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        // Check if logged in
+        if (!ApplicationContext.getInstance().isLoggedIn()) {
+            startActivity(new Intent(this, LoginActivity.class));
+            finish();
+            return;
+        }
+
+        // Handle activity context
+        if (getIntent() == null) {
+            finish();
+            return;
+        }
+
+        // Input name
+        final String name = getIntent().getStringExtra("name");
+        if (name == null) {
+            finish();
+            return;
+        }
+
+        // Setup the activity
+        setTitle(name);
+        setContentView(R.layout.groupprofile_activity);
+        if (getSupportActionBar() != null) {
+            getSupportActionBar().setDisplayHomeAsUpEnabled(true);
+            getSupportActionBar().setHomeButtonEnabled(true);
+        }
+
+        // Get the group and populate the view
+        final ProgressBar progressBar = (ProgressBar) findViewById(R.id.progressBar);
+        final View layoutView = findViewById(R.id.layout);
+        progressBar.setVisibility(View.VISIBLE);
+        layoutView.setVisibility(View.GONE);
+        UserResource.get(this, name, new HttpCallback() {
+            @Override
+            public void onSuccess(JSONObject json) {
+                TextView membersTextView = (TextView) findViewById(R.id.membersTextView);
+                JSONArray members = json.optJSONArray("members");
+                String output = "";
+                for (int i = 0; i < members.length(); i++) {
+                    output += members.optString(i) + "; ";
+                }
+                membersTextView.setText(output);
+            }
+
+            @Override
+            public void onFinish() {
+                progressBar.setVisibility(View.GONE);
+                layoutView.setVisibility(View.VISIBLE);
+            }
+        });
+    }
+
+    @Override
+    public boolean onOptionsItemSelected(MenuItem item) {
+        switch (item.getItemId()) {
+            case android.R.id.home:
+                finish();
+                return true;
+        }
+
+        return super.onOptionsItemSelected(item);
+    }
+}
diff --git a/docs-android/app/src/main/java/com/sismics/docs/activity/LoginActivity.java b/docs-android/app/src/main/java/com/sismics/docs/activity/LoginActivity.java
index 096588bd..26c030b0 100644
--- a/docs-android/app/src/main/java/com/sismics/docs/activity/LoginActivity.java
+++ b/docs-android/app/src/main/java/com/sismics/docs/activity/LoginActivity.java
@@ -30,7 +30,6 @@ import org.json.JSONObject;
  * @author bgamard
  */
 public class LoginActivity extends AppCompatActivity {
-
     /**
      * User interface.
      */
diff --git a/docs-android/app/src/main/java/com/sismics/docs/activity/MainActivity.java b/docs-android/app/src/main/java/com/sismics/docs/activity/MainActivity.java
index 6732e7f3..0c9232cb 100644
--- a/docs-android/app/src/main/java/com/sismics/docs/activity/MainActivity.java
+++ b/docs-android/app/src/main/java/com/sismics/docs/activity/MainActivity.java
@@ -42,7 +42,6 @@ import org.json.JSONObject;
  */
 
 public class MainActivity extends AppCompatActivity {
-    
     private ActionBarDrawerToggle drawerToggle;
     private MenuItem searchItem;
     private DrawerLayout drawerLayout;
@@ -72,7 +71,7 @@ public class MainActivity extends AppCompatActivity {
         // between the sliding drawer and the action bar app icon
         drawerToggle = new ActionBarDrawerToggle(this, drawerLayout,
                 R.string.drawer_open, R.string.drawer_close);
-        drawerLayout.setDrawerListener(drawerToggle);
+        drawerLayout.addDrawerListener(drawerToggle);
 
         // Fill the drawer user info
         JSONObject userInfo = ApplicationContext.getInstance().getUserInfo();
@@ -137,6 +136,15 @@ public class MainActivity extends AppCompatActivity {
             }
         });
 
+        // Click on Latest activity
+        View auditLogLayout = findViewById(R.id.auditLogLayout);
+        auditLogLayout.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                startActivity(new Intent(MainActivity.this, AuditLogActivity.class));
+            }
+        });
+
         handleIntent(getIntent());
 
         EventBus.getDefault().register(this);
diff --git a/docs-android/app/src/main/java/com/sismics/docs/activity/SettingsActivity.java b/docs-android/app/src/main/java/com/sismics/docs/activity/SettingsActivity.java
index 176e8120..54b81de9 100644
--- a/docs-android/app/src/main/java/com/sismics/docs/activity/SettingsActivity.java
+++ b/docs-android/app/src/main/java/com/sismics/docs/activity/SettingsActivity.java
@@ -12,7 +12,6 @@ import com.sismics.docs.fragment.SettingsFragment;
  * @author bgamard.
  */
 public class SettingsActivity extends AppCompatActivity {
-
     @Override
     protected void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
diff --git a/docs-android/app/src/main/java/com/sismics/docs/activity/UserProfileActivity.java b/docs-android/app/src/main/java/com/sismics/docs/activity/UserProfileActivity.java
new file mode 100644
index 00000000..28229365
--- /dev/null
+++ b/docs-android/app/src/main/java/com/sismics/docs/activity/UserProfileActivity.java
@@ -0,0 +1,91 @@
+package com.sismics.docs.activity;
+
+import android.content.Intent;
+import android.os.Bundle;
+import android.support.v7.app.AppCompatActivity;
+import android.view.MenuItem;
+import android.view.View;
+import android.widget.ProgressBar;
+import android.widget.TextView;
+
+import com.sismics.docs.R;
+import com.sismics.docs.listener.HttpCallback;
+import com.sismics.docs.model.application.ApplicationContext;
+import com.sismics.docs.resource.UserResource;
+
+import org.json.JSONObject;
+
+/**
+ * User profile activity.
+ *
+ * @author bgamard.
+ */
+public class UserProfileActivity extends AppCompatActivity {
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        // Check if logged in
+        if (!ApplicationContext.getInstance().isLoggedIn()) {
+            startActivity(new Intent(this, LoginActivity.class));
+            finish();
+            return;
+        }
+
+        // Handle activity context
+        if (getIntent() == null) {
+            finish();
+            return;
+        }
+
+        // Input username
+        final String username = getIntent().getStringExtra("username");
+        if (username == null) {
+            finish();
+            return;
+        }
+
+        // Setup the activity
+        setTitle(username);
+        setContentView(R.layout.userprofile_activity);
+        if (getSupportActionBar() != null) {
+            getSupportActionBar().setDisplayHomeAsUpEnabled(true);
+            getSupportActionBar().setHomeButtonEnabled(true);
+        }
+
+        // Get the user and populate the view
+        final ProgressBar progressBar = (ProgressBar) findViewById(R.id.progressBar);
+        final View layoutView = findViewById(R.id.layout);
+        progressBar.setVisibility(View.VISIBLE);
+        layoutView.setVisibility(View.GONE);
+        UserResource.get(this, username, new HttpCallback() {
+            @Override
+            public void onSuccess(JSONObject json) {
+                TextView emailTextView = (TextView) findViewById(R.id.emailTextView);
+                emailTextView.setText(json.optString("email"));
+
+                TextView quotaTextView = (TextView) findViewById(R.id.quotaTextView);
+                quotaTextView.setText(getString(R.string.storage_display,
+                        Math.round(json.optLong("storage_current") / 1000000),
+                        Math.round(json.optLong("storage_quota") / 1000000)));
+            }
+
+            @Override
+            public void onFinish() {
+                progressBar.setVisibility(View.GONE);
+                layoutView.setVisibility(View.VISIBLE);
+            }
+        });
+    }
+
+    @Override
+    public boolean onOptionsItemSelected(MenuItem item) {
+        switch (item.getItemId()) {
+            case android.R.id.home:
+                finish();
+                return true;
+        }
+
+        return super.onOptionsItemSelected(item);
+    }
+}
diff --git a/docs-android/app/src/main/java/com/sismics/docs/adapter/AclListAdapter.java b/docs-android/app/src/main/java/com/sismics/docs/adapter/AclListAdapter.java
index 3ae874c7..bae59bf0 100644
--- a/docs-android/app/src/main/java/com/sismics/docs/adapter/AclListAdapter.java
+++ b/docs-android/app/src/main/java/com/sismics/docs/adapter/AclListAdapter.java
@@ -98,11 +98,19 @@ public class AclListAdapter extends BaseAdapter {
      * An ACL item in the list.
      * Permissions are grouped together.
      */
-    private static class AclItem {
+    public static class AclItem {
         private String type;
         private String name;
         private List<String> permList = new ArrayList<>();
 
+        public String getType() {
+            return type;
+        }
+
+        public String getName() {
+            return name;
+        }
+
         @Override
         public int hashCode() {
             return (type + name).hashCode();
diff --git a/docs-android/app/src/main/java/com/sismics/docs/adapter/AuditLogListAdapter.java b/docs-android/app/src/main/java/com/sismics/docs/adapter/AuditLogListAdapter.java
new file mode 100644
index 00000000..b77061d6
--- /dev/null
+++ b/docs-android/app/src/main/java/com/sismics/docs/adapter/AuditLogListAdapter.java
@@ -0,0 +1,93 @@
+package com.sismics.docs.adapter;
+
+import android.content.Context;
+import android.content.Intent;
+import android.text.TextUtils;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+import android.widget.BaseAdapter;
+import android.widget.TextView;
+
+import com.sismics.docs.R;
+
+import org.json.JSONArray;
+import org.json.JSONObject;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Audit log list adapter.
+ *
+ * @author bgamard.
+ */
+public class AuditLogListAdapter extends BaseAdapter {
+    /**
+     * Shares.
+     */
+    private List<JSONObject> logList;
+
+    /**
+     * Audit log list adapter.
+     *
+     * @param logs Logs
+     */
+    public AuditLogListAdapter(JSONArray logs) {
+        this.logList = new ArrayList<>();
+
+        for (int i = 0; i < logs.length(); i++) {
+            logList.add(logs.optJSONObject(i));
+        }
+    }
+
+    @Override
+    public int getCount() {
+        return logList.size();
+    }
+
+    @Override
+    public JSONObject getItem(int position) {
+        return logList.get(position);
+    }
+
+    @Override
+    public long getItemId(int position) {
+        return getItem(position).hashCode();
+    }
+
+    @Override
+    public View getView(int position, View view, final ViewGroup parent) {
+        if (view == null) {
+            LayoutInflater vi = (LayoutInflater) parent.getContext().getSystemService(Context.LAYOUT_INFLATER_SERVICE);
+            view = vi.inflate(R.layout.auditlog_list_item, parent, false);
+        }
+
+        // Build message
+        final JSONObject log = getItem(position);
+        StringBuilder message = new StringBuilder(log.optString("class"));
+        switch (log.optString("type")) {
+            case "CREATE": message.append(" created"); break;
+            case "UPDATE": message.append(" updated"); break;
+            case "DELETE": message.append(" deleted"); break;
+        }
+        switch (log.optString("class")) {
+            case "Document":
+            case "Acl":
+            case "Tag":
+            case "User":
+            case "Group":
+                message.append(" : ");
+                message.append(log.optString("message"));
+                break;
+        }
+
+        // Fill the view
+        TextView usernameTextView = (TextView) view.findViewById(R.id.usernameTextView);
+        TextView messageTextView = (TextView) view.findViewById(R.id.messageTextView);
+        usernameTextView.setText(log.optString("username"));
+        messageTextView.setText(message);
+
+        return view;
+    }
+}
diff --git a/docs-android/app/src/main/java/com/sismics/docs/fragment/SearchFragment.java b/docs-android/app/src/main/java/com/sismics/docs/fragment/SearchFragment.java
index d5eeedc5..a1e8cadb 100644
--- a/docs-android/app/src/main/java/com/sismics/docs/fragment/SearchFragment.java
+++ b/docs-android/app/src/main/java/com/sismics/docs/fragment/SearchFragment.java
@@ -55,6 +55,7 @@ public class SearchFragment extends DialogFragment {
         View view = inflater.inflate(R.layout.search_dialog, null);
         final EditText searchEditText = (EditText) view.findViewById(R.id.searchEditText);
         final EditText fulltextEditText = (EditText) view.findViewById(R.id.fulltextEditText);
+        final EditText creatorEditText = (EditText) view.findViewById(R.id.creatorEditText);
         final CheckBox sharedCheckbox = (CheckBox) view.findViewById(R.id.sharedCheckbox);
         final Spinner languageSpinner = (Spinner) view.findViewById(R.id.languageSpinner);
         final DatePickerView beforeDatePicker = (DatePickerView) view.findViewById(R.id.beforeDatePicker);
@@ -89,6 +90,7 @@ public class SearchFragment extends DialogFragment {
                         // Build the simple criterias
                         SearchQueryBuilder queryBuilder = new SearchQueryBuilder()
                                 .simpleSearch(searchEditText.getText().toString())
+                                .creator(creatorEditText.getText().toString())
                                 .shared(sharedCheckbox.isChecked())
                                 .language(((LanguageAdapter.Language) languageSpinner.getSelectedItem()).getId())
                                 .before(beforeDatePicker.getDate())
diff --git a/docs-android/app/src/main/java/com/sismics/docs/resource/AuditLogResource.java b/docs-android/app/src/main/java/com/sismics/docs/resource/AuditLogResource.java
new file mode 100644
index 00000000..bd909200
--- /dev/null
+++ b/docs-android/app/src/main/java/com/sismics/docs/resource/AuditLogResource.java
@@ -0,0 +1,38 @@
+package com.sismics.docs.resource;
+
+import android.content.Context;
+
+import com.sismics.docs.listener.HttpCallback;
+import com.sismics.docs.util.OkHttpUtil;
+
+import okhttp3.HttpUrl;
+import okhttp3.Request;
+
+/**
+ * Access to /auditlog API.
+ * 
+ * @author bgamard
+ */
+public class AuditLogResource extends BaseResource {
+    /**
+     * GET /auditlog.
+     *
+     * @param context Context
+     * @param documentId Document ID
+     * @param callback Callback
+     */
+    public static void list(Context context, String documentId, HttpCallback callback) {
+        HttpUrl.Builder httpUrlBuilder = HttpUrl.parse(getApiUrl(context) + "/auditlog")
+                .newBuilder();
+        if (documentId != null) {
+            httpUrlBuilder.addQueryParameter("document", documentId);
+        }
+        Request request = new Request.Builder()
+                .url(httpUrlBuilder.build())
+                .get()
+                .build();
+        OkHttpUtil.buildClient(context)
+                .newCall(request)
+                .enqueue(HttpCallback.buildOkHttpCallback(callback));
+    }
+}
diff --git a/docs-android/app/src/main/java/com/sismics/docs/resource/UserResource.java b/docs-android/app/src/main/java/com/sismics/docs/resource/UserResource.java
index 3d35564a..79b245a1 100644
--- a/docs-android/app/src/main/java/com/sismics/docs/resource/UserResource.java
+++ b/docs-android/app/src/main/java/com/sismics/docs/resource/UserResource.java
@@ -53,6 +53,23 @@ public class UserResource extends BaseResource {
                 .newCall(request)
                 .enqueue(HttpCallback.buildOkHttpCallback(callback));
     }
+
+    /**
+     * GET /user/username.
+     *
+     * @param context Context
+     * param username Username
+     * @param callback Callback
+     */
+    public static void get(Context context, String username, HttpCallback callback) {
+        Request request = new Request.Builder()
+                .url(HttpUrl.parse(getApiUrl(context) + "/user/" + username))
+                .get()
+                .build();
+        OkHttpUtil.buildClient(context)
+                .newCall(request)
+                .enqueue(HttpCallback.buildOkHttpCallback(callback));
+    }
     
     /**
      * POST /user/logout.
diff --git a/docs-android/app/src/main/java/com/sismics/docs/util/SearchQueryBuilder.java b/docs-android/app/src/main/java/com/sismics/docs/util/SearchQueryBuilder.java
index 54ab1f94..42522174 100644
--- a/docs-android/app/src/main/java/com/sismics/docs/util/SearchQueryBuilder.java
+++ b/docs-android/app/src/main/java/com/sismics/docs/util/SearchQueryBuilder.java
@@ -59,6 +59,21 @@ public class SearchQueryBuilder {
         return this;
     }
 
+    /**
+     * Add a creator criteria.
+     *
+     * @param creator Creator criteria
+     * @return The builder
+     */
+    public SearchQueryBuilder creator(String creator) {
+        if (isValid(creator)) {
+            query.append(SEARCH_SEPARATOR)
+                    .append("by:")
+                    .append(creator);
+        }
+        return this;
+    }
+
     /**
      * Add a language criteria.
      *
diff --git a/docs-android/app/src/main/res/drawable-xhdpi/ic_assignment_grey600_24dp.png b/docs-android/app/src/main/res/drawable-xhdpi/ic_assignment_grey600_24dp.png
new file mode 100644
index 00000000..1d59bcf2
Binary files /dev/null and b/docs-android/app/src/main/res/drawable-xhdpi/ic_assignment_grey600_24dp.png differ
diff --git a/docs-android/app/src/main/res/drawable-xhdpi/ic_assignment_grey600_48dp.png b/docs-android/app/src/main/res/drawable-xhdpi/ic_assignment_grey600_48dp.png
new file mode 100644
index 00000000..9a050c74
Binary files /dev/null and b/docs-android/app/src/main/res/drawable-xhdpi/ic_assignment_grey600_48dp.png differ
diff --git a/docs-android/app/src/main/res/drawable-xhdpi/ic_comment_black_24dp.png b/docs-android/app/src/main/res/drawable-xhdpi/ic_comment_black_24dp.png
deleted file mode 100644
index 412de9b0..00000000
Binary files a/docs-android/app/src/main/res/drawable-xhdpi/ic_comment_black_24dp.png and /dev/null differ
diff --git a/docs-android/app/src/main/res/drawable-xhdpi/ic_comment_grey600_24dp.png b/docs-android/app/src/main/res/drawable-xhdpi/ic_comment_grey600_24dp.png
new file mode 100644
index 00000000..a8ba0fdc
Binary files /dev/null and b/docs-android/app/src/main/res/drawable-xhdpi/ic_comment_grey600_24dp.png differ
diff --git a/docs-android/app/src/main/res/drawable-xxhdpi/ic_assignment_grey600_24dp.png b/docs-android/app/src/main/res/drawable-xxhdpi/ic_assignment_grey600_24dp.png
new file mode 100644
index 00000000..96caad84
Binary files /dev/null and b/docs-android/app/src/main/res/drawable-xxhdpi/ic_assignment_grey600_24dp.png differ
diff --git a/docs-android/app/src/main/res/drawable-xxhdpi/ic_assignment_grey600_48dp.png b/docs-android/app/src/main/res/drawable-xxhdpi/ic_assignment_grey600_48dp.png
new file mode 100644
index 00000000..0bd4b924
Binary files /dev/null and b/docs-android/app/src/main/res/drawable-xxhdpi/ic_assignment_grey600_48dp.png differ
diff --git a/docs-android/app/src/main/res/drawable-xxhdpi/ic_comment_black_24dp.png b/docs-android/app/src/main/res/drawable-xxhdpi/ic_comment_black_24dp.png
deleted file mode 100644
index 382ee7a1..00000000
Binary files a/docs-android/app/src/main/res/drawable-xxhdpi/ic_comment_black_24dp.png and /dev/null differ
diff --git a/docs-android/app/src/main/res/drawable-xxhdpi/ic_comment_grey600_24dp.png b/docs-android/app/src/main/res/drawable-xxhdpi/ic_comment_grey600_24dp.png
new file mode 100644
index 00000000..5af80651
Binary files /dev/null and b/docs-android/app/src/main/res/drawable-xxhdpi/ic_comment_grey600_24dp.png differ
diff --git a/docs-android/app/src/main/res/layout/auditlog_activity.xml b/docs-android/app/src/main/res/layout/auditlog_activity.xml
new file mode 100644
index 00000000..77680ad6
--- /dev/null
+++ b/docs-android/app/src/main/res/layout/auditlog_activity.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent">
+
+    <android.support.v4.widget.SwipeRefreshLayout
+        android:id="@+id/swipeRefreshLayout"
+        android:layout_width="match_parent"
+        android:layout_height="match_parent">
+
+        <ListView
+            android:id="@+id/auditLogListView"
+            android:layout_width="match_parent"
+            android:layout_height="match_parent"
+            android:choiceMode="singleChoice"
+            android:dividerHeight="0dp"
+            android:visibility="gone">
+        </ListView>
+    </android.support.v4.widget.SwipeRefreshLayout>
+
+    <ProgressBar
+        android:id="@+id/progressBar"
+        style="?android:attr/progressBarStyleLarge"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:visibility="visible"
+        android:layout_centerInParent="true"
+        android:indeterminate="true" />
+
+</RelativeLayout>
\ No newline at end of file
diff --git a/docs-android/app/src/main/res/layout/auditlog_list_item.xml b/docs-android/app/src/main/res/layout/auditlog_list_item.xml
new file mode 100644
index 00000000..242401cd
--- /dev/null
+++ b/docs-android/app/src/main/res/layout/auditlog_list_item.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RelativeLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    android:layout_width="match_parent"
+    android:layout_height="wrap_content"
+    android:padding="12dp"
+    android:background="?android:attr/selectableItemBackground">
+
+    <ImageView
+        android:id="@+id/assignImageView"
+        android:layout_centerVertical="true"
+        android:layout_alignParentStart="true"
+        android:layout_alignParentLeft="true"
+        android:layout_marginRight="12dp"
+        android:layout_marginEnd="12dp"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:src="@drawable/ic_assignment_grey600_48dp"/>
+
+    <TextView
+        android:id="@+id/usernameTextView"
+        android:layout_alignParentTop="true"
+        android:layout_toRightOf="@+id/assignImageView"
+        android:layout_toEndOf="@+id/assignImageView"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:fontFamily="sans-serif-light"
+        android:textColor="#212121"
+        android:text="admin"
+        android:textSize="16sp"
+        android:ellipsize="end"
+        android:maxLines="1"/>
+
+    <TextView
+        android:id="@+id/messageTextView"
+        android:layout_below="@+id/usernameTextView"
+        android:layout_toRightOf="@+id/assignImageView"
+        android:layout_toEndOf="@+id/assignImageView"
+        android:layout_marginTop="4dp"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:fontFamily="sans-serif-light"
+        android:textColor="#777777"
+        android:text="Document created : test doc 1"
+        android:textSize="16sp"
+        android:maxLines="1"
+        android:ellipsize="end"/>
+
+    <TextView
+        android:id="@+id/dateTextView"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:text="2014-12-02"
+        android:layout_alignParentEnd="true"
+        android:layout_alignParentRight="true"
+        android:layout_alignParentTop="true"
+        android:textColor="#777777"
+        android:fontFamily="sans-serif-light"/>
+
+</RelativeLayout>
\ No newline at end of file
diff --git a/docs-android/app/src/main/res/layout/doc_list_fragment.xml b/docs-android/app/src/main/res/layout/doc_list_fragment.xml
index 3d781fde..ff83398e 100644
--- a/docs-android/app/src/main/res/layout/doc_list_fragment.xml
+++ b/docs-android/app/src/main/res/layout/doc_list_fragment.xml
@@ -37,7 +37,7 @@
         android:textSize="16sp"
         android:layout_centerInParent="true"/>
 
-    <com.shamanland.fab.FloatingActionButton
+    <android.support.design.widget.FloatingActionButton
         android:id="@+id/addDocumentButton"
         android:layout_width="wrap_content"
         android:layout_height="wrap_content"
@@ -48,6 +48,6 @@
         android:layout_marginEnd="16dp"
         android:layout_marginBottom="20dp"
         android:src="@drawable/ic_add_white_24dp"
-        app:floatingActionButtonColor="#263238"/>
+        app:fabSize="normal"/>
 
 </RelativeLayout>
\ No newline at end of file
diff --git a/docs-android/app/src/main/res/layout/doc_list_item.xml b/docs-android/app/src/main/res/layout/doc_list_item.xml
index 43b56de0..0aae61da 100644
--- a/docs-android/app/src/main/res/layout/doc_list_item.xml
+++ b/docs-android/app/src/main/res/layout/doc_list_item.xml
@@ -13,6 +13,7 @@
         android:layout_alignParentStart="true"
         android:layout_alignParentLeft="true"
         android:layout_marginRight="12dp"
+        android:layout_marginEnd="12dp"
         android:id="@+id/folderImageView"
         android:layout_width="wrap_content"
         android:layout_height="wrap_content"
@@ -22,7 +23,9 @@
         android:id="@+id/titleTextView"
         android:layout_alignParentTop="true"
         android:layout_toRightOf="@+id/folderImageView"
+        android:layout_toEndOf="@+id/folderImageView"
         android:layout_toLeftOf="@+id/dateTextView"
+        android:layout_toStartOf="@+id/dateTextView"
         android:layout_width="wrap_content"
         android:layout_height="wrap_content"
         android:fontFamily="sans-serif-light"
diff --git a/docs-android/app/src/main/res/layout/document_view_activity.xml b/docs-android/app/src/main/res/layout/document_view_activity.xml
index e13fd81b..13c3e0f3 100644
--- a/docs-android/app/src/main/res/layout/document_view_activity.xml
+++ b/docs-android/app/src/main/res/layout/document_view_activity.xml
@@ -52,14 +52,14 @@
         <!-- Comments -->
 
         <TextView
-            android:drawableStart="@drawable/ic_comment_black_24dp"
-            android:drawableLeft="@drawable/ic_comment_black_24dp"
+            android:drawableStart="@drawable/ic_comment_grey600_24dp"
+            android:drawableLeft="@drawable/ic_comment_grey600_24dp"
             android:drawablePadding="6dp"
             android:layout_width="wrap_content"
             android:layout_height="wrap_content"
             android:textSize="16sp"
             android:gravity="center"
-            android:textColor="@color/primary_text_default_material_light"
+            android:textColor="#de000000"
             android:text="@string/comments"
             android:layout_margin="12dp"/>
 
@@ -173,7 +173,7 @@
                     android:drawableTop="@drawable/ic_create_grey600_24dp"
                     style="?android:buttonBarButtonStyle"
                     android:text="@string/edit_document"
-                    android:textColor="@color/button_material_dark"
+                    android:textColor="#ff5a595b"
                     android:textAllCaps="false"
                     android:layout_margin="8dp"/>
 
@@ -184,7 +184,7 @@
                     android:drawableTop="@drawable/ic_file_upload_grey600_24dp"
                     style="?android:buttonBarButtonStyle"
                     android:text="@string/upload_file"
-                    android:textColor="@color/button_material_dark"
+                    android:textColor="#ff5a595b"
                     android:textAllCaps="false"
                     android:layout_margin="8dp"/>
 
@@ -195,7 +195,7 @@
                     android:drawableTop="@drawable/ic_file_download_grey600_24dp"
                     style="?android:buttonBarButtonStyle"
                     android:text="@string/download_document"
-                    android:textColor="@color/button_material_dark"
+                    android:textColor="#ff5a595b"
                     android:textAllCaps="false"
                     android:layout_margin="8dp"/>
 
@@ -214,9 +214,9 @@
                     android:drawableTop="@drawable/ic_description_grey600_24dp"
                     style="?android:buttonBarButtonStyle"
                     android:text="@string/export_pdf"
-                    android:textColor="@color/button_material_dark"
+                    android:textColor="#ff5a595b"
                     android:textAllCaps="false"
-                    android:layout_margin="8dp"/>
+                    android:layout_margin="0dp"/>
 
                 <Button
                     android:id="@+id/actionSharing"
@@ -225,9 +225,20 @@
                     android:drawableTop="@drawable/ic_share_grey600_24dp"
                     style="?android:buttonBarButtonStyle"
                     android:text="@string/share"
-                    android:textColor="@color/button_material_dark"
+                    android:textColor="#ff5a595b"
                     android:textAllCaps="false"
-                    android:layout_margin="8dp"/>
+                    android:layout_margin="0dp"/>
+
+                <Button
+                    android:id="@+id/actionAuditLog"
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:drawableTop="@drawable/ic_assignment_grey600_24dp"
+                    style="?android:buttonBarButtonStyle"
+                    android:text="@string/activity"
+                    android:textColor="#ff5a595b"
+                    android:textAllCaps="false"
+                    android:layout_margin="0dp"/>
 
                 <Button
                     android:id="@+id/actionDelete"
@@ -236,9 +247,9 @@
                     android:drawableTop="@drawable/ic_delete_grey600_24dp"
                     style="?android:buttonBarButtonStyle"
                     android:text="@string/delete_document"
-                    android:textColor="@color/button_material_dark"
+                    android:textColor="#ff5a595b"
                     android:textAllCaps="false"
-                    android:layout_margin="8dp"/>
+                    android:layout_margin="0dp"/>
 
             </LinearLayout>
 
@@ -280,12 +291,33 @@
                 android:layout_alignParentTop="true"
                 android:fontFamily="sans-serif-light"/>
 
+            <TextView
+                android:id="@+id/creatorLabel"
+                android:layout_width="100dp"
+                android:layout_height="24dp"
+                android:gravity="center_vertical"
+                android:layout_below="@+id/createdDateLabel"
+                android:layout_marginRight="8dp"
+                android:layout_marginEnd="8dp"
+                android:fontFamily="sans-serif"
+                android:text="@string/creator"/>
+
+            <TextView
+                android:id="@+id/creatorTextView"
+                android:layout_toRightOf="@id/creatorLabel"
+                android:layout_toEndOf="@id/creatorLabel"
+                android:layout_width="wrap_content"
+                android:layout_height="24dp"
+                android:gravity="center_vertical"
+                android:layout_below="@+id/createdDateTextView"
+                android:fontFamily="sans-serif-light"/>
+
             <TextView
                 android:id="@+id/tagTextView"
                 android:layout_marginTop="8dp"
                 android:layout_width="match_parent"
                 android:layout_height="wrap_content"
-                android:layout_below="@id/createdDateLabel"
+                android:layout_below="@id/creatorLabel"
                 android:layout_marginRight="8dp"
                 android:layout_marginEnd="8dp"
                 android:maxLines="1"
@@ -333,7 +365,7 @@
             android:layout_width="wrap_content"
             android:layout_height="wrap_content"
             android:textSize="16sp"
-            android:textColor="@color/primary_text_default_material_light"
+            android:textColor="#de000000"
             android:text="@string/who_can_access"
             android:layout_margin="12dp"/>
 
diff --git a/docs-android/app/src/main/res/layout/groupprofile_activity.xml b/docs-android/app/src/main/res/layout/groupprofile_activity.xml
new file mode 100644
index 00000000..3a2cd126
--- /dev/null
+++ b/docs-android/app/src/main/res/layout/groupprofile_activity.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:padding="16dp">
+
+    <LinearLayout
+        android:id="@+id/layout"
+        android:visibility="gone"
+        android:layout_width="match_parent"
+        android:layout_height="match_parent"
+        android:orientation="vertical">
+
+        <TextView
+            android:id="@+id/membersTextView"
+            android:layout_width="match_parent"
+            android:layout_height="match_parent" />
+
+    </LinearLayout>
+
+    <ProgressBar
+        android:id="@+id/progressBar"
+        style="?android:attr/progressBarStyleLarge"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:visibility="visible"
+        android:layout_centerInParent="true"
+        android:indeterminate="true" />
+
+</RelativeLayout>
\ No newline at end of file
diff --git a/docs-android/app/src/main/res/layout/main_activity.xml b/docs-android/app/src/main/res/layout/main_activity.xml
index 2d2f2004..cc9d2fdc 100644
--- a/docs-android/app/src/main/res/layout/main_activity.xml
+++ b/docs-android/app/src/main/res/layout/main_activity.xml
@@ -117,6 +117,40 @@
 
         </RelativeLayout>
 
+        <!-- Audit log -->
+
+        <RelativeLayout
+            android:id="@+id/auditLogLayout"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:padding="12dp"
+            android:clickable="true"
+            android:background="?android:attr/selectableItemBackground">
+
+            <ImageView
+                android:id="@+id/auditLogImageView"
+                android:layout_centerVertical="true"
+                android:layout_alignParentStart="true"
+                android:layout_alignParentLeft="true"
+                android:layout_marginRight="12dp"
+                android:layout_marginEnd="12dp"
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:src="@drawable/ic_assignment_grey600_24dp"/>
+
+            <TextView
+                android:layout_centerVertical="true"
+                android:layout_toRightOf="@+id/auditLogImageView"
+                android:layout_toEndOf="@+id/auditLogImageView"
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:fontFamily="sans-serif"
+                android:textColor="#212121"
+                android:text="@string/latest_activity"
+                android:textSize="14sp"/>
+
+        </RelativeLayout>
+
         <!-- Separator -->
 
         <View
diff --git a/docs-android/app/src/main/res/layout/search_dialog.xml b/docs-android/app/src/main/res/layout/search_dialog.xml
index 52d76d8c..69a29e1a 100644
--- a/docs-android/app/src/main/res/layout/search_dialog.xml
+++ b/docs-android/app/src/main/res/layout/search_dialog.xml
@@ -27,6 +27,15 @@
             android:textSize="18sp"
             android:hint="@string/fulltext_search"/>
 
+        <!-- Creator -->
+        <EditText
+            android:id="@+id/creatorEditText"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_margin="8dp"
+            android:textSize="18sp"
+            android:hint="@string/creator"/>
+
         <!-- Language -->
         <Spinner
             android:id="@+id/languageSpinner"
diff --git a/docs-android/app/src/main/res/layout/userprofile_activity.xml b/docs-android/app/src/main/res/layout/userprofile_activity.xml
new file mode 100644
index 00000000..b6af5748
--- /dev/null
+++ b/docs-android/app/src/main/res/layout/userprofile_activity.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="utf-8"?>
+<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent"
+    android:padding="16dp">
+
+    <LinearLayout
+        android:id="@+id/layout"
+        android:visibility="gone"
+        android:layout_width="match_parent"
+        android:layout_height="match_parent"
+        android:orientation="vertical">
+
+        <LinearLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:orientation="horizontal">
+
+            <TextView
+                android:layout_width="120dp"
+                android:layout_height="wrap_content"
+                android:textStyle="bold"
+                android:gravity="end"
+                android:textSize="16sp"
+                android:text="@string/email"/>
+
+            <TextView
+                android:id="@+id/emailTextView"
+                android:layout_marginLeft="12dp"
+                android:layout_marginStart="12dp"
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:ellipsize="end"
+                android:maxLines="1"
+                android:textSize="16sp"
+                android:text="user1@sismicsdocs.com"/>
+
+        </LinearLayout>
+
+        <LinearLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:orientation="horizontal">
+
+            <TextView
+                android:layout_width="120dp"
+                android:layout_height="wrap_content"
+                android:textStyle="bold"
+                android:gravity="end"
+                android:textSize="16sp"
+                android:text="@string/storage_quota"/>
+
+            <TextView
+                android:id="@+id/quotaTextView"
+                android:layout_marginLeft="12dp"
+                android:layout_marginStart="12dp"
+                android:layout_width="wrap_content"
+                android:layout_height="wrap_content"
+                android:ellipsize="end"
+                android:maxLines="1"
+                android:textSize="16sp"
+                android:text="35/500 MB"/>
+
+        </LinearLayout>
+
+    </LinearLayout>
+
+    <ProgressBar
+        android:id="@+id/progressBar"
+        style="?android:attr/progressBarStyleLarge"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:visibility="visible"
+        android:layout_centerInParent="true"
+        android:indeterminate="true" />
+
+</RelativeLayout>
\ No newline at end of file
diff --git a/docs-android/app/src/main/res/values/strings.xml b/docs-android/app/src/main/res/values/strings.xml
index c65eeaec..e1270599 100644
--- a/docs-android/app/src/main/res/values/strings.xml
+++ b/docs-android/app/src/main/res/values/strings.xml
@@ -99,6 +99,7 @@
     <string name="title">Title</string>
     <string name="simple_search">Simple search</string>
     <string name="fulltext_search">Fulltext search</string>
+    <string name="creator">Creator</string>
     <string name="after_date">After date</string>
     <string name="before_date">Before date</string>
     <string name="search_tags">Search tags</string>
@@ -115,7 +116,7 @@
     <string name="comment_delete">Delete comment</string>
     <string name="deleting_comment">Deleting comment</string>
     <string name="error_deleting_comment">Error deleting comment</string>
-    <string name="export_pdf">Export PDF</string>
+    <string name="export_pdf">PDF</string>
     <string name="download">Download</string>
     <string name="margin">Margin</string>
     <string name="fit_image_to_page">Fit image to page</string>
@@ -125,5 +126,10 @@
     <string name="download_file_title">Sismics Docs file export</string>
     <string name="download_document_title">Sismics Docs document export</string>
     <string name="download_pdf_title">Sismics Docs PDF export</string>
+    <string name="latest_activity">Latest activity</string>
+    <string name="activity">Activity</string>
+    <string name="email">E-mail</string>
+    <string name="storage_quota">Storage quota</string>
+    <string name="storage_display">%1$d/%2$d MB</string>
 
 </resources>
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AclDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AclDao.java
index af6f726c..96989163 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AclDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AclDao.java
@@ -68,10 +68,12 @@ public class AclDao {
     @SuppressWarnings("unchecked")
     public List<AclDto> getBySourceId(String sourceId) {
         EntityManager em = ThreadLocalContext.get().getEntityManager();
-        StringBuilder sb = new StringBuilder("select a.ACL_ID_C, a.ACL_PERM_C, a.ACL_TARGETID_C, u.USE_USERNAME_C, s.SHA_NAME_C");
+        StringBuilder sb = new StringBuilder("select a.ACL_ID_C, a.ACL_PERM_C, a.ACL_TARGETID_C, ");
+        sb.append(" u.USE_USERNAME_C, s.SHA_ID_C, s.SHA_NAME_C, g.GRP_NAME_C ");
         sb.append(" from T_ACL a ");
         sb.append(" left join T_USER u on u.USE_ID_C = a.ACL_TARGETID_C ");
         sb.append(" left join T_SHARE s on s.SHA_ID_C = a.ACL_TARGETID_C ");
+        sb.append(" left join T_GROUP g on g.GRP_ID_C = a.ACL_TARGETID_C ");
         sb.append(" where a.ACL_DELETEDATE_D is null and a.ACL_SOURCEID_C = :sourceId ");
         
         // Perform the query
@@ -88,10 +90,21 @@ public class AclDao {
             aclDto.setPerm(PermType.valueOf((String) o[i++]));
             aclDto.setTargetId((String) o[i++]);
             String userName = (String) o[i++];
+            String shareId = (String) o[i++];
             String shareName = (String) o[i++];
-            aclDto.setTargetName(userName == null ? shareName : userName);
-            aclDto.setTargetType(userName == null ?
-                    AclTargetType.SHARE.name() : AclTargetType.USER.name());
+            String groupName = (String) o[i++];
+            if (userName != null) {
+                aclDto.setTargetName(userName);
+                aclDto.setTargetType(AclTargetType.USER.name());
+            }
+            if (shareId != null) { // Use ID because share name is nullable
+                aclDto.setTargetName(shareName);
+                aclDto.setTargetType(AclTargetType.SHARE.name());
+            }
+            if (groupName != null) {
+                aclDto.setTargetName(groupName);
+                aclDto.setTargetType(AclTargetType.GROUP.name());
+            }
             aclDtoList.add(aclDto);
         }
         return aclDtoList;
@@ -105,12 +118,12 @@ public class AclDao {
      * @param targetId ACL target entity ID
      * @return True if the document is accessible
      */
-    public boolean checkPermission(String sourceId, PermType perm, String targetId) {
+    public boolean checkPermission(String sourceId, PermType perm, List<String> targetIdList) {
         EntityManager em = ThreadLocalContext.get().getEntityManager();
-        Query q = em.createQuery("select a from Acl a where a.sourceId = :sourceId and a.perm = :perm and a.targetId = :targetId and a.deleteDate is null");
+        Query q = em.createQuery("select a from Acl a where a.sourceId = :sourceId and a.perm = :perm and a.targetId in (:targetIdList) and a.deleteDate is null");
         q.setParameter("sourceId", sourceId);
         q.setParameter("perm", perm);
-        q.setParameter("targetId", targetId);
+        q.setParameter("targetIdList", targetIdList);
         
         // We have a matching permission
         if (q.getResultList().size() > 0) {
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AuditLogDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AuditLogDao.java
index 68609859..d72a8beb 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AuditLogDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/AuditLogDao.java
@@ -54,9 +54,8 @@ public class AuditLogDao {
      * @param criteria Search criteria
      * @param sortCriteria Sort criteria
      * @return List of audit logs
-     * @throws Exception 
      */
-    public void findByCriteria(PaginatedList<AuditLogDto> paginatedList, AuditLogCriteria criteria, SortCriteria sortCriteria) throws Exception {
+    public void findByCriteria(PaginatedList<AuditLogDto> paginatedList, AuditLogCriteria criteria, SortCriteria sortCriteria) {
         Map<String, Object> parameterMap = new HashMap<String, Object>();
         
         StringBuilder baseQuery = new StringBuilder("select l.LOG_ID_C c0, l.LOG_CREATEDATE_D c1, u.USE_USERNAME_C c2, l.LOG_IDENTITY_C c3, l.LOG_CLASSENTITY_C c4, l.LOG_TYPE_C c5, l.LOG_MESSAGE_C c6 from T_AUDIT_LOG l ");
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java
index 2538b2e9..95c9b579 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/DocumentDao.java
@@ -57,7 +57,7 @@ public class DocumentDao {
     }
     
     /**
-     * Returns the list of all documents.
+     * Returns the list of all active documents.
      * 
      * @return List of documents
      */
@@ -69,7 +69,7 @@ public class DocumentDao {
     }
     
     /**
-     * Returns the list of all documents from a user.
+     * Returns the list of all active documents from a user.
      * 
      * @param userId User ID
      * @return List of documents
@@ -83,21 +83,29 @@ public class DocumentDao {
     }
     
     /**
-     * Returns an active document.
+     * Returns an active document with permission checking.
      * 
      * @param id Document ID
+     * @param perm Permission needed
+     * @param userId User ID
      * @return Document
      */
-    public DocumentDto getDocument(String id) {
+    public DocumentDto getDocument(String id, PermType perm, List<String> targetIdList) {
         EntityManager em = ThreadLocalContext.get().getEntityManager();
-        StringBuilder sb = new StringBuilder("select d.DOC_ID_C, d.DOC_TITLE_C, d.DOC_DESCRIPTION_C, d.DOC_SUBJECT_C, d.DOC_IDENTIFIER_C, d.DOC_PUBLISHER_C, d.DOC_FORMAT_C, d.DOC_SOURCE_C, d.DOC_TYPE_C, d.DOC_COVERAGE_C, d.DOC_RIGHTS_C, d.DOC_CREATEDATE_D, d.DOC_LANGUAGE_C, ");
+        StringBuilder sb = new StringBuilder("select distinct d.DOC_ID_C, d.DOC_TITLE_C, d.DOC_DESCRIPTION_C, d.DOC_SUBJECT_C, d.DOC_IDENTIFIER_C, d.DOC_PUBLISHER_C, d.DOC_FORMAT_C, d.DOC_SOURCE_C, d.DOC_TYPE_C, d.DOC_COVERAGE_C, d.DOC_RIGHTS_C, d.DOC_CREATEDATE_D, d.DOC_LANGUAGE_C, ");
         sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null), ");
         sb.append(" (select count(f.FIL_ID_C) from T_FILE f where f.FIL_DELETEDATE_D is null and f.FIL_IDDOC_C = d.DOC_ID_C), ");
         sb.append(" u.USE_USERNAME_C ");
-        sb.append(" from T_DOCUMENT d, T_USER u ");
-        sb.append(" where d.DOC_IDUSER_C = u.USE_ID_C and d.DOC_ID_C = :id and d.DOC_DELETEDATE_D is null ");
+        sb.append(" from T_DOCUMENT d ");
+        sb.append(" join T_USER u on d.DOC_IDUSER_C = u.USE_ID_C ");
+        sb.append(" left join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C in (:targetIdList) and a.ACL_PERM_C = :perm and a.ACL_DELETEDATE_D is null ");
+        sb.append(" where d.DOC_ID_C = :id and a.ACL_ID_C is not null and d.DOC_DELETEDATE_D is null ");
+       
         Query q = em.createNativeQuery(sb.toString());
         q.setParameter("id", id);
+        q.setParameter("perm", perm.name());
+        q.setParameter("targetIdList", targetIdList);
+        
         Object[] o = null;
         try {
             o = (Object[]) q.getSingleResult();
@@ -126,30 +134,6 @@ public class DocumentDao {
         return documentDto;
     }
     
-    /**
-     * Returns an active document.
-     * 
-     * @param id Document ID
-     * @param perm Permission needed
-     * @param userId User ID
-     * @return Document
-     */
-    public Document getDocument(String id, PermType perm, String userId) {
-        EntityManager em = ThreadLocalContext.get().getEntityManager();
-        StringBuilder sb = new StringBuilder("select d.* from T_DOCUMENT d ");
-        sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C = :userId and a.ACL_PERM_C = :perm and a.ACL_DELETEDATE_D is null ");
-        sb.append(" where d.DOC_ID_C = :id and d.DOC_DELETEDATE_D is null");
-        Query q = em.createNativeQuery(sb.toString(), Document.class);
-        q.setParameter("id", id);
-        q.setParameter("perm", perm.name());
-        q.setParameter("userId", userId);
-        try {
-            return (Document) q.getSingleResult();
-        } catch (NoResultException e) {
-            return null;
-        }
-    }
-    
     /**
      * Deletes a document.
      * 
@@ -184,20 +168,27 @@ public class DocumentDao {
         q.setParameter("dateNow", dateNow);
         q.executeUpdate();
         
+        q = em.createQuery("update Relation r set r.deleteDate = :dateNow where (r.fromDocumentId = :documentId or r.toDocumentId = :documentId) and r.deleteDate is not null");
+        q.setParameter("documentId", id);
+        q.setParameter("dateNow", dateNow);
+        q.executeUpdate();
+        
         // Create audit log
         AuditLogUtil.create(documentDb, AuditLogType.DELETE, userId);
     }
     
     /**
-     * Gets a document by its ID.
+     * Gets an active document by its ID.
      * 
      * @param id Document ID
      * @return Document
      */
     public Document getById(String id) {
         EntityManager em = ThreadLocalContext.get().getEntityManager();
+        Query q = em.createQuery("select d from Document d where d.id = :id and d.deleteDate is null");
+        q.setParameter("id", id);
         try {
-            return em.find(Document.class, id);
+            return (Document) q.getSingleResult();
         } catch (NoResultException e) {
             return null;
         }
@@ -216,16 +207,16 @@ public class DocumentDao {
         Map<String, Object> parameterMap = new HashMap<String, Object>();
         List<String> criteriaList = new ArrayList<String>();
         
-        StringBuilder sb = new StringBuilder("select d.DOC_ID_C c0, d.DOC_TITLE_C c1, d.DOC_DESCRIPTION_C c2, d.DOC_CREATEDATE_D c3, d.DOC_LANGUAGE_C c4, ");
+        StringBuilder sb = new StringBuilder("select distinct d.DOC_ID_C c0, d.DOC_TITLE_C c1, d.DOC_DESCRIPTION_C c2, d.DOC_CREATEDATE_D c3, d.DOC_LANGUAGE_C c4, ");
         sb.append(" (select count(s.SHA_ID_C) from T_SHARE s, T_ACL ac where ac.ACL_SOURCEID_C = d.DOC_ID_C and ac.ACL_TARGETID_C = s.SHA_ID_C and ac.ACL_DELETEDATE_D is null and s.SHA_DELETEDATE_D is null) c5, ");
         sb.append(" (select count(f.FIL_ID_C) from T_FILE f where f.FIL_DELETEDATE_D is null and f.FIL_IDDOC_C = d.DOC_ID_C) c6 ");
         sb.append(" from T_DOCUMENT d ");
         
         // Adds search criteria
-        if (criteria.getUserId() != null) {
+        if (criteria.getTargetIdList() != null) {
             // Read permission is enough for searching
-            sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C = :userId and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
-            parameterMap.put("userId", criteria.getUserId());
+            sb.append(" join T_ACL a on a.ACL_SOURCEID_C = d.DOC_ID_C and a.ACL_TARGETID_C in (:targetIdList) and a.ACL_PERM_C = 'READ' and a.ACL_DELETEDATE_D is null ");
+            parameterMap.put("targetIdList", criteria.getTargetIdList());
         }
         if (!Strings.isNullOrEmpty(criteria.getSearch()) || !Strings.isNullOrEmpty(criteria.getFullSearch())) {
             LuceneDao luceneDao = new LuceneDao();
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/GroupDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/GroupDao.java
new file mode 100644
index 00000000..a4f6735b
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/GroupDao.java
@@ -0,0 +1,283 @@
+package com.sismics.docs.core.dao.jpa;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
+import javax.persistence.Query;
+
+import com.google.common.base.Joiner;
+import com.sismics.docs.core.constant.AuditLogType;
+import com.sismics.docs.core.dao.jpa.criteria.GroupCriteria;
+import com.sismics.docs.core.dao.jpa.dto.GroupDto;
+import com.sismics.docs.core.model.jpa.Group;
+import com.sismics.docs.core.model.jpa.UserGroup;
+import com.sismics.docs.core.util.AuditLogUtil;
+import com.sismics.docs.core.util.jpa.QueryParam;
+import com.sismics.docs.core.util.jpa.QueryUtil;
+import com.sismics.docs.core.util.jpa.SortCriteria;
+import com.sismics.util.context.ThreadLocalContext;
+
+/**
+ * Group DAO.
+ * 
+ * @author bgamard
+ */
+public class GroupDao {
+    /**
+     * Returns a group by name.
+     * 
+     * @param name Name
+     * @return Group
+     */
+    public Group getActiveByName(String name) {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        Query q = em.createQuery("select g from Group g where g.name = :name and g.deleteDate is null");
+        q.setParameter("name", name);
+        try {
+            return (Group) q.getSingleResult();
+        } catch (NoResultException e) {
+            return null;
+        }
+    }
+    
+    /**
+     * Returns a group by ID.
+     * 
+     * @param id Group ID
+     * @return Group
+     */
+    public Group getActiveById(String id) {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        Query q = em.createQuery("select g from Group g where g.id = :id and g.deleteDate is null");
+        q.setParameter("id", id);
+        try {
+            return (Group) q.getSingleResult();
+        } catch (NoResultException e) {
+            return null;
+        }
+    }
+    
+    /**
+     * Creates a new group.
+     * 
+     * @param group Group
+     * @param userId User ID
+     * @return New ID
+     * @throws Exception
+     */
+    public String create(Group group, String userId) {
+        // Create the UUID
+        group.setId(UUID.randomUUID().toString());
+        
+        // Create the group
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        em.persist(group);
+        
+        // Create audit log
+        AuditLogUtil.create(group, AuditLogType.CREATE, userId);
+        
+        return group.getId();
+    }
+    
+    /**
+     * Deletes a group.
+     * 
+     * @param groupId Group ID
+     * @param userId User ID
+     */
+    public void delete(String groupId, String userId) {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+            
+        // Get the group
+        Query q = em.createQuery("select g from Group g where g.id = :id and g.deleteDate is null");
+        q.setParameter("id", groupId);
+        Group groupDb = (Group) q.getSingleResult();
+        
+        // Delete the group
+        Date dateNow = new Date();
+        groupDb.setDeleteDate(dateNow);
+        
+        // Delete linked data
+        q = em.createQuery("update UserGroup ug set ug.deleteDate = :dateNow where ug.groupId = :groupId and ug.deleteDate is not null");
+        q.setParameter("dateNow", dateNow);
+        q.setParameter("groupId", groupId);
+        q.executeUpdate();
+        
+        q = em.createQuery("update Acl a set a.deleteDate = :dateNow where a.targetId = :groupId and a.deleteDate is null");
+        q.setParameter("groupId", groupDb.getId());
+        q.setParameter("dateNow", dateNow);
+        q.executeUpdate();
+
+        q = em.createQuery("update Group g set g.parentId = null where g.parentId = :groupId and g.deleteDate is null");
+        q.setParameter("groupId", groupDb.getId());
+        q.executeUpdate();
+
+        // Create audit log
+        AuditLogUtil.create(groupDb, AuditLogType.DELETE, userId);
+    }
+    
+    /**
+     * Add an user to a group.
+     * 
+     * @param group Group
+     * @return New ID
+     * @throws Exception
+     */
+    public String addMember(UserGroup userGroup) {
+        // Create the UUID
+        userGroup.setId(UUID.randomUUID().toString());
+        
+        // Create the user group
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        em.persist(userGroup);
+        
+        return userGroup.getId();
+    }
+    
+    /**
+     * Remove an user from a group.
+     * 
+     * @param groupId Group ID
+     * @param userId User ID
+     */
+    public void removeMember(String groupId, String userId) {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+            
+        // Get the user group
+        Query q = em.createQuery("select ug from UserGroup ug where ug.groupId = :groupId and ug.userId = :userId and ug.deleteDate is null");
+        q.setParameter("groupId", groupId);
+        q.setParameter("userId", userId);
+        UserGroup userGroupDb = (UserGroup) q.getSingleResult();
+        
+        // Delete the user group
+        Date dateNow = new Date();
+        userGroupDb.setDeleteDate(dateNow);
+    }
+    
+    /**
+     * Returns the list of all groups.
+     * 
+     * @param criteria Search criteria
+     * @param sortCriteria Sort criteria
+     * @return List of groups
+     */
+    public List<GroupDto> findByCriteria(GroupCriteria criteria, SortCriteria sortCriteria) {
+        Map<String, Object> parameterMap = new HashMap<String, Object>();
+        List<String> criteriaList = new ArrayList<String>();
+        
+        StringBuilder sb = new StringBuilder("select g.GRP_ID_C as c0, g.GRP_NAME_C as c1, g.GRP_IDPARENT_C as c2, gp.GRP_NAME_C as c3, g.GRP_IDROLE_C ");
+        if (criteria.getUserId() != null) {
+            sb.append(" , ug.UGP_ID_C ");
+        }
+        sb.append(" from T_GROUP g ");
+        sb.append(" left join T_GROUP gp on g.GRP_IDPARENT_C = gp.GRP_ID_C ");
+        
+        // Add search criterias
+        if (criteria.getSearch() != null) {
+            criteriaList.add("lower(g.GRP_NAME_C) like lower(:search)");
+            parameterMap.put("search", "%" + criteria.getSearch() + "%");
+        }
+        if (criteria.getUserId() != null) {
+            // Left join and post-filtering for recursive groups
+            sb.append((criteria.isRecursive() ? " left " : "")
+                    + " join T_USER_GROUP ug on ug.UGP_IDGROUP_C = g.GRP_ID_C and ug.UGP_IDUSER_C = :userId and ug.UGP_DELETEDATE_D is null ");
+            parameterMap.put("userId", criteria.getUserId());
+        }
+        
+        criteriaList.add("g.GRP_DELETEDATE_D is null");
+        
+        if (!criteriaList.isEmpty()) {
+            sb.append(" where ");
+            sb.append(Joiner.on(" and ").join(criteriaList));
+        }
+        
+        // Perform the search
+        QueryParam queryParam = QueryUtil.getSortedQueryParam(new QueryParam(sb.toString(), parameterMap), sortCriteria);
+        @SuppressWarnings("unchecked")
+        List<Object[]> l = QueryUtil.getNativeQuery(queryParam).getResultList();
+        
+        // Assemble results
+        List<GroupDto> groupDtoList = new ArrayList<>();
+        List<GroupDto> userGroupDtoList = new ArrayList<>();
+        for (Object[] o : l) {
+            int i = 0;
+            GroupDto groupDto = new GroupDto()
+                .setId((String) o[i++])
+                .setName((String) o[i++])
+                .setParentId((String) o[i++])
+                .setParentName((String) o[i++])
+                .setRoleId((String) o[i++]);
+            groupDtoList.add(groupDto);
+            if (criteria.getUserId() != null && o[i++] != null) {
+                userGroupDtoList.add(groupDto);
+            }
+        }
+        
+        // Post-query filtering for recursive groups
+        if (criteria.getUserId() != null && criteria.isRecursive()) {
+            Set<GroupDto> filteredGroupDtoSet = new HashSet<>();
+            for (GroupDto userGroupDto : userGroupDtoList) {
+                filteredGroupDtoSet.add(userGroupDto); // Direct group
+                findGroupParentHierarchy(filteredGroupDtoSet, groupDtoList, userGroupDto, 0); // Indirect groups
+            }
+            groupDtoList = new ArrayList<>(filteredGroupDtoSet);
+        }
+        
+        return groupDtoList;
+    }
+    
+    /**
+     * Recursively search group's parents.
+     * 
+     * @param parentGroupDtoSet Resulting parents
+     * @param groupDtoList All groups
+     * @param userGroupDto Reference group to search from
+     * @param depth Depth
+     */
+    private void findGroupParentHierarchy(Set<GroupDto> parentGroupDtoSet, List<GroupDto> groupDtoList, GroupDto userGroupDto, int depth) {
+        if (userGroupDto.getParentId() == null || depth == 10) { // Max depth 10 to avoid infinite loop
+            return;
+        }
+        
+        for (GroupDto groupDto : groupDtoList) {
+            if (groupDto.getId().equals(userGroupDto.getParentId())) {
+                parentGroupDtoSet.add(groupDto); // Add parent
+                findGroupParentHierarchy(parentGroupDtoSet, groupDtoList, groupDto, depth + 1); // Find parent's parents
+            }
+        }
+    }
+    
+    /**
+     * Update a group.
+     * 
+     * @param group Group to update
+     * @param userId User ID
+     * @return Updated group
+     */
+    public Group update(Group group, String userId) {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        
+        // Get the group
+        Query q = em.createQuery("select g from Group g where g.id = :id and g.deleteDate is null");
+        q.setParameter("id", group.getId());
+        Group groupFromDb = (Group) q.getSingleResult();
+        
+        // Update the group
+        groupFromDb.setName(group.getName());
+        groupFromDb.setParentId(group.getParentId());
+        
+        // Create audit log
+        AuditLogUtil.create(groupFromDb, AuditLogType.UPDATE, userId);
+        
+        return groupFromDb;
+    }
+}
+
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/RelationDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/RelationDao.java
new file mode 100644
index 00000000..5061cf82
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/RelationDao.java
@@ -0,0 +1,99 @@
+package com.sismics.docs.core.dao.jpa;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
+
+import javax.persistence.EntityManager;
+import javax.persistence.Query;
+
+import com.sismics.docs.core.dao.jpa.dto.RelationDto;
+import com.sismics.docs.core.model.jpa.Relation;
+import com.sismics.util.context.ThreadLocalContext;
+
+/**
+ * Relation DAO.
+ * 
+ * @author bgamard
+ */
+public class RelationDao {
+    /**
+     * Get all relations from/to a document.
+     * 
+     * @param documentId Document ID
+     * @return List of relations
+     */
+    @SuppressWarnings("unchecked")
+    public List<RelationDto> getByDocumentId(String documentId) {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        StringBuilder sb = new StringBuilder("select d.DOC_ID_C, d.DOC_TITLE_C, r.REL_IDDOCFROM_C ");
+        sb.append(" from T_RELATION r ");
+        sb.append(" join T_DOCUMENT d on d.DOC_ID_C = r.REL_IDDOCFROM_C and r.REL_IDDOCFROM_C != :documentId or d.DOC_ID_C = r.REL_IDDOCTO_C and r.REL_IDDOCTO_C != :documentId ");
+        sb.append(" where (r.REL_IDDOCFROM_C = :documentId or r.REL_IDDOCTO_C = :documentId) ");
+        sb.append(" and r.REL_DELETEDATE_D is null ");
+        sb.append(" order by d.DOC_TITLE_C ");
+        
+        // Perform the query
+        Query q = em.createNativeQuery(sb.toString());
+        q.setParameter("documentId", documentId);
+        List<Object[]> l = q.getResultList();
+        
+        // Assemble results
+        List<RelationDto> relationDtoList = new ArrayList<RelationDto>();
+        for (Object[] o : l) {
+            int i = 0;
+            RelationDto relationDto = new RelationDto();
+            relationDto.setId((String) o[i++]);
+            relationDto.setTitle((String) o[i++]);
+            String fromDocId = (String) o[i++];
+            relationDto.setSource(documentId.equals(fromDocId));
+            relationDtoList.add(relationDto);
+        }
+        return relationDtoList;
+    }
+    
+    /**
+     * Update relations on a document.
+     * 
+     * @param documentId Document ID
+     * @param documentIdSet Set of document ID
+     */
+    public void updateRelationList(String documentId, Set<String> documentIdSet) {
+        EntityManager em = ThreadLocalContext.get().getEntityManager();
+        
+        // Get current relations from this document
+        Query q = em.createQuery("select r from Relation r where r.fromDocumentId = :documentId and r.deleteDate is null");
+        q.setParameter("documentId", documentId);
+        @SuppressWarnings("unchecked")
+        List<Relation> relationList = q.getResultList();
+        
+        // Deleting relations no longer there
+        for (Relation relation : relationList) {
+            if (!documentIdSet.contains(relation.getToDocumentId())) {
+                relation.setDeleteDate(new Date());
+            }
+        }
+        
+        // Adding new relations
+        for (String targetDocId : documentIdSet) {
+            boolean found = false;
+            for (Relation relation : relationList) {
+                if (relation.getToDocumentId().equals(targetDocId)) {
+                    found = true;
+                    break;
+                }
+            }
+            
+            if (!found) {
+                Relation relation = new Relation();
+                relation.setId(UUID.randomUUID().toString());
+                relation.setFromDocumentId(documentId);
+                relation.setToDocumentId(targetDocId);
+                em.persist(relation);
+            }
+        }
+    }
+}
+
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/RoleBaseFunctionDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/RoleBaseFunctionDao.java
index 25562032..dda2740c 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/RoleBaseFunctionDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/RoleBaseFunctionDao.java
@@ -16,17 +16,17 @@ public class RoleBaseFunctionDao {
     /**
      * Find the set of base functions of a role.
      * 
-     * @param roleId Role ID
+     * @param roleIdSet Set of role ID
      * @return Set of base functions
      */
     @SuppressWarnings("unchecked")
-    public Set<String> findByRoleId(String roleId) {
+    public Set<String> findByRoleId(Set<String> roleIdSet) {
         EntityManager em = ThreadLocalContext.get().getEntityManager();
         StringBuilder sb = new StringBuilder("select rbf.RBF_IDBASEFUNCTION_C from T_ROLE_BASE_FUNCTION rbf, T_ROLE r");
-        sb.append(" where rbf.RBF_IDROLE_C = :roleId and rbf.RBF_DELETEDATE_D is null");
+        sb.append(" where rbf.RBF_IDROLE_C in (:roleIdSet) and rbf.RBF_DELETEDATE_D is null");
         sb.append(" and r.ROL_ID_C = rbf.RBF_IDROLE_C and r.ROL_DELETEDATE_D is null");
         Query q = em.createNativeQuery(sb.toString());
-        q.setParameter("roleId", roleId);
+        q.setParameter("roleIdSet", roleIdSet);
         return Sets.newHashSet(q.getResultList());
     }
 }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
index ff005b5d..92cb1718 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/UserDao.java
@@ -20,9 +20,8 @@ import com.sismics.docs.core.dao.jpa.criteria.UserCriteria;
 import com.sismics.docs.core.dao.jpa.dto.UserDto;
 import com.sismics.docs.core.model.jpa.User;
 import com.sismics.docs.core.util.AuditLogUtil;
-import com.sismics.docs.core.util.jpa.PaginatedList;
-import com.sismics.docs.core.util.jpa.PaginatedLists;
 import com.sismics.docs.core.util.jpa.QueryParam;
+import com.sismics.docs.core.util.jpa.QueryUtil;
 import com.sismics.docs.core.util.jpa.SortCriteria;
 import com.sismics.util.context.ThreadLocalContext;
 
@@ -265,10 +264,11 @@ public class UserDao {
     /**
      * Returns the list of all users.
      * 
-     * @param paginatedList List of users (updated by side effects)
+     * @param criteria Search criteria
      * @param sortCriteria Sort criteria
+     * @return List of users
      */
-    public void findByCriteria(PaginatedList<UserDto> paginatedList, UserCriteria criteria, SortCriteria sortCriteria) {
+    public List<UserDto> findByCriteria(UserCriteria criteria, SortCriteria sortCriteria) {
         Map<String, Object> parameterMap = new HashMap<String, Object>();
         List<String> criteriaList = new ArrayList<String>();
         
@@ -281,6 +281,11 @@ public class UserDao {
             parameterMap.put("search", "%" + criteria.getSearch() + "%");
         }
         
+        if (criteria.getGroupId() != null) {
+            sb.append(" join T_USER_GROUP ug on ug.UGP_IDUSER_C = u.USE_ID_C and ug.UGP_IDGROUP_C = :groupId and ug.UGP_DELETEDATE_D is null ");
+            parameterMap.put("groupId", criteria.getGroupId());
+        }
+        
         criteriaList.add("u.USE_DELETEDATE_D is null");
         
         if (!criteriaList.isEmpty()) {
@@ -289,8 +294,9 @@ public class UserDao {
         }
         
         // Perform the search
-        QueryParam queryParam = new QueryParam(sb.toString(), parameterMap);
-        List<Object[]> l = PaginatedLists.executePaginatedQuery(paginatedList, queryParam, sortCriteria);
+        QueryParam queryParam = QueryUtil.getSortedQueryParam(new QueryParam(sb.toString(), parameterMap), sortCriteria);
+        @SuppressWarnings("unchecked")
+        List<Object[]> l = QueryUtil.getNativeQuery(queryParam).getResultList();
         
         // Assemble results
         List<UserDto> userDtoList = new ArrayList<UserDto>();
@@ -305,6 +311,6 @@ public class UserDao {
             userDto.setStorageQuota(((Number) o[i++]).longValue());
             userDtoList.add(userDto);
         }
-        paginatedList.setResultList(userDtoList);
+        return userDtoList;
     }
 }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/VocabularyDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/VocabularyDao.java
index fe500a26..710edb21 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/VocabularyDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/VocabularyDao.java
@@ -35,7 +35,7 @@ public class VocabularyDao {
     }
 
     /**
-     * Get all vocabulary entries sharing a single name
+     * Get all vocabulary entries sharing a single name.
      * 
      * @param name Name
      * @return Vocabulary entries
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/DocumentCriteria.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/DocumentCriteria.java
index 181495dc..a05f73fc 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/DocumentCriteria.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/DocumentCriteria.java
@@ -11,9 +11,9 @@ import java.util.List;
  */
 public class DocumentCriteria {
     /**
-     * User ID.
+     * ACL target ID list.
      */
-    private String userId;
+    private List<String> targetIdList;
     
     /**
      * Search query.
@@ -55,12 +55,12 @@ public class DocumentCriteria {
      */
     private String creatorId;
     
-    public String getUserId() {
-        return userId;
+    public List<String> getTargetIdList() {
+        return targetIdList;
     }
 
-    public void setUserId(String userId) {
-        this.userId = userId;
+    public void setTargetIdList(List<String> targetIdList) {
+        this.targetIdList = targetIdList;
     }
 
     public String getSearch() {
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/GroupCriteria.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/GroupCriteria.java
new file mode 100644
index 00000000..a85a8876
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/GroupCriteria.java
@@ -0,0 +1,50 @@
+package com.sismics.docs.core.dao.jpa.criteria;
+
+/**
+ * Group criteria.
+ *
+ * @author bgamard 
+ */
+public class GroupCriteria {
+    /**
+     * Search query.
+     */
+    private String search;
+
+    /**
+     * User ID.
+     */
+    private String userId;
+    
+    /**
+     * Retrieve user groups recursively.
+     */
+    private boolean recursive = false;
+    
+    public String getSearch() {
+        return search;
+    }
+
+    public GroupCriteria setSearch(String search) {
+        this.search = search;
+        return this;
+    }
+
+    public String getUserId() {
+        return userId;
+    }
+
+    public GroupCriteria setUserId(String userId) {
+        this.userId = userId;
+        return this;
+    }
+
+    public boolean isRecursive() {
+        return recursive;
+    }
+
+    public GroupCriteria setRecursive(boolean recursive) {
+        this.recursive = recursive;
+        return this;
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/UserCriteria.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/UserCriteria.java
index 99cf7394..a94ac347 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/UserCriteria.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/criteria/UserCriteria.java
@@ -1,7 +1,5 @@
 package com.sismics.docs.core.dao.jpa.criteria;
 
-
-
 /**
  * User criteria.
  *
@@ -12,6 +10,11 @@ public class UserCriteria {
      * Search query.
      */
     private String search;
+    
+    /**
+     * Group ID.
+     */
+    private String groupId;
 
     public String getSearch() {
         return search;
@@ -21,4 +24,13 @@ public class UserCriteria {
         this.search = search;
         return this;
     }
+
+    public String getGroupId() {
+        return groupId;
+    }
+
+    public UserCriteria setGroupId(String groupId) {
+        this.groupId = groupId;
+        return this;
+    }
 }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/GroupDto.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/GroupDto.java
new file mode 100644
index 00000000..44cac882
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/GroupDto.java
@@ -0,0 +1,88 @@
+package com.sismics.docs.core.dao.jpa.dto;
+
+/**
+ * Group DTO.
+ * 
+ * @author bgamard
+ */
+public class GroupDto {
+    /**
+     * Group ID.
+     */
+    private String id;
+    
+    /**
+     * Name.
+     */
+    private String name;
+
+    /**
+     * Parent ID.
+     */
+    private String parentId;
+    
+    /**
+     * Parent name.
+     */
+    private String parentName;
+    
+    /**
+     * Role ID.
+     */
+    private String roleId;
+    
+    public String getId() {
+        return id;
+    }
+
+    public GroupDto setId(String id) {
+        this.id = id;
+        return this;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public GroupDto setName(String name) {
+        this.name = name;
+        return this;
+    }
+
+    public String getParentId() {
+        return parentId;
+    }
+
+    public GroupDto setParentId(String parentId) {
+        this.parentId = parentId;
+        return this;
+    }
+    
+    public String getParentName() {
+        return parentName;
+    }
+
+    public GroupDto setParentName(String parentName) {
+        this.parentName = parentName;
+        return this;
+    }
+
+    public String getRoleId() {
+        return roleId;
+    }
+
+    public GroupDto setRoleId(String roleId) {
+        this.roleId = roleId;
+        return this;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        return id.equals(((GroupDto) obj).getId());
+    }
+    
+    @Override
+    public int hashCode() {
+        return id.hashCode();
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/RelationDto.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/RelationDto.java
new file mode 100644
index 00000000..eeba9cca
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/RelationDto.java
@@ -0,0 +1,47 @@
+package com.sismics.docs.core.dao.jpa.dto;
+
+/**
+ * Tag DTO.
+ *
+ * @author bgamard 
+ */
+public class RelationDto {
+    /**
+     * Document ID.
+     */
+    private String id;
+    
+    /**
+     * Document title.
+     */
+    private String title;
+
+    /**
+     * True if the document is the source of the relation.
+     */
+    private boolean source;
+    
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    public String getTitle() {
+        return title;
+    }
+
+    public void setTitle(String title) {
+        this.title = title;
+    }
+
+    public boolean isSource() {
+        return source;
+    }
+
+    public void setSource(boolean source) {
+        this.source = source;
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/TagDto.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/TagDto.java
index c4f38506..81bea5a1 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/TagDto.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/TagDto.java
@@ -26,74 +26,34 @@ public class TagDto {
      */
     private String parentId;
 
-    /**
-     * Getter of id.
-     *
-     * @return the id
-     */
     public String getId() {
         return id;
     }
 
-    /**
-     * Setter of id.
-     *
-     * @param id id
-     */
     public void setId(String id) {
         this.id = id;
     }
 
-    /**
-     * Getter of name.
-     *
-     * @return the name
-     */
     public String getName() {
         return name;
     }
 
-    /**
-     * Setter of name.
-     *
-     * @param name name
-     */
     public void setName(String name) {
         this.name = name;
     }
 
-    /**
-     * Getter of color.
-     *
-     * @return the color
-     */
     public String getColor() {
         return color;
     }
 
-    /**
-     * Setter of color.
-     *
-     * @param color color
-     */
     public void setColor(String color) {
         this.color = color;
     }
     
-    /**
-     * Getter of parentId.
-     *
-     * @return the parentId
-     */
     public String getParentId() {
         return parentId;
     }
 
-    /**
-     * Setter of parentId.
-     *
-     * @param color parentId
-     */
     public void setParentId(String parentId) {
         this.parentId = parentId;
     }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/UserDto.java b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/UserDto.java
index a8331909..b0cc166b 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/UserDto.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/jpa/dto/UserDto.java
@@ -1,6 +1,5 @@
 package com.sismics.docs.core.dao.jpa.dto;
 
-
 /**
  * User DTO.
  *
diff --git a/docs-core/src/main/java/com/sismics/docs/core/dao/lucene/LuceneDao.java b/docs-core/src/main/java/com/sismics/docs/core/dao/lucene/LuceneDao.java
index e144a559..104121e0 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/dao/lucene/LuceneDao.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/dao/lucene/LuceneDao.java
@@ -1,9 +1,7 @@
 package com.sismics.docs.core.dao.lucene;
 
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
 
 import org.apache.lucene.analysis.standard.StandardAnalyzer;
@@ -46,16 +44,14 @@ public class LuceneDao {
                 indexWriter.deleteAll();
                 
                 // Add all documents
-                Map<String, Document> documentMap = new HashMap<>();
                 for (Document document : documentList) {
                     org.apache.lucene.document.Document luceneDocument = getDocumentFromDocument(document);
                     indexWriter.addDocument(luceneDocument);
-                    documentMap.put(document.getId(), document);
                 }
                 
                 // Add all files
                 for (File file : fileList) {
-                    org.apache.lucene.document.Document luceneDocument = getDocumentFromFile(file, documentMap.get(file.getDocumentId()));
+                    org.apache.lucene.document.Document luceneDocument = getDocumentFromFile(file);
                     indexWriter.addDocument(luceneDocument);
                 }
             }
@@ -81,13 +77,12 @@ public class LuceneDao {
      * Add file to the index.
      * 
      * @param file File to add
-     * @param document Document linked to the file
      */
-    public void createFile(final File file, final Document document) {
+    public void createFile(final File file) {
         LuceneUtil.handle(new LuceneRunnable() {
             @Override
             public void run(IndexWriter indexWriter) throws Exception {
-                org.apache.lucene.document.Document luceneDocument = getDocumentFromFile(file, document);
+                org.apache.lucene.document.Document luceneDocument = getDocumentFromFile(file);
                 indexWriter.addDocument(luceneDocument);
             }
         });
@@ -112,13 +107,12 @@ public class LuceneDao {
      * Update file index.
      * 
      * @param file Updated file
-     * @param document Document linked to the file
      */
-    public void updateFile(final File file, final Document document) {
+    public void updateFile(final File file) {
         LuceneUtil.handle(new LuceneRunnable() {
             @Override
             public void run(IndexWriter indexWriter) throws Exception {
-                org.apache.lucene.document.Document luceneDocument = getDocumentFromFile(file, document);
+                org.apache.lucene.document.Document luceneDocument = getDocumentFromFile(file);
                 indexWriter.updateDocument(new Term("id", file.getId()), luceneDocument);
             }
         });
@@ -200,7 +194,7 @@ public class LuceneDao {
     /**
      * Build Lucene document from database document.
      * 
-     * @param document Document
+     * @param documentDto Document
      * @return Document
      */
     private org.apache.lucene.document.Document getDocumentFromDocument(Document document) {
@@ -243,10 +237,9 @@ public class LuceneDao {
      * Build Lucene document from file.
      * 
      * @param file File
-     * @param document Document linked to the file
      * @return Document
      */
-    private org.apache.lucene.document.Document getDocumentFromFile(File file, Document document) {
+    private org.apache.lucene.document.Document getDocumentFromFile(File file) {
         org.apache.lucene.document.Document luceneDocument = new org.apache.lucene.document.Document();
         luceneDocument.add(new StringField("id", file.getId(), Field.Store.YES));
         luceneDocument.add(new StringField("doctype", "file", Field.Store.YES));
diff --git a/docs-core/src/main/java/com/sismics/docs/core/event/DocumentDeletedAsyncEvent.java b/docs-core/src/main/java/com/sismics/docs/core/event/DocumentDeletedAsyncEvent.java
index 2ea7dd69..6c314662 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/event/DocumentDeletedAsyncEvent.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/event/DocumentDeletedAsyncEvent.java
@@ -1,7 +1,6 @@
 package com.sismics.docs.core.event;
 
 import com.google.common.base.MoreObjects;
-import com.sismics.docs.core.model.jpa.Document;
 
 /**
  * Document deleted event.
@@ -10,32 +9,22 @@ import com.sismics.docs.core.model.jpa.Document;
  */
 public class DocumentDeletedAsyncEvent extends UserEvent {
     /**
-     * Created document.
+     * Document ID.
      */
-    private Document document;
+    private String documentId;
     
-    /**
-     * Getter of document.
-     *
-     * @return the document
-     */
-    public Document getDocument() {
-        return document;
+    public String getDocumentId() {
+        return documentId;
     }
 
-    /**
-     * Setter of document.
-     *
-     * @param document document
-     */
-    public void setDocument(Document document) {
-        this.document = document;
+    public void setDocumentId(String documentId) {
+        this.documentId = documentId;
     }
 
     @Override
     public String toString() {
         return MoreObjects.toStringHelper(this)
-            .add("document", document)
+            .add("documentId", documentId)
             .toString();
     }
 }
\ No newline at end of file
diff --git a/docs-core/src/main/java/com/sismics/docs/core/event/DocumentUpdatedAsyncEvent.java b/docs-core/src/main/java/com/sismics/docs/core/event/DocumentUpdatedAsyncEvent.java
index da82cc1e..f5e2ef74 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/event/DocumentUpdatedAsyncEvent.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/event/DocumentUpdatedAsyncEvent.java
@@ -1,7 +1,6 @@
 package com.sismics.docs.core.event;
 
 import com.google.common.base.MoreObjects;
-import com.sismics.docs.core.model.jpa.Document;
 
 /**
  * Document updated event.
@@ -10,32 +9,22 @@ import com.sismics.docs.core.model.jpa.Document;
  */
 public class DocumentUpdatedAsyncEvent extends UserEvent {
     /**
-     * Created document.
+     * Document ID.
      */
-    private Document document;
+    private String documentId;
     
-    /**
-     * Getter of document.
-     *
-     * @return the document
-     */
-    public Document getDocument() {
-        return document;
+    public String getDocumentId() {
+        return documentId;
     }
 
-    /**
-     * Setter of document.
-     *
-     * @param document document
-     */
-    public void setDocument(Document document) {
-        this.document = document;
+    public void setDocumentId(String documentId) {
+        this.documentId = documentId;
     }
 
     @Override
     public String toString() {
         return MoreObjects.toStringHelper(this)
-            .add("document", document)
+            .add("documentId", documentId)
             .toString();
     }
 }
\ No newline at end of file
diff --git a/docs-core/src/main/java/com/sismics/docs/core/event/FileCreatedAsyncEvent.java b/docs-core/src/main/java/com/sismics/docs/core/event/FileCreatedAsyncEvent.java
index 5dbf7d30..c6cfe07f 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/event/FileCreatedAsyncEvent.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/event/FileCreatedAsyncEvent.java
@@ -3,7 +3,6 @@ package com.sismics.docs.core.event;
 import java.io.InputStream;
 
 import com.google.common.base.MoreObjects;
-import com.sismics.docs.core.model.jpa.Document;
 import com.sismics.docs.core.model.jpa.File;
 
 /**
@@ -18,9 +17,9 @@ public class FileCreatedAsyncEvent extends UserEvent {
     private File file;
     
     /**
-     * Document linked to the file.
+     * Language of the file.
      */
-    private Document document;
+    private String language;
     
     /**
      * Unencrypted input stream containing the file.
@@ -42,12 +41,12 @@ public class FileCreatedAsyncEvent extends UserEvent {
         this.file = file;
     }
     
-    public Document getDocument() {
-        return document;
+    public String getLanguage() {
+        return language;
     }
 
-    public void setDocument(Document document) {
-        this.document = document;
+    public void setLanguage(String language) {
+        this.language = language;
     }
     
     public InputStream getInputStream() {
@@ -70,7 +69,7 @@ public class FileCreatedAsyncEvent extends UserEvent {
     public String toString() {
         return MoreObjects.toStringHelper(this)
             .add("file", file)
-            .add("document", document)
+            .add("language", language)
             .toString();
     }
 }
\ No newline at end of file
diff --git a/docs-core/src/main/java/com/sismics/docs/core/event/FileDeletedAsyncEvent.java b/docs-core/src/main/java/com/sismics/docs/core/event/FileDeletedAsyncEvent.java
index 96637094..05835ae5 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/event/FileDeletedAsyncEvent.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/event/FileDeletedAsyncEvent.java
@@ -14,20 +14,10 @@ public class FileDeletedAsyncEvent extends UserEvent {
      */
     private File file;
     
-    /**
-     * Getter of file.
-     *
-     * @return the file
-     */
     public File getFile() {
         return file;
     }
 
-    /**
-     * Setter of file.
-     *
-     * @param file file
-     */
     public void setFile(File file) {
         this.file = file;
     }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/listener/async/DocumentDeletedAsyncListener.java b/docs-core/src/main/java/com/sismics/docs/core/listener/async/DocumentDeletedAsyncListener.java
index 1eb04570..acee2ae8 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/listener/async/DocumentDeletedAsyncListener.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/listener/async/DocumentDeletedAsyncListener.java
@@ -32,6 +32,6 @@ public class DocumentDeletedAsyncListener {
 
         // Update Lucene index
         LuceneDao luceneDao = new LuceneDao();
-        luceneDao.deleteDocument(documentDeletedAsyncEvent.getDocument().getId());
+        luceneDao.deleteDocument(documentDeletedAsyncEvent.getDocumentId());
     }
 }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/listener/async/DocumentUpdatedAsyncListener.java b/docs-core/src/main/java/com/sismics/docs/core/listener/async/DocumentUpdatedAsyncListener.java
index 788a3467..5df6b41a 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/listener/async/DocumentUpdatedAsyncListener.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/listener/async/DocumentUpdatedAsyncListener.java
@@ -7,6 +7,7 @@ import org.slf4j.LoggerFactory;
 
 import com.google.common.eventbus.Subscribe;
 import com.sismics.docs.core.dao.jpa.ContributorDao;
+import com.sismics.docs.core.dao.jpa.DocumentDao;
 import com.sismics.docs.core.dao.lucene.LuceneDao;
 import com.sismics.docs.core.event.DocumentUpdatedAsyncEvent;
 import com.sismics.docs.core.model.jpa.Contributor;
@@ -35,12 +36,17 @@ public class DocumentUpdatedAsyncListener {
             log.info("Document updated event: " + event.toString());
         }
 
-        // Update contributors list
         TransactionUtil.handle(new Runnable() {
             @Override
             public void run() {
+                // Update Lucene index
+                DocumentDao documentDao = new DocumentDao();
+                LuceneDao luceneDao = new LuceneDao();
+                luceneDao.updateDocument(documentDao.getById(event.getDocumentId()));
+                
+                // Update contributors list
                 ContributorDao contributorDao = new ContributorDao();
-                List<Contributor> contributorList = contributorDao.findByDocumentId(event.getDocument().getId());
+                List<Contributor> contributorList = contributorDao.findByDocumentId(event.getDocumentId());
                 
                 // Check if the user firing this event is not already a contributor
                 for (Contributor contributor : contributorList) {
@@ -52,14 +58,10 @@ public class DocumentUpdatedAsyncListener {
                 
                 // Add a new contributor
                 Contributor contributor = new Contributor();
-                contributor.setDocumentId(event.getDocument().getId());
+                contributor.setDocumentId(event.getDocumentId());
                 contributor.setUserId(event.getUserId());
                 contributorDao.create(contributor);
             }
         });
-        
-        // Update Lucene index
-        LuceneDao luceneDao = new LuceneDao();
-        luceneDao.updateDocument(event.getDocument());
     }
 }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/listener/async/FileCreatedAsyncListener.java b/docs-core/src/main/java/com/sismics/docs/core/listener/async/FileCreatedAsyncListener.java
index 0eacdeca..a5301769 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/listener/async/FileCreatedAsyncListener.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/listener/async/FileCreatedAsyncListener.java
@@ -41,7 +41,7 @@ public class FileCreatedAsyncListener {
         
         // Extract text content from the file
         long startTime = System.currentTimeMillis();
-        final String content = FileUtil.extractContent(fileCreatedAsyncEvent.getDocument(), file,
+        final String content = FileUtil.extractContent(fileCreatedAsyncEvent.getLanguage(), file,
                 fileCreatedAsyncEvent.getInputStream(), fileCreatedAsyncEvent.getPdfInputStream());
         fileCreatedAsyncEvent.getInputStream().close();
         if (fileCreatedAsyncEvent.getPdfInputStream() != null) {
@@ -66,6 +66,6 @@ public class FileCreatedAsyncListener {
         
         // Update Lucene index
         LuceneDao luceneDao = new LuceneDao();
-        luceneDao.createFile(fileCreatedAsyncEvent.getFile(), fileCreatedAsyncEvent.getDocument());
+        luceneDao.createFile(fileCreatedAsyncEvent.getFile());
     }
 }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Acl.java b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Acl.java
index 413f2d42..cb972e6a 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Acl.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Acl.java
@@ -30,20 +30,20 @@ public class Acl implements Loggable {
     /**
      * ACL permission.
      */
-    @Column(name = "ACL_PERM_C", length = 30)
+    @Column(name = "ACL_PERM_C", length = 30, nullable = false)
     @Enumerated(EnumType.STRING)
     private PermType perm;
 
     /**
      * ACL source ID.
      */
-    @Column(name = "ACL_SOURCEID_C", length = 36)
+    @Column(name = "ACL_SOURCEID_C", length = 36, nullable = false)
     private String sourceId;
     
     /**
      * ACL target ID.
      */
-    @Column(name = "ACL_TARGETID_C", length = 36)
+    @Column(name = "ACL_TARGETID_C", length = 36, nullable = false)
     private String targetId;
     
     /**
diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Contributor.java b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Contributor.java
index 9150d937..b583a7b2 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Contributor.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Contributor.java
@@ -13,7 +13,7 @@ import com.google.common.base.MoreObjects;
  * @author bgamard
  */
 @Entity
-@Table(name = "T_Contributor")
+@Table(name = "T_CONTRIBUTOR")
 public class Contributor {
     /**
      * Contributor ID.
diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/DocumentTag.java b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/DocumentTag.java
index 51b0d51a..bacc47df 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/DocumentTag.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/DocumentTag.java
@@ -33,13 +33,13 @@ public class DocumentTag implements Serializable {
     /**
      * Document ID.
      */
-    @Column(name = "DOT_IDDOCUMENT_C", length = 36)
+    @Column(name = "DOT_IDDOCUMENT_C", nullable = false, length = 36)
     private String documentId;
     
     /**
      * Tag ID.
      */
-    @Column(name = "DOT_IDTAG_C", length = 36)
+    @Column(name = "DOT_IDTAG_C", nullable = false, length = 36)
     private String tagId;
 
     /**
@@ -83,6 +83,7 @@ public class DocumentTag implements Serializable {
     @Override
     public String toString() {
         return MoreObjects.toStringHelper(this)
+                .add("id", id)
                 .add("documentId", documentId)
                 .add("tagId", tagId)
                 .toString();
diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Group.java b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Group.java
new file mode 100644
index 00000000..56c7fdea
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Group.java
@@ -0,0 +1,111 @@
+package com.sismics.docs.core.model.jpa;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import com.google.common.base.MoreObjects;
+
+/**
+ * Group entity.
+ * 
+ * @author bgamard
+ */
+@Entity
+@Table(name = "T_GROUP")
+public class Group implements Loggable {
+    /**
+     * Group ID.
+     */
+    @Id
+    @Column(name = "GRP_ID_C", nullable = false, length = 36)
+    private String id;
+    
+    /**
+     * Vocabulary value.
+     */
+    @Column(name = "GRP_IDPARENT_C", length = 36)
+    private String parentId;
+    
+    /**
+     * Group name.
+     */
+    @Column(name = "GRP_NAME_C", nullable = false, length = 50)
+    private String name;
+
+    /**
+     * Role ID.
+     */
+    @Column(name = "GRP_IDROLE_C", length = 36)
+    private String roleId;
+    
+    /**
+     * Deletion date.
+     */
+    @Column(name = "GRP_DELETEDATE_D")
+    private Date deleteDate;
+    
+    public String getId() {
+        return id;
+    }
+
+    public Group setId(String id) {
+        this.id = id;
+        return this;
+    }
+
+    public String getParentId() {
+        return parentId;
+    }
+
+    public Group setParentId(String parentId) {
+        this.parentId = parentId;
+        return this;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public Group setName(String name) {
+        this.name = name;
+        return this;
+    }
+
+    @Override
+    public Date getDeleteDate() {
+        return deleteDate;
+    }
+    
+    public Group setDeleteDate(Date deleteDate) {
+        this.deleteDate = deleteDate;
+        return this;
+    }
+    
+    public String getRoleId() {
+        return roleId;
+    }
+
+    public Group setRoleId(String roleId) {
+        this.roleId = roleId;
+        return this;
+    }
+
+    @Override
+    public String toString() {
+        return MoreObjects.toStringHelper(this)
+                .add("id", id)
+                .add("roleId", roleId)
+                .add("parentId", parentId)
+                .add("name", name)
+                .toString();
+    }
+
+    @Override
+    public String toMessage() {
+        return name;
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Relation.java b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Relation.java
new file mode 100644
index 00000000..9eeba90f
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/Relation.java
@@ -0,0 +1,85 @@
+package com.sismics.docs.core.model.jpa;
+
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import com.google.common.base.MoreObjects;
+
+/**
+ * Relation entity.
+ * 
+ * @author bgamard
+ */
+@Entity
+@Table(name = "T_RELATION")
+public class Relation {
+    /**
+     * Relation ID.
+     */
+    @Id
+    @Column(name = "REL_ID_C", length = 36)
+    private String id;
+    
+    /**
+     * Source document ID.
+     */
+    @Column(name = "REL_IDDOCFROM_C", length = 36, nullable = false)
+    private String fromDocumentId;
+    
+    /**
+     * Destination document ID.
+     */
+    @Column(name = "REL_IDDOCTO_C", length = 36, nullable = false)
+    private String toDocumentId;
+
+    /**
+     * Deletion date.
+     */
+    @Column(name = "REL_DELETEDATE_D")
+    private Date deleteDate;
+    
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    public String getFromDocumentId() {
+        return fromDocumentId;
+    }
+
+    public void setFromDocumentId(String fromDocumentId) {
+        this.fromDocumentId = fromDocumentId;
+    }
+
+    public String getToDocumentId() {
+        return toDocumentId;
+    }
+
+    public void setToDocumentId(String toDocumentId) {
+        this.toDocumentId = toDocumentId;
+    }
+
+    public Date getDeleteDate() {
+        return deleteDate;
+    }
+
+    public void setDeleteDate(Date deleteDate) {
+        this.deleteDate = deleteDate;
+    }
+
+    @Override
+    public String toString() {
+        return MoreObjects.toStringHelper(this)
+                .add("id", id)
+                .add("fromDocumentId", fromDocumentId)
+                .add("toDocumentId", toDocumentId)
+                .toString();
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/docs/core/model/jpa/UserGroup.java b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/UserGroup.java
new file mode 100644
index 00000000..3ae2592a
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/model/jpa/UserGroup.java
@@ -0,0 +1,91 @@
+package com.sismics.docs.core.model.jpa;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Table;
+
+import com.google.common.base.MoreObjects;
+
+/**
+ * Link between an user and a group.
+ * 
+ * @author bgamard
+ */
+@Entity
+@Table(name = "T_USER_GROUP")
+public class UserGroup implements Serializable {
+    /**
+     * Serial version UID.
+     */
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * User group ID.
+     */
+    @Id
+    @Column(name = "UGP_ID_C", length = 36)
+    private String id;
+    
+    /**
+     * User ID.
+     */
+    @Column(name = "UGP_IDUSER_C", nullable = false, length = 36)
+    private String userId;
+    
+    /**
+     * Group ID.
+     */
+    @Column(name = "UGP_IDGROUP_C", nullable = false, length = 36)
+    private String groupId;
+
+    /**
+     * Deletion date.
+     */
+    @Column(name = "UGP_DELETEDATE_D")
+    private Date deleteDate;
+    
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    public String getUserId() {
+        return userId;
+    }
+
+    public void setUserId(String userId) {
+        this.userId = userId;
+    }
+
+    public String getGroupId() {
+        return groupId;
+    }
+
+    public void setGroupId(String groupId) {
+        this.groupId = groupId;
+    }
+
+    public Date getDeleteDate() {
+        return deleteDate;
+    }
+
+    public void setDeleteDate(Date deleteDate) {
+        this.deleteDate = deleteDate;
+    }
+
+    @Override
+    public String toString() {
+        return MoreObjects.toStringHelper(this)
+                .add("id", id)
+                .add("userId", userId)
+                .add("groupId", groupId)
+                .toString();
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java b/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java
index 64d0552e..2a005fce 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/util/FileUtil.java
@@ -18,7 +18,6 @@ import org.imgscalr.Scalr.Mode;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.sismics.docs.core.model.jpa.Document;
 import com.sismics.docs.core.model.jpa.File;
 import com.sismics.tess4j.Tesseract;
 import com.sismics.util.ImageUtil;
@@ -37,17 +36,17 @@ public class FileUtil {
     /**
      * Extract content from a file.
      * 
-     * @param document Document linked to the file
+     * @param language Language to extract
      * @param file File to extract
      * @param inputStream Unencrypted input stream
      * @param pdfInputStream Unencrypted PDF input stream
      * @return Content extract
      */
-    public static String extractContent(Document document, File file, InputStream inputStream, InputStream pdfInputStream) {
+    public static String extractContent(String language, File file, InputStream inputStream, InputStream pdfInputStream) {
         String content = null;
         
         if (ImageUtil.isImage(file.getMimeType())) {
-            content = ocrFile(inputStream, document);
+            content = ocrFile(inputStream, language);
         } else if (pdfInputStream != null) {
             content = PdfUtil.extractPdf(pdfInputStream);
         }
@@ -59,10 +58,10 @@ public class FileUtil {
      * Optical character recognition on a stream.
      * 
      * @param inputStream Unencrypted input stream
-     * @param document Document linked to the file
+     * @param language Language to OCR
      * @return Content extracted
      */
-    private static String ocrFile(InputStream inputStream, Document document) {
+    private static String ocrFile(InputStream inputStream, String language) {
         Tesseract instance = Tesseract.getInstance();
         String content = null;
         BufferedImage image = null;
@@ -80,7 +79,7 @@ public class FileUtil {
         // OCR the file
         try {
             log.info("Starting OCR with TESSDATA_PREFIX=" + System.getenv("TESSDATA_PREFIX") + ";LC_NUMERIC=" + System.getenv("LC_NUMERIC"));
-            instance.setLanguage(document.getLanguage());
+            instance.setLanguage(language);
             content = instance.doOCR(image);
         } catch (Throwable e) {
             log.error("Error while OCR-izing the image", e);
diff --git a/docs-core/src/main/java/com/sismics/docs/core/util/PdfUtil.java b/docs-core/src/main/java/com/sismics/docs/core/util/PdfUtil.java
index ebf64351..86d22da2 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/util/PdfUtil.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/util/PdfUtil.java
@@ -7,6 +7,8 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.Path;
+import java.text.SimpleDateFormat;
+import java.util.Date;
 import java.util.List;
 
 import javax.imageio.ImageIO;
@@ -17,6 +19,7 @@ import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDPage;
 import org.apache.pdfbox.pdmodel.PDPageContentStream;
 import org.apache.pdfbox.pdmodel.common.PDRectangle;
+import org.apache.pdfbox.pdmodel.font.PDType1Font;
 import org.apache.pdfbox.pdmodel.graphics.image.JPEGFactory;
 import org.apache.pdfbox.pdmodel.graphics.image.LosslessFactory;
 import org.apache.pdfbox.pdmodel.graphics.image.PDImageXObject;
@@ -29,8 +32,11 @@ import org.odftoolkit.odfdom.doc.OdfTextDocument;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.google.common.base.Strings;
 import com.google.common.io.Closer;
+import com.sismics.docs.core.dao.jpa.dto.DocumentDto;
 import com.sismics.docs.core.model.jpa.File;
+import com.sismics.docs.core.util.pdf.PdfPage;
 import com.sismics.util.ImageUtil;
 import com.sismics.util.mime.MimeType;
 
@@ -141,25 +147,67 @@ public class PdfUtil {
     /**
      * Convert a document and its files to a merged PDF file.
      * 
+     * @param documentDto Document DTO
      * @param fileList List of files
      * @param fitImageToPage Fit images to the page
+     * @param metadata Add a page with metadata
      * @param margin Margins in millimeters
      * @return PDF input stream
      * @throws IOException 
      */
-    public static InputStream convertToPdf(List<File> fileList, boolean fitImageToPage, int margin) throws Exception {
-        // TODO PDF Export: Option to add a front page with:
-        // document title, document description, creator, date created, language,
-        // list of all files (and information if it is in this document or not)
-        // TODO PDF Export: Option to add the comments
-        
-        // Create a blank PDF
+    public static InputStream convertToPdf(DocumentDto documentDto, List<File> fileList,
+            boolean fitImageToPage, boolean metadata, int margin) throws Exception {
+        // Setup PDFBox
         Closer closer = Closer.create();
         MemoryUsageSetting memUsageSettings = MemoryUsageSetting.setupMixed(1000000); // 1MB max memory usage
         memUsageSettings.setTempDir(new java.io.File(System.getProperty("java.io.tmpdir"))); // To OS temp
         float mmPerInch = 1 / (10 * 2.54f) * 72f;
         
+        // Create a blank PDF
         try (PDDocument doc = new PDDocument(memUsageSettings)) {
+            // Add metadata
+            if (metadata) {
+                PDPage page = new PDPage();
+                doc.addPage(page);
+                try (PdfPage pdfPage = new PdfPage(doc, page, margin * mmPerInch, PDType1Font.HELVETICA, 12)) {
+                    SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
+                    pdfPage.addText(documentDto.getTitle(), true, PDType1Font.HELVETICA_BOLD, 16)
+                        .newLine()
+                        .addText("Created by " + documentDto.getCreator()
+                            + " on " + dateFormat.format(new Date(documentDto.getCreateTimestamp())), true)
+                        .newLine()
+                        .addText(documentDto.getDescription())
+                        .newLine();
+                    if (!Strings.isNullOrEmpty(documentDto.getSubject())) {
+                        pdfPage.addText("Subject: " + documentDto.getSubject());
+                    }
+                    if (!Strings.isNullOrEmpty(documentDto.getIdentifier())) {
+                        pdfPage.addText("Identifier: " + documentDto.getIdentifier());
+                    }
+                    if (!Strings.isNullOrEmpty(documentDto.getPublisher())) {
+                        pdfPage.addText("Publisher: " + documentDto.getPublisher());
+                    }
+                    if (!Strings.isNullOrEmpty(documentDto.getFormat())) {
+                        pdfPage.addText("Format: " + documentDto.getFormat());
+                    }
+                    if (!Strings.isNullOrEmpty(documentDto.getSource())) {
+                        pdfPage.addText("Source: " + documentDto.getSource());
+                    }
+                    if (!Strings.isNullOrEmpty(documentDto.getType())) {
+                        pdfPage.addText("Type: " + documentDto.getType());
+                    }
+                    if (!Strings.isNullOrEmpty(documentDto.getCoverage())) {
+                        pdfPage.addText("Coverage: " + documentDto.getCoverage());
+                    }
+                    if (!Strings.isNullOrEmpty(documentDto.getRights())) {
+                        pdfPage.addText("Rights: " + documentDto.getRights());
+                    }
+                    pdfPage.addText("Language: " + documentDto.getLanguage())
+                        .newLine()
+                        .addText("Files in this document : " + fileList.size(), false, PDType1Font.HELVETICA_BOLD, 12);
+                }
+            }
+            
             // Add files
             for (File file : fileList) {
                 Path storedFile = DirectoryUtil.getStorageDirectory().resolve(file.getId());
diff --git a/docs-core/src/main/java/com/sismics/docs/core/util/jpa/PaginatedLists.java b/docs-core/src/main/java/com/sismics/docs/core/util/jpa/PaginatedLists.java
index c1c6affe..d415a3a0 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/util/jpa/PaginatedLists.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/util/jpa/PaginatedLists.java
@@ -105,13 +105,7 @@ public class PaginatedLists {
      * @return List of results
      */
     public static <E> List<Object[]> executePaginatedQuery(PaginatedList<E> paginatedList, QueryParam queryParam, SortCriteria sortCriteria) {
-        StringBuilder sb = new StringBuilder(queryParam.getQueryString());
-        sb.append(" order by c");
-        sb.append(sortCriteria.getColumn());
-        sb.append(sortCriteria.isAsc() ? " asc" : " desc");
-        
-        QueryParam sortedQueryParam = new QueryParam(sb.toString(), queryParam.getParameterMap());
-        
+        QueryParam sortedQueryParam = QueryUtil.getSortedQueryParam(queryParam, sortCriteria);
         executeCountQuery(paginatedList, sortedQueryParam);
         return executeResultQuery(paginatedList, sortedQueryParam);
     }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/util/jpa/QueryUtil.java b/docs-core/src/main/java/com/sismics/docs/core/util/jpa/QueryUtil.java
index fa9090f9..3575636e 100644
--- a/docs-core/src/main/java/com/sismics/docs/core/util/jpa/QueryUtil.java
+++ b/docs-core/src/main/java/com/sismics/docs/core/util/jpa/QueryUtil.java
@@ -1,10 +1,11 @@
 package com.sismics.docs.core.util.jpa;
 
-import com.sismics.util.context.ThreadLocalContext;
+import java.util.Map.Entry;
 
 import javax.persistence.EntityManager;
 import javax.persistence.Query;
-import java.util.Map.Entry;
+
+import com.sismics.util.context.ThreadLocalContext;
 
 /**
  * Query utilities.
@@ -27,4 +28,22 @@ public class QueryUtil {
         }
         return query;
     }
+    
+    /**
+     * Returns sorted query parameters.
+     * 
+     * @param queryParam Query parameters
+     * @param sortCriteria Sort criteria
+     * @return Sorted query parameters
+     */
+    public static QueryParam getSortedQueryParam(QueryParam queryParam, SortCriteria sortCriteria) {
+        StringBuilder sb = new StringBuilder(queryParam.getQueryString());
+        if (sortCriteria != null) {
+            sb.append(" order by c");
+            sb.append(sortCriteria.getColumn());
+            sb.append(sortCriteria.isAsc() ? " asc" : " desc");
+        }
+        
+        return new QueryParam(sb.toString(), queryParam.getParameterMap());
+    }
 }
diff --git a/docs-core/src/main/java/com/sismics/docs/core/util/pdf/PdfPage.java b/docs-core/src/main/java/com/sismics/docs/core/util/pdf/PdfPage.java
new file mode 100644
index 00000000..af9aafb2
--- /dev/null
+++ b/docs-core/src/main/java/com/sismics/docs/core/util/pdf/PdfPage.java
@@ -0,0 +1,153 @@
+package com.sismics.docs.core.util.pdf;
+
+import java.io.Closeable;
+import java.io.IOException;
+
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDPage;
+import org.apache.pdfbox.pdmodel.PDPageContentStream;
+import org.apache.pdfbox.pdmodel.font.PDFont;
+
+/**
+ * Wrapper around PDFBox for high level abstraction of PDF writing.
+ * 
+ * @author bgamard
+ */
+public class PdfPage implements Closeable {
+    private PDPage pdPage;
+    private PDPageContentStream pdContent;
+    private float margin;
+    private PDFont defaultFont;
+    private int defaultFontSize;
+
+    /**
+     * Create a wrapper around a PDF page.
+     * 
+     * @param pdDoc Document
+     * @param pdPage Page
+     * @param margin Margin
+     * @param defaultFont Default font
+     * @param defaultFontSize Default fond size
+     * @throws IOException
+     */
+    public PdfPage(PDDocument pdDoc, PDPage pdPage, float margin, PDFont defaultFont, int defaultFontSize) throws IOException {
+        this.pdPage = pdPage;
+        this.pdContent = new PDPageContentStream(pdDoc, pdPage);
+        this.margin = margin;
+        this.defaultFont = defaultFont;
+        this.defaultFontSize = defaultFontSize;
+        
+        pdContent.beginText();
+        pdContent.newLineAtOffset(margin, pdPage.getMediaBox().getHeight() - margin);
+    }
+    
+    /**
+     * Write a text with default font.
+     * 
+     * @param text Text
+     * @throws IOException
+     */
+    public PdfPage addText(String text) throws IOException {
+        drawText(pdPage.getMediaBox().getWidth() - 2 * margin, defaultFont, defaultFontSize, text, false);
+        return this;
+    }
+    
+    /**
+     * Write a text with default font.
+     * 
+     * @param text Text
+     * @param centered If true, the text will be centered in the page
+     * @throws IOException
+     */
+    public PdfPage addText(String text, boolean centered) throws IOException {
+        drawText(pdPage.getMediaBox().getWidth() - 2 * margin, defaultFont, defaultFontSize, text, centered);
+        return this;
+    }
+    
+    /**
+     * Write a text in the page.
+     * 
+     * @param text Text
+     * @param centered If true, the text will be centered in the page
+     * @param font Font
+     * @param fontSize Font size
+     * @throws IOException
+     */
+    public PdfPage addText(String text, boolean centered, PDFont font, int fontSize) throws IOException {
+        drawText(pdPage.getMediaBox().getWidth() - 2 * margin, font, fontSize, text, centered);
+        return this;
+    }
+    
+    /**
+     * Create a new line.
+     * 
+     * @throws IOException
+     */
+    public PdfPage newLine() throws IOException {
+        pdContent.newLineAtOffset(0, - defaultFont.getFontDescriptor().getFontBoundingBox().getHeight() / 1000 * defaultFontSize);
+        return this;
+    }
+    
+    /**
+     * Draw a text with low level PDFBox API.
+     * 
+     * @param paragraphWidth Paragraph width
+     * @param font Font
+     * @param fontSize Font size
+     * @param text Text
+     * @param centered If true, the text will be centered in the paragraph
+     * @throws IOException
+     */
+    private void drawText(float paragraphWidth, PDFont font, int fontSize, String text, boolean centered) throws IOException {
+        pdContent.setFont(font, fontSize);
+        int start = 0;
+        int end = 0;
+        float height = font.getFontDescriptor().getFontBoundingBox().getHeight() / 1000 * fontSize;
+        for (int i : possibleWrapPoints(text)) {
+            float width = font.getStringWidth(text.substring(start, i)) / 1000 * fontSize;
+            if (start < end && width > paragraphWidth) {
+                // Draw partial text and increase height
+                pdContent.newLineAtOffset(0, - height);
+                String line = text.substring(start, end);
+                float lineWidth = font.getStringWidth(line) / 1000 * fontSize;
+                float offset = (paragraphWidth - lineWidth) / 2;
+                if (centered) pdContent.newLineAtOffset(offset, 0);
+                pdContent.showText(line);
+                if (centered) pdContent.newLineAtOffset(- offset, 0);
+                start = end;
+            }
+            end = i;
+        }
+        
+        // Last piece of text
+        String line = text.substring(start);
+        float lineWidth = font.getStringWidth(line) / 1000 * fontSize;
+        float offset = (paragraphWidth - lineWidth) / 2;
+        pdContent.newLineAtOffset(0, - height);
+        if (centered) pdContent.newLineAtOffset(offset, 0);
+        pdContent.showText(line);
+        if (centered) pdContent.newLineAtOffset(- offset, 0);
+    }
+
+    /**
+     * Returns wrap points for a given piece of text.
+     * 
+     * @param text Text
+     * @return Wrap points
+     */
+    private int[] possibleWrapPoints(String text) {
+        String[] split = text.split("(?<=\\W)");
+        int[] ret = new int[split.length];
+        ret[0] = split[0].length();
+        for (int i = 1 ; i < split.length ; i++) {
+            ret[i] = ret[i-1] + split[i].length();
+        }
+        return ret;
+    }
+
+    @Override
+    public void close() throws IOException {
+        pdContent.endText();
+        pdContent.close();
+    }
+}
diff --git a/docs-core/src/main/java/com/sismics/util/log4j/LogCriteria.java b/docs-core/src/main/java/com/sismics/util/log4j/LogCriteria.java
index 34cfc26d..d8e4a90e 100644
--- a/docs-core/src/main/java/com/sismics/util/log4j/LogCriteria.java
+++ b/docs-core/src/main/java/com/sismics/util/log4j/LogCriteria.java
@@ -1,6 +1,7 @@
 package com.sismics.util.log4j;
 
 import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Level;
 
 /**
  * Log search criteria.
@@ -10,9 +11,9 @@ import org.apache.commons.lang.StringUtils;
 public class LogCriteria {
 
     /**
-     * Logging level (DEBUG, WARN)...
+     * Minimum logging level (DEBUG, WARN)...
      */
-    private String level;
+    private Level minLevel;
     
     /**
      * Logger name / tag.
@@ -24,57 +25,30 @@ public class LogCriteria {
      */
     private String message;
 
-    /**
-     * Getter of level.
-     *
-     * @return level
-     */
-    public String getLevel() {
-        return level;
+    public Level getMinLevel() {
+        return minLevel;
     }
 
-    /**
-     * Setter of level.
-     *
-     * @param level level
-     */
-    public void setLevel(String level) {
-        this.level = StringUtils.lowerCase(level);
+    public LogCriteria setMinLevel(Level level) {
+        this.minLevel = level;
+        return this;
     }
 
-    /**
-     * Getter of tag.
-     *
-     * @return tag
-     */
     public String getTag() {
         return tag;
     }
 
-    /**
-     * Setter of tag.
-     *
-     * @param tag tag
-     */
-    public void setTag(String tag) {
+    public LogCriteria setTag(String tag) {
         this.tag = StringUtils.lowerCase(tag);
+        return this;
     }
 
-    /**
-     * Getter of message.
-     *
-     * @return message
-     */
     public String getMessage() {
         return message;
     }
 
-    /**
-     * Setter of message.
-     *
-     * @param message message
-     */
-    public void setMessage(String message) {
+    public LogCriteria setMessage(String message) {
         this.message = StringUtils.lowerCase(message);
+        return this;
     }
 }
diff --git a/docs-core/src/main/java/com/sismics/util/log4j/LogEntry.java b/docs-core/src/main/java/com/sismics/util/log4j/LogEntry.java
index 23cfbbc6..b0120bc0 100644
--- a/docs-core/src/main/java/com/sismics/util/log4j/LogEntry.java
+++ b/docs-core/src/main/java/com/sismics/util/log4j/LogEntry.java
@@ -1,5 +1,7 @@
 package com.sismics.util.log4j;
 
+import org.apache.log4j.Level;
+
 /**
  * Log entry.
  *
@@ -14,7 +16,7 @@ public class LogEntry {
     /**
      * Logging level (DEBUG, WARN)...
      */
-    private String level;
+    private Level level;
     
     /**
      * Logger name / tag.
@@ -34,45 +36,25 @@ public class LogEntry {
      * @param tag Logger name / tag
      * @param message Message logged
      */
-    public LogEntry(long timestamp, String level, String tag, String message) {
+    public LogEntry(long timestamp, Level level, String tag, String message) {
         this.timestamp = timestamp;
         this.level = level;
         this.tag = tag;
         this.message = message;
     }
 
-    /**
-     * Getter of timestamp.
-     *
-     * @return timestamp
-     */
     public long getTimestamp() {
         return timestamp;
     }
 
-    /**
-     * Getter of level.
-     *
-     * @return level
-     */
-    public String getLevel() {
+    public Level getLevel() {
         return level;
     }
 
-    /**
-     * Getter of tag.
-     *
-     * @return tag
-     */
     public String getTag() {
         return tag;
     }
 
-    /**
-     * Getter of message.
-     *
-     * @return message
-     */
     public String getMessage() {
         return message;
     }
diff --git a/docs-core/src/main/java/com/sismics/util/log4j/MemoryAppender.java b/docs-core/src/main/java/com/sismics/util/log4j/MemoryAppender.java
index e3aba0f7..5c3bd657 100644
--- a/docs-core/src/main/java/com/sismics/util/log4j/MemoryAppender.java
+++ b/docs-core/src/main/java/com/sismics/util/log4j/MemoryAppender.java
@@ -1,17 +1,19 @@
 package com.sismics.util.log4j;
 
-import com.google.common.collect.Lists;
-import com.sismics.docs.core.util.jpa.PaginatedList;
-import org.apache.log4j.AppenderSkeleton;
-import org.apache.log4j.helpers.LogLog;
-import org.apache.log4j.spi.LoggingEvent;
-
 import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Queue;
 import java.util.concurrent.ConcurrentLinkedQueue;
 
+import org.apache.log4j.AppenderSkeleton;
+import org.apache.log4j.Level;
+import org.apache.log4j.helpers.LogLog;
+import org.apache.log4j.spi.LoggingEvent;
+
+import com.google.common.collect.Lists;
+import com.sismics.docs.core.util.jpa.PaginatedList;
+
 /**
  * Memory appender for Log4J.
  *
@@ -54,7 +56,7 @@ public class MemoryAppender extends AppenderSkeleton {
         
         String loggerName = getLoggerName(event);
 
-        LogEntry logEntry = new LogEntry(System.currentTimeMillis(), event.getLevel().toString(), loggerName, event.getMessage().toString());
+        LogEntry logEntry = new LogEntry(System.currentTimeMillis(), event.getLevel(), loggerName, event.getMessage().toString());
         logQueue.add(logEntry);
     }
 
@@ -98,13 +100,13 @@ public class MemoryAppender extends AppenderSkeleton {
      */
     public void find(LogCriteria criteria, PaginatedList<LogEntry> list) {
         List<LogEntry> logEntryList = new LinkedList<LogEntry>();
-        final String level = criteria.getLevel();
+        final Level minLevel = criteria.getMinLevel();
         final String tag = criteria.getTag();
         final String message = criteria.getMessage();
         int resultCount = 0;
         for (Iterator<LogEntry> it = logQueue.iterator(); it.hasNext();) {
             LogEntry logEntry = it.next();
-            if ((level == null || logEntry.getLevel().toLowerCase().equals(level)) &&
+            if ((minLevel == null ||  Integer.compare(logEntry.getLevel().toInt(), minLevel.toInt()) >= 0) &&
                     (tag == null || logEntry.getTag().toLowerCase().equals(tag)) &&
                     (message == null || logEntry.getMessage().toLowerCase().contains(message))) {
                 logEntryList.add(logEntry);
diff --git a/docs-core/src/main/resources/config.properties b/docs-core/src/main/resources/config.properties
index cff11a73..fda5dfd0 100644
--- a/docs-core/src/main/resources/config.properties
+++ b/docs-core/src/main/resources/config.properties
@@ -1 +1 @@
-db.version=6
\ No newline at end of file
+db.version=8
\ No newline at end of file
diff --git a/docs-core/src/main/resources/db/update/dbupdate-007-0.sql b/docs-core/src/main/resources/db/update/dbupdate-007-0.sql
new file mode 100644
index 00000000..4a6b36ec
--- /dev/null
+++ b/docs-core/src/main/resources/db/update/dbupdate-007-0.sql
@@ -0,0 +1,3 @@
+create cached table T_RELATION ( REL_ID_C varchar(36) not null, REL_IDDOCFROM_C varchar(36) not null, REL_IDDOCTO_C varchar(36) not null, REL_DELETEDATE_D datetime, primary key (REL_ID_C) );
+
+update T_CONFIG set CFG_VALUE_C = '7' where CFG_ID_C = 'DB_VERSION';
diff --git a/docs-core/src/main/resources/db/update/dbupdate-008-0.sql b/docs-core/src/main/resources/db/update/dbupdate-008-0.sql
new file mode 100644
index 00000000..7b433108
--- /dev/null
+++ b/docs-core/src/main/resources/db/update/dbupdate-008-0.sql
@@ -0,0 +1,7 @@
+create memory table T_GROUP ( GRP_ID_C varchar(36) not null, GRP_IDPARENT_C varchar(36), GRP_NAME_C varchar(50) not null, GRP_IDROLE_C varchar(36), GRP_DELETEDATE_D datetime, primary key (GRP_ID_C) );
+create memory table T_USER_GROUP ( UGP_ID_C varchar(36) not null, UGP_IDUSER_C varchar(36) not null, UGP_IDGROUP_C varchar(36) not null, UGP_DELETEDATE_D datetime, primary key (UGP_ID_C) );
+
+insert into T_GROUP(GRP_ID_C, GRP_NAME_C, GRP_IDROLE_C) values('administrators', 'administrators', 'admin');
+insert into T_USER_GROUP(UGP_ID_C, UGP_IDUSER_C, UGP_IDGROUP_C) values('admin-administrators', 'admin', 'administrators');
+
+update T_CONFIG set CFG_VALUE_C = '8' where CFG_ID_C = 'DB_VERSION';
diff --git a/docs-core/src/test/java/com/sismics/docs/core/util/TestFileUtil.java b/docs-core/src/test/java/com/sismics/docs/core/util/TestFileUtil.java
index 7e04aaf2..bf3bb1de 100644
--- a/docs-core/src/test/java/com/sismics/docs/core/util/TestFileUtil.java
+++ b/docs-core/src/test/java/com/sismics/docs/core/util/TestFileUtil.java
@@ -3,16 +3,18 @@ package com.sismics.docs.core.util;
 import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.StandardCopyOption;
+import java.util.Date;
 
+import org.junit.Assert;
 import org.junit.Test;
 
 import com.google.common.collect.Lists;
+import com.google.common.io.ByteStreams;
 import com.google.common.io.Resources;
+import com.sismics.docs.core.dao.jpa.dto.DocumentDto;
 import com.sismics.docs.core.model.jpa.File;
 import com.sismics.util.mime.MimeType;
 
-import org.junit.Assert;
-
 /**
  * Test of the file entity utilities.
  * 
@@ -50,6 +52,21 @@ public class TestFileUtil {
                 InputStream inputStream2 = Resources.getResource("file/udhr_encrypted.pdf").openStream();
                 InputStream inputStream3 = Resources.getResource("file/document.docx").openStream();
                 InputStream inputStream4 = Resources.getResource("file/document.odt").openStream()) {
+            // Document
+            DocumentDto documentDto = new DocumentDto();
+            documentDto.setTitle("My super document 1");
+            documentDto.setDescription("Lorem ipsum dolor sit amet, consectetur adipiscing elit. Duis id turpis iaculis, commodo est ac, efficitur quam. Nam accumsan magna in orci vulputate ultricies. Sed vulputate neque magna, at laoreet leo ultricies vel. Proin eu hendrerit felis. Quisque sit amet arcu efficitur, pulvinar orci sed, imperdiet elit. Nunc posuere ex sed fermentum congue. Aliquam ultrices convallis finibus. Praesent iaculis justo vitae dictum auctor. Praesent suscipit imperdiet erat ac maximus. Aenean pharetra quam sed fermentum commodo. Donec sagittis ipsum nibh, id congue dolor venenatis quis. In tincidunt nisl non ex sollicitudin, a imperdiet neque scelerisque. Nullam lacinia ac orci sed faucibus. Donec tincidunt venenatis justo, nec fermentum justo rutrum a.");
+            documentDto.setSubject("A set of random picture");
+            documentDto.setIdentifier("ID-2016-08-00001");
+            documentDto.setPublisher("My Publisher, Inc.");
+            documentDto.setFormat("A4 standard ISO format");
+            documentDto.setType("Image");
+            documentDto.setCoverage("France");
+            documentDto.setRights("Public Domain");
+            documentDto.setLanguage("en");
+            documentDto.setCreator("user1");
+            documentDto.setCreateTimestamp(new Date().getTime());
+            
             // First file
             Files.copy(inputStream0, DirectoryUtil.getStorageDirectory().resolve("apollo_landscape"), StandardCopyOption.REPLACE_EXISTING);
             File file0 = new File();
@@ -81,7 +98,9 @@ public class TestFileUtil {
             file4.setId("document_odt");
             file4.setMimeType(MimeType.OPEN_DOCUMENT_TEXT);
             
-            PdfUtil.convertToPdf(Lists.newArrayList(file0, file1, file2, file3, file4), true, 10).close();
+            try (InputStream pdfInputStream = PdfUtil.convertToPdf(documentDto, Lists.newArrayList(file0, file1, file2, file3, file4), true, true, 10)) {
+                ByteStreams.copy(pdfInputStream, System.out);
+            }
         }
     }
 }
diff --git a/docs-parent/pom.xml b/docs-parent/pom.xml
index c90ce97c..3db35ad8 100644
--- a/docs-parent/pom.xml
+++ b/docs-parent/pom.xml
@@ -26,14 +26,14 @@
     <org.slf4j.jcl-over-slf4j.version>1.6.6</org.slf4j.jcl-over-slf4j.version>
     <junit.junit.version>4.12</junit.junit.version>
     <com.h2database.h2.version>1.4.191</com.h2database.h2.version>
-    <org.glassfish.jersey.version>2.22.1</org.glassfish.jersey.version>
+    <org.glassfish.jersey.version>2.22.2</org.glassfish.jersey.version>
     <org.mindrot.jbcrypt>0.3m</org.mindrot.jbcrypt>
     <org.apache.lucene.version>5.5.0</org.apache.lucene.version>
     <org.imgscalr.imgscalr-lib.version>4.2</org.imgscalr.imgscalr-lib.version>
     <org.apache.pdfbox.pdfbox.version>2.0.0-RC3</org.apache.pdfbox.pdfbox.version>
     <org.bouncycastle.bcprov-jdk15on.version>1.54</org.bouncycastle.bcprov-jdk15on.version>
-    <joda-time.joda-time.version>2.9.1</joda-time.joda-time.version>
-    <org.hibernate.hibernate.version>5.0.7.Final</org.hibernate.hibernate.version>
+    <joda-time.joda-time.version>2.9.2</joda-time.joda-time.version>
+    <org.hibernate.hibernate.version>5.1.0.Final</org.hibernate.hibernate.version>
     <javax.servlet.javax.servlet-api.version>3.1.0</javax.servlet.javax.servlet-api.version>
     <fr.opensagres.xdocreport.version>1.0.5</fr.opensagres.xdocreport.version>
     <net.java.dev.jna.jna.version>4.2.1</net.java.dev.jna.jna.version>
diff --git a/docs-web-common/src/main/java/com/sismics/security/AnonymousPrincipal.java b/docs-web-common/src/main/java/com/sismics/security/AnonymousPrincipal.java
index b6c6911c..5becb3ab 100644
--- a/docs-web-common/src/main/java/com/sismics/security/AnonymousPrincipal.java
+++ b/docs-web-common/src/main/java/com/sismics/security/AnonymousPrincipal.java
@@ -1,7 +1,11 @@
 package com.sismics.security;
 
+import java.util.Set;
+
 import org.joda.time.DateTimeZone;
 
+import jersey.repackaged.com.google.common.collect.Sets;
+
 /**
  * Anonymous principal.
  * 
@@ -47,12 +51,12 @@ public class AnonymousPrincipal implements IPrincipal {
         return null;
     }
     
-    /**
-     * Setter of dateTimeZone.
-     *
-     * @param dateTimeZone dateTimeZone
-     */
     public void setDateTimeZone(DateTimeZone dateTimeZone) {
         this.dateTimeZone = dateTimeZone;
     }
+
+    @Override
+    public Set<String> getGroupIdSet() {
+        return Sets.newHashSet();
+    }
 }
diff --git a/docs-web-common/src/main/java/com/sismics/security/IPrincipal.java b/docs-web-common/src/main/java/com/sismics/security/IPrincipal.java
index 1b18eb49..3129f363 100644
--- a/docs-web-common/src/main/java/com/sismics/security/IPrincipal.java
+++ b/docs-web-common/src/main/java/com/sismics/security/IPrincipal.java
@@ -1,6 +1,7 @@
 package com.sismics.security;
 
 import java.security.Principal;
+import java.util.Set;
 
 import org.joda.time.DateTimeZone;
 
@@ -24,6 +25,14 @@ public interface IPrincipal extends Principal {
      */
     public String getId();
     
+    /**
+     * Returns the list of group ID of the connected user,
+     * or an empty list if the user is anonymous.
+     * 
+     * @return List of group ID
+     */
+    public Set<String> getGroupIdSet();
+    
     /**
      * Returns the timezone of the principal.
      *
diff --git a/docs-web-common/src/main/java/com/sismics/security/UserPrincipal.java b/docs-web-common/src/main/java/com/sismics/security/UserPrincipal.java
index a660189a..bfef8fe3 100644
--- a/docs-web-common/src/main/java/com/sismics/security/UserPrincipal.java
+++ b/docs-web-common/src/main/java/com/sismics/security/UserPrincipal.java
@@ -35,6 +35,11 @@ public class UserPrincipal implements IPrincipal {
      */
     private Set<String> baseFunctionSet;
     
+    /**
+     * User groups.
+     */
+    private Set<String> groupIdSet;
+    
     /**
      * Constructor of UserPrincipal.
      * 
@@ -56,11 +61,6 @@ public class UserPrincipal implements IPrincipal {
         return id;
     }
 
-    /**
-     * Setter of id.
-     *
-     * @param id id
-     */
     public void setId(String id) {
         this.id = id;
     }
@@ -70,11 +70,6 @@ public class UserPrincipal implements IPrincipal {
         return name;
     }
 
-    /**
-     * Setter of name.
-     *
-     * @param name name
-     */
     public void setName(String name) {
         this.name = name;
     }
@@ -84,11 +79,6 @@ public class UserPrincipal implements IPrincipal {
         return dateTimeZone;
     }
 
-    /**
-     * Setter of dateTimeZone.
-     *
-     * @param dateTimeZone dateTimeZone
-     */
     public void setDateTimeZone(DateTimeZone dateTimeZone) {
         this.dateTimeZone = dateTimeZone;
     }
@@ -98,31 +88,24 @@ public class UserPrincipal implements IPrincipal {
         return email;
     }
     
-    /**
-     * Setter of email.
-     *
-     * @param email email
-     */
     public void setEmail(String email) {
         this.email = email;
     }
 
-    /**
-     * Getter of baseFunctionSet.
-     *
-     * @return baseFunctionSet
-     */
     public Set<String> getBaseFunctionSet() {
         return baseFunctionSet;
     }
 
-    /**
-     * Setter of baseFunctionSet.
-     *
-     * @param baseFunctionSet baseFunctionSet
-     */
     public void setBaseFunctionSet(Set<String> baseFunctionSet) {
         this.baseFunctionSet = baseFunctionSet;
     }
 
+    @Override
+    public Set<String> getGroupIdSet() {
+        return groupIdSet;
+    }
+    
+    public void setGroupIdSet(Set<String> groupIdSet) {
+        this.groupIdSet = groupIdSet;
+    }
 }
diff --git a/docs-web-common/src/main/java/com/sismics/util/filter/TokenBasedSecurityFilter.java b/docs-web-common/src/main/java/com/sismics/util/filter/TokenBasedSecurityFilter.java
index 2e65cc9a..f1ba671d 100644
--- a/docs-web-common/src/main/java/com/sismics/util/filter/TokenBasedSecurityFilter.java
+++ b/docs-web-common/src/main/java/com/sismics/util/filter/TokenBasedSecurityFilter.java
@@ -3,6 +3,8 @@ package com.sismics.util.filter;
 import java.io.IOException;
 import java.text.MessageFormat;
 import java.util.Date;
+import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 
 import javax.servlet.Filter;
@@ -20,18 +22,22 @@ import org.slf4j.LoggerFactory;
 
 import com.sismics.docs.core.constant.Constants;
 import com.sismics.docs.core.dao.jpa.AuthenticationTokenDao;
+import com.sismics.docs.core.dao.jpa.GroupDao;
 import com.sismics.docs.core.dao.jpa.RoleBaseFunctionDao;
 import com.sismics.docs.core.dao.jpa.UserDao;
+import com.sismics.docs.core.dao.jpa.criteria.GroupCriteria;
+import com.sismics.docs.core.dao.jpa.dto.GroupDto;
 import com.sismics.docs.core.model.jpa.AuthenticationToken;
 import com.sismics.docs.core.model.jpa.User;
-import com.sismics.docs.core.util.TransactionUtil;
 import com.sismics.security.AnonymousPrincipal;
 import com.sismics.security.UserPrincipal;
 
+import jersey.repackaged.com.google.common.collect.Sets;
+
 /**
  * This filter is used to authenticate the user having an active session via an authentication token stored in database.
  * The filter extracts the authentication token stored in a cookie.
- * If the ocokie exists and the token is valid, the filter injects a UserPrincipal into a request attribute.
+ * If the cookie exists and the token is valid, the filter injects a UserPrincipal into a request attribute.
  * If not, the user is anonymous, and the filter injects a AnonymousPrincipal into the request attribute.
  *
  * @author jtremeaux
@@ -113,10 +119,6 @@ public class TokenBasedSecurityFilter implements Filter {
                 User user = userDao.getById(authenticationToken.getUserId());
                 if (user != null && user.getDeleteDate() == null) {
                     injectAuthenticatedUser(request, user);
-                    
-                    // Update the last connection date
-                    authenticationTokenDao.updateLastConnectionDate(authenticationToken.getId());
-                    TransactionUtil.commit();
                 } else {
                     injectAnonymousUser(request);
                 }
@@ -153,9 +155,25 @@ public class TokenBasedSecurityFilter implements Filter {
     private void injectAuthenticatedUser(HttpServletRequest request, User user) {
         UserPrincipal userPrincipal = new UserPrincipal(user.getId(), user.getUsername());
 
+        // Add groups
+        GroupDao groupDao = new GroupDao();
+        Set<String> groupRoleIdSet = new HashSet<>();
+        List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria()
+                .setUserId(user.getId())
+                .setRecursive(true), null);
+        Set<String> groupIdSet = Sets.newHashSet();
+        for (GroupDto groupDto : groupDtoList) {
+            groupIdSet.add(groupDto.getId());
+            if (groupDto.getRoleId() != null) {
+                groupRoleIdSet.add(groupDto.getRoleId());
+            }
+        }
+        userPrincipal.setGroupIdSet(groupIdSet);
+        
         // Add base functions
+        groupRoleIdSet.add(user.getRoleId());
         RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao();
-        Set<String> baseFunctionSet = userBaseFuction.findByRoleId(user.getRoleId());
+        Set<String> baseFunctionSet = userBaseFuction.findByRoleId(groupRoleIdSet);
         userPrincipal.setBaseFunctionSet(baseFunctionSet);
         
         // Add email
diff --git a/docs-web-common/src/test/java/com/sismics/docs/rest/util/ClientUtil.java b/docs-web-common/src/test/java/com/sismics/docs/rest/util/ClientUtil.java
index 3f16562c..4c476265 100644
--- a/docs-web-common/src/test/java/com/sismics/docs/rest/util/ClientUtil.java
+++ b/docs-web-common/src/test/java/com/sismics/docs/rest/util/ClientUtil.java
@@ -31,22 +31,59 @@ public class ClientUtil {
      * 
      * @param username Username
      */
-    public void createUser(String username) {
+    public void createUser(String username, String... groupNameList) {
         // Login admin to create the user
-        String adminAuthenticationToken = login("admin", "admin", false);
+        String adminToken = login("admin", "admin", false);
         
         // Create the user
-        Form form = new Form();
-        form.param("username", username);
-        form.param("email", username + "@docs.com");
-        form.param("password", "12345678");
-        form.param("storage_quota", "1000000"); // 1MB quota
         resource.path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
-                .put(Entity.form(form), JsonObject.class);
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .put(Entity.form(new Form()
+                        .param("username", username)
+                        .param("email", username + "@docs.com")
+                        .param("password", "12345678")
+                        .param("storage_quota", "1000000")), JsonObject.class); // 1MB quota
+        
+        // Add to groups
+        for (String groupName : groupNameList) {
+            resource.path("/group/" + groupName).request()
+                    .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                    .put(Entity.form(new Form()
+                            .param("username", username)), JsonObject.class);
+        }
         
         // Logout admin
-        logout(adminAuthenticationToken);
+        logout(adminToken);
+    }
+    
+    /**
+     * Creates a group.
+     * 
+     * @param name Name
+     */
+    public void createGroup(String name) {
+        createGroup(name, null);
+    }
+    
+    /**
+     * Creates a group.
+     * 
+     * @param name Name
+     * @param parent Parent
+     */
+    public void createGroup(String name, String parentId) {
+        // Login admin to create the group
+        String adminToken = login("admin", "admin", false);
+        
+        // Create the gorup
+        resource.path("/group").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .put(Entity.form(new Form()
+                        .param("name", name)
+                        .param("parent", parentId)), JsonObject.class);
+        
+        // Logout admin
+        logout(adminToken);
     }
     
     /**
diff --git a/docs-web/src/dev/resources/config.properties b/docs-web/src/dev/resources/config.properties
index 6c2faf82..44ddb414 100644
--- a/docs-web/src/dev/resources/config.properties
+++ b/docs-web/src/dev/resources/config.properties
@@ -1,3 +1,3 @@
 api.current_version=${project.version}
 api.min_version=1.0
-db.version=6
\ No newline at end of file
+db.version=8
\ No newline at end of file
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/AclResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/AclResource.java
index 5c978d41..71afdf40 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/AclResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/AclResource.java
@@ -1,6 +1,7 @@
 package com.sismics.docs.rest.resource;
 
 import java.text.MessageFormat;
+import java.util.List;
 
 import javax.json.Json;
 import javax.json.JsonArrayBuilder;
@@ -14,18 +15,21 @@ import javax.ws.rs.PathParam;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Response;
 
+import com.google.common.collect.Lists;
 import com.sismics.docs.core.constant.AclTargetType;
 import com.sismics.docs.core.constant.PermType;
 import com.sismics.docs.core.dao.jpa.AclDao;
 import com.sismics.docs.core.dao.jpa.DocumentDao;
+import com.sismics.docs.core.dao.jpa.GroupDao;
 import com.sismics.docs.core.dao.jpa.UserDao;
+import com.sismics.docs.core.dao.jpa.criteria.GroupCriteria;
 import com.sismics.docs.core.dao.jpa.criteria.UserCriteria;
+import com.sismics.docs.core.dao.jpa.dto.GroupDto;
 import com.sismics.docs.core.dao.jpa.dto.UserDto;
 import com.sismics.docs.core.model.jpa.Acl;
 import com.sismics.docs.core.model.jpa.Document;
+import com.sismics.docs.core.model.jpa.Group;
 import com.sismics.docs.core.model.jpa.User;
-import com.sismics.docs.core.util.jpa.PaginatedList;
-import com.sismics.docs.core.util.jpa.PaginatedLists;
 import com.sismics.docs.core.util.jpa.SortCriteria;
 import com.sismics.rest.exception.ClientException;
 import com.sismics.rest.exception.ForbiddenClientException;
@@ -41,12 +45,17 @@ public class AclResource extends BaseResource {
     /**
      * Add an ACL.
      * 
+     * @param sourceId Source ID
+     * @param permStr Permission
+     * @param targetName Target name
+     * @param type ACL type
      * @return Response
      */
     @PUT
     public Response add(@FormParam("source") String sourceId,
             @FormParam("perm") String permStr,
-            @FormParam("username") String username) {
+            @FormParam("target") String targetName,
+            @FormParam("type") String typeStr) {
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
@@ -54,18 +63,39 @@ public class AclResource extends BaseResource {
         // Validate input
         ValidationUtil.validateRequired(sourceId, "source");
         PermType perm = PermType.valueOf(ValidationUtil.validateLength(permStr, "perm", 1, 30, false));
-        username = ValidationUtil.validateLength(username, "username", 1, 50, false);
+        AclTargetType type = AclTargetType.valueOf(ValidationUtil.validateLength(typeStr, "type", 1, 10, false));
+        targetName = ValidationUtil.validateLength(targetName, "target", 1, 50, false);
         
-        // Validate the target user
-        UserDao userDao = new UserDao();
-        User user = userDao.getActiveByUsername(username);
-        if (user == null) {
-            throw new ClientException("UserNotFound", MessageFormat.format("User not found: {0}", username));
+        // Search user or group
+        String targetId = null;
+        switch (type) {
+        case USER:
+            UserDao userDao = new UserDao();
+            User user = userDao.getActiveByUsername(targetName);
+            if (user != null) {
+                targetId = user.getId();
+            }
+            break;
+        case GROUP:
+            GroupDao groupDao = new GroupDao();
+            Group group = groupDao.getActiveByName(targetName);
+            if (group != null) {
+                targetId = group.getId();
+            }
+            break;
+        case SHARE:
+            // Share must use the Share REST resource
+            break;
+        }
+        
+        // Does a target has been found?
+        if (targetId == null) {
+            throw new ClientException("InvalidTarget", MessageFormat.format("This target does not exist: {0}", targetName));
         }
         
         // Check permission on the source by the principal
         AclDao aclDao = new AclDao();
-        if (!aclDao.checkPermission(sourceId, PermType.WRITE, principal.getId())) {
+        if (!aclDao.checkPermission(sourceId, PermType.WRITE, getTargetIdList(null))) {
             throw new ForbiddenClientException();
         }
         
@@ -73,18 +103,18 @@ public class AclResource extends BaseResource {
         Acl acl = new Acl();
         acl.setSourceId(sourceId);
         acl.setPerm(perm);
-        acl.setTargetId(user.getId());
+        acl.setTargetId(targetId);
         
         // Avoid duplicates
-        if (!aclDao.checkPermission(acl.getSourceId(), acl.getPerm(), acl.getTargetId())) {
+        if (!aclDao.checkPermission(acl.getSourceId(), acl.getPerm(), Lists.newArrayList(acl.getTargetId()))) {
             aclDao.create(acl, principal.getId());
             
             // Returns the ACL
             JsonObjectBuilder response = Json.createObjectBuilder()
                     .add("perm", acl.getPerm().name())
                     .add("id", acl.getTargetId())
-                    .add("name", user.getUsername())
-                    .add("type", AclTargetType.USER.name());
+                    .add("name", targetName)
+                    .add("type", type.name());
             return Response.ok().entity(response.build()).build();
         }
         
@@ -94,7 +124,9 @@ public class AclResource extends BaseResource {
     /**
      * Deletes an ACL.
      * 
-     * @param id ACL ID
+     * @param sourceId Source ID
+     * @param permStr Permission
+     * @param targetId Target ID
      * @return Response
      */
     @DELETE
@@ -114,7 +146,7 @@ public class AclResource extends BaseResource {
 
         // Check permission on the source by the principal
         AclDao aclDao = new AclDao();
-        if (!aclDao.checkPermission(sourceId, PermType.WRITE, principal.getId())) {
+        if (!aclDao.checkPermission(sourceId, PermType.WRITE, getTargetIdList(null))) {
             throw new ForbiddenClientException();
         }
         
@@ -153,18 +185,25 @@ public class AclResource extends BaseResource {
         // Search users
         UserDao userDao = new UserDao();
         JsonArrayBuilder users = Json.createArrayBuilder();
-        
-        PaginatedList<UserDto> paginatedList = PaginatedLists.create();
         SortCriteria sortCriteria = new SortCriteria(1, true);
-
-        userDao.findByCriteria(paginatedList, new UserCriteria().setSearch(search), sortCriteria);
-        for (UserDto userDto : paginatedList.getResultList()) {
+        List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setSearch(search), sortCriteria);
+        for (UserDto userDto : userDtoList) {
             users.add(Json.createObjectBuilder()
-                    .add("username", userDto.getUsername()));
+                    .add("name", userDto.getUsername()));
+        }
+        
+        // Search groups
+        GroupDao groupDao = new GroupDao();
+        JsonArrayBuilder groups = Json.createArrayBuilder();
+        List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria().setSearch(search), sortCriteria);
+        for (GroupDto groupDto : groupDtoList) {
+            groups.add(Json.createObjectBuilder()
+                    .add("name", groupDto.getName()));
         }
         
         JsonObjectBuilder response = Json.createObjectBuilder()
-                .add("users", users);
+                .add("users", users)
+                .add("groups", groups);
         return Response.ok().entity(response.build()).build();
     }
 }
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
index 4eb030c8..6aa342ac 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/AppResource.java
@@ -22,6 +22,7 @@ import javax.ws.rs.core.Response;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Appender;
+import org.apache.log4j.Level;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -81,7 +82,7 @@ public class AppResource extends BaseResource {
     /**
      * Retrieve the application logs.
      * 
-     * @param level Filter on logging level
+     * @param minLevel Filter on logging level
      * @param tag Filter on logger name / tag
      * @param message Filter on message
      * @param limit Page limit
@@ -91,7 +92,7 @@ public class AppResource extends BaseResource {
     @GET
     @Path("log")
     public Response log(
-            @QueryParam("level") String level,
+            @QueryParam("level") String minLevel,
             @QueryParam("tag") String tag,
             @QueryParam("message") String message,
             @QueryParam("limit") Integer limit,
@@ -99,8 +100,6 @@ public class AppResource extends BaseResource {
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
-        // TODO Change level by minLevel (returns all logs above)
-
         // Get the memory appender
         org.apache.log4j.Logger logger = org.apache.log4j.Logger.getRootLogger();
         Appender appender = logger.getAppender("MEMORY");
@@ -110,10 +109,10 @@ public class AppResource extends BaseResource {
         MemoryAppender memoryAppender = (MemoryAppender) appender;
         
         // Find the logs
-        LogCriteria logCriteria = new LogCriteria();
-        logCriteria.setLevel(StringUtils.stripToNull(level));
-        logCriteria.setTag(StringUtils.stripToNull(tag));
-        logCriteria.setMessage(StringUtils.stripToNull(message));
+        LogCriteria logCriteria = new LogCriteria()
+                .setMinLevel(Level.toLevel(StringUtils.stripToNull(minLevel)))
+                .setTag(StringUtils.stripToNull(tag))
+                .setMessage(StringUtils.stripToNull(message));
         
         PaginatedList<LogEntry> paginatedList = PaginatedLists.create(limit, offset);
         memoryAppender.find(logCriteria, paginatedList);
@@ -121,7 +120,7 @@ public class AppResource extends BaseResource {
         for (LogEntry logEntry : paginatedList.getResultList()) {
             logs.add(Json.createObjectBuilder()
                     .add("date", logEntry.getTimestamp())
-                    .add("level", logEntry.getLevel())
+                    .add("level", logEntry.getLevel().toString())
                     .add("tag", logEntry.getTag())
                     .add("message", logEntry.getMessage()));
         }
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/AuditLogResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/AuditLogResource.java
index 8aa4ac24..2d42e01e 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/AuditLogResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/AuditLogResource.java
@@ -9,6 +9,7 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 
+import com.google.common.base.Strings;
 import com.sismics.docs.core.constant.PermType;
 import com.sismics.docs.core.dao.jpa.AclDao;
 import com.sismics.docs.core.dao.jpa.AuditLogDao;
@@ -18,7 +19,6 @@ import com.sismics.docs.core.util.jpa.PaginatedList;
 import com.sismics.docs.core.util.jpa.PaginatedLists;
 import com.sismics.docs.core.util.jpa.SortCriteria;
 import com.sismics.rest.exception.ForbiddenClientException;
-import com.sismics.rest.exception.ServerException;
 import com.sismics.rest.util.JsonUtil;
 
 /**
@@ -43,25 +43,21 @@ public class AuditLogResource extends BaseResource {
         PaginatedList<AuditLogDto> paginatedList = PaginatedLists.create(20, 0);
         SortCriteria sortCriteria = new SortCriteria(1, false);
         AuditLogCriteria criteria = new AuditLogCriteria();
-        if (documentId == null) {
+        if (Strings.isNullOrEmpty(documentId)) {
             // Search logs for a user
             criteria.setUserId(principal.getId());
         } else {
             // Check ACL on the document
             AclDao aclDao = new AclDao();
-            if (!aclDao.checkPermission(documentId, PermType.READ, principal.getId())) {
+            if (!aclDao.checkPermission(documentId, PermType.READ, getTargetIdList(null))) {
                 return Response.status(Status.NOT_FOUND).build();
             }
             criteria.setDocumentId(documentId);
         }
         
         // Search the logs
-        try {
-            AuditLogDao auditLogDao = new AuditLogDao();
-            auditLogDao.findByCriteria(paginatedList, criteria, sortCriteria);
-        } catch (Exception e) {
-            throw new ServerException("SearchError", "Error searching in logs", e);
-        }
+        AuditLogDao auditLogDao = new AuditLogDao();
+        auditLogDao.findByCriteria(paginatedList, criteria, sortCriteria);
         
         // Assemble the results
         JsonArrayBuilder logs = Json.createArrayBuilder();
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/BaseResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/BaseResource.java
index f6230bb8..f7e607a0 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/BaseResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/BaseResource.java
@@ -1,12 +1,14 @@
 package com.sismics.docs.rest.resource;
 
 import java.security.Principal;
+import java.util.List;
 import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 
+import com.google.common.collect.Lists;
 import com.sismics.docs.rest.constant.BaseFunction;
 import com.sismics.rest.exception.ForbiddenClientException;
 import com.sismics.security.IPrincipal;
@@ -77,4 +79,21 @@ public abstract class BaseResource {
         Set<String> baseFunctionSet = ((UserPrincipal) principal).getBaseFunctionSet();
         return baseFunctionSet != null && baseFunctionSet.contains(baseFunction.name());
     }
+    
+    /**
+     * Returns a list of ACL target ID.
+     * 
+     * @param shareId Share ID (optional)
+     * @return List of ACL target ID
+     */
+    protected List<String> getTargetIdList(String shareId) {
+        List<String> targetIdList = Lists.newArrayList(principal.getGroupIdSet());
+        if (principal.getId() != null) {
+            targetIdList.add(principal.getId());
+        }
+        if (shareId != null) {
+            targetIdList.add(shareId);
+        }
+        return targetIdList;
+    }
 }
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/CommentResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/CommentResource.java
index 28dc162d..26a1881f 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/CommentResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/CommentResource.java
@@ -51,7 +51,7 @@ public class CommentResource extends BaseResource {
         
         // Read access on doc gives access to write comments 
         DocumentDao documentDao = new DocumentDao();
-        if (documentDao.getDocument(documentId, PermType.READ, principal.getId()) == null) {
+        if (documentDao.getDocument(documentId, PermType.READ, getTargetIdList(null)) == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
         
@@ -97,7 +97,7 @@ public class CommentResource extends BaseResource {
         if (!comment.getUserId().equals(principal.getId())) {
             // Get the associated document
             DocumentDao documentDao = new DocumentDao();
-            if (documentDao.getDocument(comment.getDocumentId(), PermType.WRITE, principal.getId()) == null) {
+            if (documentDao.getDocument(comment.getDocumentId(), PermType.WRITE, getTargetIdList(null)) == null) {
                 return Response.status(Status.NOT_FOUND).build();
             }
         }
@@ -125,7 +125,7 @@ public class CommentResource extends BaseResource {
         
         // Read access on doc gives access to read comments 
         DocumentDao documentDao = new DocumentDao();
-        if (documentDao.getDocument(documentId, PermType.READ, shareId == null ? principal.getId() : shareId) == null) {
+        if (documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId)) == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
         
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java
index 1559c504..0f9d21de 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/DocumentResource.java
@@ -27,7 +27,6 @@ import javax.ws.rs.core.Response;
 import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.core.StreamingOutput;
 
-import org.apache.commons.lang.StringUtils;
 import org.joda.time.DateTime;
 import org.joda.time.format.DateTimeFormat;
 import org.joda.time.format.DateTimeFormatter;
@@ -43,12 +42,14 @@ import com.sismics.docs.core.dao.jpa.AclDao;
 import com.sismics.docs.core.dao.jpa.ContributorDao;
 import com.sismics.docs.core.dao.jpa.DocumentDao;
 import com.sismics.docs.core.dao.jpa.FileDao;
+import com.sismics.docs.core.dao.jpa.RelationDao;
 import com.sismics.docs.core.dao.jpa.TagDao;
 import com.sismics.docs.core.dao.jpa.UserDao;
 import com.sismics.docs.core.dao.jpa.criteria.DocumentCriteria;
 import com.sismics.docs.core.dao.jpa.dto.AclDto;
 import com.sismics.docs.core.dao.jpa.dto.ContributorDto;
 import com.sismics.docs.core.dao.jpa.dto.DocumentDto;
+import com.sismics.docs.core.dao.jpa.dto.RelationDto;
 import com.sismics.docs.core.dao.jpa.dto.TagDto;
 import com.sismics.docs.core.event.DocumentCreatedAsyncEvent;
 import com.sismics.docs.core.event.DocumentDeletedAsyncEvent;
@@ -93,16 +94,11 @@ public class DocumentResource extends BaseResource {
         
         DocumentDao documentDao = new DocumentDao();
         AclDao aclDao = new AclDao();
-        DocumentDto documentDto = documentDao.getDocument(documentId);
+        DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId));
         if (documentDto == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
             
-        // Check document visibility
-        if (!aclDao.checkPermission(documentId, PermType.READ, shareId == null ? principal.getId() : shareId)) {
-            throw new ForbiddenClientException();
-        }
-
         JsonObjectBuilder document = Json.createObjectBuilder()
                 .add("id", documentDto.getId())
                 .add("title", documentDto.getTitle())
@@ -152,7 +148,8 @@ public class DocumentResource extends BaseResource {
                     .add("type", aclDto.getTargetType()));
             
             if (!principal.isAnonymous()
-                    && aclDto.getTargetId().equals(principal.getId())
+                    && (aclDto.getTargetId().equals(principal.getId())
+                            || principal.getGroupIdSet().contains(aclDto.getTargetId()))
                     && aclDto.getPerm() == PermType.WRITE) {
                 // The document is writable for the current user
                 writable = true;
@@ -172,6 +169,18 @@ public class DocumentResource extends BaseResource {
         }
         document.add("contributors", contributorList);
         
+        // Add relations
+        RelationDao relationDao = new RelationDao();
+        List<RelationDto> relationDtoList = relationDao.getByDocumentId(documentId);
+        JsonArrayBuilder relationList = Json.createArrayBuilder();
+        for (RelationDto relationDto : relationDtoList) {
+            relationList.add(Json.createObjectBuilder()
+                    .add("id", relationDto.getId())
+                    .add("title", relationDto.getTitle())
+                    .add("source", relationDto.isSource()));
+        }
+        document.add("relations", relationList);
+        
         return Response.ok().entity(document.build()).build();
     }
     
@@ -186,8 +195,8 @@ public class DocumentResource extends BaseResource {
     public Response getPdf(
             @PathParam("id") String documentId,
             @QueryParam("share") String shareId,
-            @QueryParam("metadata") Boolean metadata,
-            @QueryParam("comments") Boolean comments,
+            final @QueryParam("metadata") Boolean metadata,
+            final @QueryParam("comments") Boolean comments,
             final @QueryParam("fitimagetopage") Boolean fitImageToPage,
             @QueryParam("margin") String marginStr) {
         authenticate();
@@ -197,8 +206,8 @@ public class DocumentResource extends BaseResource {
         
         // Get document and check read permission
         DocumentDao documentDao = new DocumentDao();
-        Document document = documentDao.getDocument(documentId, PermType.READ, shareId == null ? principal.getId() : shareId);
-        if (document == null) {
+        final DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId));
+        if (documentDto == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
         
@@ -217,7 +226,7 @@ public class DocumentResource extends BaseResource {
         StreamingOutput stream = new StreamingOutput() {
             @Override
             public void write(OutputStream outputStream) throws IOException, WebApplicationException {
-                try (InputStream inputStream = PdfUtil.convertToPdf(fileList, fitImageToPage, margin)) {
+                try (InputStream inputStream = PdfUtil.convertToPdf(documentDto, fileList, fitImageToPage, metadata, margin)) {
                     ByteStreams.copy(inputStream, outputStream);
                 } catch (Exception e) {
                     throw new IOException(e);
@@ -229,7 +238,7 @@ public class DocumentResource extends BaseResource {
 
         return Response.ok(stream)
                 .header("Content-Type", MimeType.APPLICATION_PDF)
-                .header("Content-Disposition", "inline; filename=\"" + document.getTitle() + ".pdf\"")
+                .header("Content-Disposition", "inline; filename=\"" + documentDto.getTitle() + ".pdf\"")
                 .build();
     }
     
@@ -260,7 +269,7 @@ public class DocumentResource extends BaseResource {
         PaginatedList<DocumentDto> paginatedList = PaginatedLists.create(limit, offset);
         SortCriteria sortCriteria = new SortCriteria(sortColumn, asc);
         DocumentCriteria documentCriteria = parseSearchQuery(search);
-        documentCriteria.setUserId(principal.getId());
+        documentCriteria.setTargetIdList(getTargetIdList(null));
         try {
             documentDao.findByCriteria(paginatedList, documentCriteria, sortCriteria);
         } catch (Exception e) {
@@ -430,6 +439,7 @@ public class DocumentResource extends BaseResource {
             @FormParam("coverage") String coverage,
             @FormParam("rights") String rights,
             @FormParam("tags") List<String> tagList,
+            @FormParam("relations") List<String> relationList,
             @FormParam("language") String language,
             @FormParam("create_date") String createDateStr) {
         if (!authenticate()) {
@@ -493,6 +503,9 @@ public class DocumentResource extends BaseResource {
         // Update tags
         updateTagList(documentId, tagList);
         
+        // Update relations
+        updateRelationList(documentId, relationList);
+        
         // Raise a document created event
         DocumentCreatedAsyncEvent documentCreatedAsyncEvent = new DocumentCreatedAsyncEvent();
         documentCreatedAsyncEvent.setUserId(principal.getId());
@@ -526,6 +539,7 @@ public class DocumentResource extends BaseResource {
             @FormParam("coverage") String coverage,
             @FormParam("rights") String rights,
             @FormParam("tags") List<String> tagList,
+            @FormParam("relations") List<String> relationList,
             @FormParam("language") String language,
             @FormParam("create_date") String createDateStr) {
         if (!authenticate()) {
@@ -533,8 +547,8 @@ public class DocumentResource extends BaseResource {
         }
         
         // Validate input data
-        title = ValidationUtil.validateLength(title, "title", 1, 100, true);
-        language = ValidationUtil.validateLength(language, "language", 3, 3, true);
+        title = ValidationUtil.validateLength(title, "title", 1, 100, false);
+        language = ValidationUtil.validateLength(language, "language", 3, 3, false);
         description = ValidationUtil.validateLength(description, "description", 0, 4000, true);
         subject = ValidationUtil.validateLength(subject, "subject", 0, 500, true);
         identifier = ValidationUtil.validateLength(identifier, "identifier", 0, 500, true);
@@ -549,61 +563,49 @@ public class DocumentResource extends BaseResource {
             throw new ClientException("ValidationError", MessageFormat.format("{0} is not a supported language", language));
         }
         
+        // Check write permission
+        AclDao aclDao = new AclDao();
+        if (!aclDao.checkPermission(id, PermType.WRITE, getTargetIdList(null))) {
+            throw new ForbiddenClientException();
+        }
+        
         // Get the document
         DocumentDao documentDao = new DocumentDao();
-        Document document;
-        document = documentDao.getDocument(id, PermType.WRITE, principal.getId());
+        Document document = documentDao.getById(id);
         if (document == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
         
         // Update the document
-        if (!StringUtils.isEmpty(title)) {
-            document.setTitle(title);
-        }
-        if (!StringUtils.isEmpty(description)) {
-            document.setDescription(description);
-        }
-        if (!StringUtils.isEmpty(subject)) {
-            document.setSubject(subject);
-        }
-        if (!StringUtils.isEmpty(identifier)) {
-            document.setIdentifier(identifier);
-        }
-        if (!StringUtils.isEmpty(publisher)) {
-            document.setPublisher(publisher);
-        }
-        if (!StringUtils.isEmpty(format)) {
-            document.setFormat(format);
-        }
-        if (!StringUtils.isEmpty(source)) {
-            document.setSource(source);
-        }
-        if (!StringUtils.isEmpty(type)) {
-            document.setType(type);
-        }
-        if (!StringUtils.isEmpty(coverage)) {
-            document.setCoverage(coverage);
-        }
-        if (!StringUtils.isEmpty(rights)) {
-            document.setRights(rights);
-        }
-        if (createDate != null) {
+        document.setTitle(title);
+        document.setDescription(description);
+        document.setSubject(subject);
+        document.setIdentifier(identifier);
+        document.setPublisher(publisher);
+        document.setFormat(format);
+        document.setSource(source);
+        document.setType(type);
+        document.setCoverage(coverage);
+        document.setRights(rights);
+        document.setLanguage(language);
+        if (createDate == null) {
+            document.setCreateDate(new Date());
+        } else {
             document.setCreateDate(createDate);
         }
-        if (language != null) {
-            document.setLanguage(language);
-        }
         
         document = documentDao.update(document, principal.getId());
         
         // Update tags
         updateTagList(id, tagList);
         
-        // Raise a document updated event
+        // Update relations
+        updateRelationList(id, relationList);
+        
+        // Raise a document updated event (with the document to update Lucene)
         DocumentUpdatedAsyncEvent documentUpdatedAsyncEvent = new DocumentUpdatedAsyncEvent();
         documentUpdatedAsyncEvent.setUserId(principal.getId());
-        documentUpdatedAsyncEvent.setDocument(document);
+        documentUpdatedAsyncEvent.setDocumentId(id);
         AppContext.getInstance().getAsyncEventBus().post(documentUpdatedAsyncEvent);
         
         JsonObjectBuilder response = Json.createObjectBuilder()
@@ -636,6 +638,28 @@ public class DocumentResource extends BaseResource {
         }
     }
     
+    /**
+     * Update relations list on a document.
+     * 
+     * @param documentId Document ID
+     * @param relationList Relation ID list
+     */
+    private void updateRelationList(String documentId, List<String> relationList) {
+        if (relationList != null) {
+            DocumentDao documentDao = new DocumentDao();
+            RelationDao relationDao = new RelationDao();
+            Set<String> documentIdSet = new HashSet<>();
+            for (String targetDocId : relationList) {
+                // ACL are not checked, because the editing user is not forced to view the target document
+                Document document = documentDao.getById(targetDocId);
+                if (document != null && !documentId.equals(targetDocId)) {
+                    documentIdSet.add(targetDocId);
+                }
+            }
+            relationDao.updateRelationList(documentId, documentIdSet);
+        }
+    }
+    
     /**
      * Deletes a document.
      * 
@@ -653,14 +677,14 @@ public class DocumentResource extends BaseResource {
         // Get the document
         DocumentDao documentDao = new DocumentDao();
         FileDao fileDao = new FileDao();
-        Document document = documentDao.getDocument(id, PermType.WRITE, principal.getId());
-        List<File> fileList = fileDao.getByDocumentId(principal.getId(), id);
-        if (document == null) {
+        DocumentDto documentDto = documentDao.getDocument(id, PermType.WRITE, getTargetIdList(null));
+        if (documentDto == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
+        List<File> fileList = fileDao.getByDocumentId(principal.getId(), id);
         
         // Delete the document
-        documentDao.delete(document.getId(), principal.getId());
+        documentDao.delete(documentDto.getId(), principal.getId());
         
         // Raise file deleted events (don't bother sending document updated event)
         for (File file : fileList) {
@@ -673,7 +697,7 @@ public class DocumentResource extends BaseResource {
         // Raise a document deleted event
         DocumentDeletedAsyncEvent documentDeletedAsyncEvent = new DocumentDeletedAsyncEvent();
         documentDeletedAsyncEvent.setUserId(principal.getId());
-        documentDeletedAsyncEvent.setDocument(document);
+        documentDeletedAsyncEvent.setDocumentId(documentDto.getId());
         AppContext.getInstance().getAsyncEventBus().post(documentDeletedAsyncEvent);
         
         // Always return OK
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
index 4c97756c..084eb13b 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/FileResource.java
@@ -48,7 +48,6 @@ import com.sismics.docs.core.event.DocumentUpdatedAsyncEvent;
 import com.sismics.docs.core.event.FileCreatedAsyncEvent;
 import com.sismics.docs.core.event.FileDeletedAsyncEvent;
 import com.sismics.docs.core.model.context.AppContext;
-import com.sismics.docs.core.model.jpa.Document;
 import com.sismics.docs.core.model.jpa.File;
 import com.sismics.docs.core.model.jpa.User;
 import com.sismics.docs.core.util.DirectoryUtil;
@@ -94,13 +93,13 @@ public class FileResource extends BaseResource {
         User user = userDao.getById(principal.getId());
         
         // Get the document
-        Document document = null;
+        DocumentDto documentDto = null;
         if (Strings.isNullOrEmpty(documentId)) {
             documentId = null;
         } else {
             DocumentDao documentDao = new DocumentDao();
-            document = documentDao.getDocument(documentId, PermType.WRITE, principal.getId());
-            if (document == null) {
+            documentDto = documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null));
+            if (documentDto == null) {
                 return Response.status(Status.NOT_FOUND).build();
             }
         }
@@ -165,7 +164,7 @@ public class FileResource extends BaseResource {
             if (documentId != null) {
                 FileCreatedAsyncEvent fileCreatedAsyncEvent = new FileCreatedAsyncEvent();
                 fileCreatedAsyncEvent.setUserId(principal.getId());
-                fileCreatedAsyncEvent.setDocument(document);
+                fileCreatedAsyncEvent.setLanguage(documentDto.getLanguage());
                 fileCreatedAsyncEvent.setFile(file);
                 fileCreatedAsyncEvent.setInputStream(fileInputStream);
                 fileCreatedAsyncEvent.setPdfInputStream(pdfIntputStream);
@@ -173,7 +172,7 @@ public class FileResource extends BaseResource {
                 
                 DocumentUpdatedAsyncEvent documentUpdatedAsyncEvent = new DocumentUpdatedAsyncEvent();
                 documentUpdatedAsyncEvent.setUserId(principal.getId());
-                documentUpdatedAsyncEvent.setDocument(document);
+                documentUpdatedAsyncEvent.setDocumentId(documentId);
                 AppContext.getInstance().getAsyncEventBus().post(documentUpdatedAsyncEvent);
             }
 
@@ -214,8 +213,8 @@ public class FileResource extends BaseResource {
         DocumentDao documentDao = new DocumentDao();
         FileDao fileDao = new FileDao();
         File file = fileDao.getFile(id, principal.getId());
-        Document document = documentDao.getDocument(documentId, PermType.WRITE, principal.getId());
-        if (file == null || document == null) {
+        DocumentDto documentDto = documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null));
+        if (file == null || documentDto == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
         
@@ -236,14 +235,14 @@ public class FileResource extends BaseResource {
             final InputStream responseInputStream = EncryptionUtil.decryptInputStream(fileInputStream, user.getPrivateKey());
             FileCreatedAsyncEvent fileCreatedAsyncEvent = new FileCreatedAsyncEvent();
             fileCreatedAsyncEvent.setUserId(principal.getId());
-            fileCreatedAsyncEvent.setDocument(document);
+            fileCreatedAsyncEvent.setLanguage(documentDto.getLanguage());
             fileCreatedAsyncEvent.setFile(file);
             fileCreatedAsyncEvent.setInputStream(responseInputStream);
             AppContext.getInstance().getAsyncEventBus().post(fileCreatedAsyncEvent);
             
             DocumentUpdatedAsyncEvent documentUpdatedAsyncEvent = new DocumentUpdatedAsyncEvent();
             documentUpdatedAsyncEvent.setUserId(principal.getId());
-            documentUpdatedAsyncEvent.setDocument(document);
+            documentUpdatedAsyncEvent.setDocumentId(documentId);
             AppContext.getInstance().getAsyncEventBus().post(documentUpdatedAsyncEvent);
         } catch (Exception e) {
             throw new ClientException("AttachError", "Error attaching file to document", e);
@@ -277,7 +276,7 @@ public class FileResource extends BaseResource {
         
         // Get the document
         DocumentDao documentDao = new DocumentDao();
-        if (documentDao.getDocument(documentId, PermType.WRITE, principal.getId()) == null) {
+        if (documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null)) == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
         
@@ -313,7 +312,7 @@ public class FileResource extends BaseResource {
         // Check document visibility
         if (documentId != null) {
             AclDao aclDao = new AclDao();
-            if (!aclDao.checkPermission(documentId, PermType.READ, shareId == null ? principal.getId() : shareId)) {
+            if (!aclDao.checkPermission(documentId, PermType.READ, getTargetIdList(shareId))) {
                 return Response.status(Status.NOT_FOUND).build();
             }
         } else if (!authenticated) {
@@ -364,14 +363,14 @@ public class FileResource extends BaseResource {
             return Response.status(Status.NOT_FOUND).build();
         }
         
-        Document document = null;
+        DocumentDto documentDto = null;
         if (file.getDocumentId() == null) {
             // It's an orphan file
             if (!file.getUserId().equals(principal.getId())) {
                 // But not ours
                 throw new ForbiddenClientException();
             }
-        } else if ((document = documentDao.getDocument(file.getDocumentId(), PermType.WRITE, principal.getId())) == null) {
+        } else if ((documentDto = documentDao.getDocument(file.getDocumentId(), PermType.WRITE, getTargetIdList(null))) == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
         
@@ -395,11 +394,11 @@ public class FileResource extends BaseResource {
         fileDeletedAsyncEvent.setFile(file);
         AppContext.getInstance().getAsyncEventBus().post(fileDeletedAsyncEvent);
         
-        if (document != null) {
+        if (documentDto != null) {
             // Raise a new document updated
             DocumentUpdatedAsyncEvent documentUpdatedAsyncEvent = new DocumentUpdatedAsyncEvent();
             documentUpdatedAsyncEvent.setUserId(principal.getId());
-            documentUpdatedAsyncEvent.setDocument(document);
+            documentUpdatedAsyncEvent.setDocumentId(documentDto.getId());
             AppContext.getInstance().getAsyncEventBus().post(documentUpdatedAsyncEvent);
         }
         
@@ -446,7 +445,7 @@ public class FileResource extends BaseResource {
         } else {
             // Check document accessibility
             AclDao aclDao = new AclDao();
-            if (!aclDao.checkPermission(file.getDocumentId(), PermType.READ, shareId == null ? principal.getId() : shareId)) {
+            if (!aclDao.checkPermission(file.getDocumentId(), PermType.READ, getTargetIdList(shareId))) {
                 throw new ForbiddenClientException();
             }
         }
@@ -520,17 +519,11 @@ public class FileResource extends BaseResource {
         
         // Get the document
         DocumentDao documentDao = new DocumentDao();
-        DocumentDto documentDto = documentDao.getDocument(documentId);
+        DocumentDto documentDto = documentDao.getDocument(documentId, PermType.READ, getTargetIdList(shareId));
         if (documentDto == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
         
-        // Check document visibility
-        AclDao aclDao = new AclDao();
-        if (!aclDao.checkPermission(documentId, PermType.READ, shareId == null ? principal.getId() : shareId)) {
-            throw new ForbiddenClientException();
-        }
-        
         // Get files and user associated with this document
         FileDao fileDao = new FileDao();
         final UserDao userDao = new UserDao();
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java
new file mode 100644
index 00000000..8cf8c07c
--- /dev/null
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java
@@ -0,0 +1,342 @@
+package com.sismics.docs.rest.resource;
+
+import java.text.MessageFormat;
+import java.util.List;
+
+import javax.json.Json;
+import javax.json.JsonArrayBuilder;
+import javax.json.JsonObjectBuilder;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.FormParam;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+
+import com.google.common.base.Strings;
+import com.sismics.docs.core.dao.jpa.GroupDao;
+import com.sismics.docs.core.dao.jpa.UserDao;
+import com.sismics.docs.core.dao.jpa.criteria.GroupCriteria;
+import com.sismics.docs.core.dao.jpa.criteria.UserCriteria;
+import com.sismics.docs.core.dao.jpa.dto.GroupDto;
+import com.sismics.docs.core.dao.jpa.dto.UserDto;
+import com.sismics.docs.core.model.jpa.Group;
+import com.sismics.docs.core.model.jpa.User;
+import com.sismics.docs.core.model.jpa.UserGroup;
+import com.sismics.docs.core.util.jpa.SortCriteria;
+import com.sismics.docs.rest.constant.BaseFunction;
+import com.sismics.rest.exception.ClientException;
+import com.sismics.rest.exception.ForbiddenClientException;
+import com.sismics.rest.util.JsonUtil;
+import com.sismics.rest.util.ValidationUtil;
+
+/**
+ * Group REST resources.
+ * 
+ * @author bgamard
+ */
+@Path("/group")
+public class GroupResource extends BaseResource {
+    /**
+     * Add a group.
+     * 
+     * @return Response
+     */
+    @PUT
+    public Response add(@FormParam("parent") String parentName,
+            @FormParam("name") String name) {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        checkBaseFunction(BaseFunction.ADMIN);
+        
+        // Validate input
+        name = ValidationUtil.validateLength(name, "name", 1, 50, false);
+        ValidationUtil.validateAlphanumeric(name, "name");
+        
+        // Avoid duplicates
+        GroupDao groupDao = new GroupDao();
+        Group existingGroup = groupDao.getActiveByName(name);
+        if (existingGroup != null) {
+            throw new ClientException("GroupAlreadyExists", MessageFormat.format("This group already exists: {0}", name));
+        }
+        
+        // Validate parent
+        String parentId = null;
+        if (!Strings.isNullOrEmpty(parentName)) {
+            Group parentGroup = groupDao.getActiveByName(parentName);
+            if (parentGroup == null) {
+                throw new ClientException("ParentGroupNotFound", MessageFormat.format("This group does not exists: {0}", parentName));
+            }
+            parentId = parentGroup.getId();
+        }
+        
+        // Create the group
+        groupDao.create(new Group()
+                .setName(name)
+                .setParentId(parentId), principal.getId());
+        
+        // Always return OK
+        JsonObjectBuilder response = Json.createObjectBuilder()
+                .add("status", "ok");
+        return Response.ok().entity(response.build()).build();
+    }
+    
+    /**
+     * Update a group.
+     * 
+     * @return Response
+     */
+    @POST
+    @Path("{groupName: [a-zA-Z0-9_]+}")
+    public Response update(@PathParam("groupName") String groupName,
+            @FormParam("parent") String parentName,
+            @FormParam("name") String name) {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        checkBaseFunction(BaseFunction.ADMIN);
+        
+        // Validate input
+        name = ValidationUtil.validateLength(name, "name", 1, 50, false);
+        ValidationUtil.validateAlphanumeric(name, "name");
+        
+        // Get the group (by its old name)
+        GroupDao groupDao = new GroupDao();
+        Group group = groupDao.getActiveByName(groupName);
+        if (group == null) {
+            return Response.status(Status.NOT_FOUND).build();
+        }
+        
+        // Avoid duplicates
+        Group existingGroup = groupDao.getActiveByName(name);
+        if (existingGroup != null && existingGroup.getId() != group.getId()) {
+            throw new ClientException("GroupAlreadyExists", MessageFormat.format("This group already exists: {0}", name));
+        }
+        
+        // Validate parent
+        String parentId = null;
+        if (!Strings.isNullOrEmpty(parentName)) {
+            Group parentGroup = groupDao.getActiveByName(parentName);
+            if (parentGroup == null) {
+                throw new ClientException("ParentGroupNotFound", MessageFormat.format("This group does not exists: {0}", parentName));
+            }
+            parentId = parentGroup.getId();
+        }
+        
+        // Update the group
+        groupDao.update(group.setName(name)
+                .setParentId(parentId), principal.getId());
+        
+        // Always return OK
+        JsonObjectBuilder response = Json.createObjectBuilder()
+                .add("status", "ok");
+        return Response.ok().entity(response.build()).build();
+    }
+    
+    /**
+     * Delete a group.
+     * 
+     * @return Response
+     */
+    @DELETE
+    @Path("{groupName: [a-zA-Z0-9_]+}")
+    public Response delete(@PathParam("groupName") String groupName) {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        checkBaseFunction(BaseFunction.ADMIN);
+        
+        // Get the group
+        GroupDao groupDao = new GroupDao();
+        Group group = groupDao.getActiveByName(groupName);
+        if (group == null) {
+            return Response.status(Status.NOT_FOUND).build();
+        }
+        
+        // Delete the group
+        groupDao.delete(group.getId(), principal.getId());
+        
+        // Always return OK
+        JsonObjectBuilder response = Json.createObjectBuilder()
+                .add("status", "ok");
+        return Response.ok().entity(response.build()).build();
+    }
+    
+    /**
+     * Add a user to a group.
+     * 
+     * @param groupName Group name
+     * @param username Username
+     * @return Response
+     */
+    @PUT
+    @Path("{groupName: [a-zA-Z0-9_]+}")
+    public Response addMember(@PathParam("groupName") String groupName,
+            @FormParam("username") String username) {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        checkBaseFunction(BaseFunction.ADMIN);
+        
+        // Validate input
+        groupName = ValidationUtil.validateLength(groupName, "name", 1, 50, false);
+        username = ValidationUtil.validateLength(username, "username", 1, 50, false);
+        
+        // Get the group
+        GroupDao groupDao = new GroupDao();
+        Group group = groupDao.getActiveByName(groupName);
+        if (group == null) {
+            return Response.status(Status.NOT_FOUND).build();
+        }
+        
+        // Get the user
+        UserDao userDao = new UserDao();
+        User user = userDao.getActiveByUsername(username);
+        if (user == null) {
+            return Response.status(Status.NOT_FOUND).build();
+        }
+        
+        // Avoid duplicates
+        List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria().setUserId(user.getId()), null);
+        boolean found = false;
+        for (GroupDto groupDto : groupDtoList) {
+            if (groupDto.getId().equals(group.getId())) {
+                found = true;
+            }
+        }
+        
+        if (!found) {
+            // Add the membership
+            UserGroup userGroup = new UserGroup();
+            userGroup.setGroupId(group.getId());
+            userGroup.setUserId(user.getId());
+            groupDao.addMember(userGroup);
+        }
+        
+        // Always return OK
+        JsonObjectBuilder response = Json.createObjectBuilder()
+                .add("status", "ok");
+        return Response.ok().entity(response.build()).build();
+    }
+    
+    /**
+     * Remove an user from a group.
+     * 
+     * @param groupName Group name
+     * @param username Username
+     * @return Response
+     */
+    @DELETE
+    @Path("{groupName: [a-zA-Z0-9_]+}/{username: [a-zA-Z0-9_]+}")
+    public Response removeMember(@PathParam("groupName") String groupName,
+            @PathParam("username") String username) {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        checkBaseFunction(BaseFunction.ADMIN);
+        
+        // Validate input
+        groupName = ValidationUtil.validateLength(groupName, "name", 1, 50, false);
+        username = ValidationUtil.validateLength(username, "username", 1, 50, false);
+        
+        // Get the group
+        GroupDao groupDao = new GroupDao();
+        Group group = groupDao.getActiveByName(groupName);
+        if (group == null) {
+            return Response.status(Status.NOT_FOUND).build();
+        }
+        
+        // Get the user
+        UserDao userDao = new UserDao();
+        User user = userDao.getActiveByUsername(username);
+        if (user == null) {
+            return Response.status(Status.NOT_FOUND).build();
+        }
+        
+        // Remove the membership
+        groupDao.removeMember(group.getId(), user.getId());
+        
+        // Always return OK
+        JsonObjectBuilder response = Json.createObjectBuilder()
+                .add("status", "ok");
+        return Response.ok().entity(response.build()).build();
+    }
+    
+    /**
+     * Returns all active groups.
+     * 
+     * @param sortColumn Sort index
+     * @param asc If true, ascending sorting, else descending
+     * @return Response
+     */
+    @GET
+    public Response list(
+            @QueryParam("sort_column") Integer sortColumn,
+            @QueryParam("asc") Boolean asc) {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        
+        JsonArrayBuilder groups = Json.createArrayBuilder();
+        SortCriteria sortCriteria = new SortCriteria(sortColumn, asc);
+
+        GroupDao groupDao = new GroupDao();
+        List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria(), sortCriteria);
+        for (GroupDto groupDto : groupDtoList) {
+            groups.add(Json.createObjectBuilder()
+                    .add("name", groupDto.getName())
+                    .add("parent", JsonUtil.nullable(groupDto.getParentName())));
+        }
+        
+        JsonObjectBuilder response = Json.createObjectBuilder()
+                .add("groups", groups);
+        return Response.ok().entity(response.build()).build();
+    }
+    
+    /**
+     * Get a group.
+     * 
+     * @param groupName Group name
+     * @return Response
+     */
+    @GET
+    @Path("{groupName: [a-zA-Z0-9_]+}")
+    public Response get(@PathParam("groupName") String groupName) {
+        if (!authenticate()) {
+            throw new ForbiddenClientException();
+        }
+        
+        // Get the group
+        GroupDao groupDao = new GroupDao();
+        Group group = groupDao.getActiveByName(groupName);
+        if (group == null) {
+            return Response.status(Status.NOT_FOUND).build();
+        }
+        
+        // Build the response
+        JsonObjectBuilder response = Json.createObjectBuilder()
+                .add("name", group.getName());
+        
+        // Get the parent
+        if (group.getParentId() != null) {
+            Group parentGroup = groupDao.getActiveById(group.getParentId());
+            response.add("parent", parentGroup.getName());
+        }
+        
+        // Members
+        JsonArrayBuilder members = Json.createArrayBuilder();
+        UserDao userDao = new UserDao();
+        List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setGroupId(group.getId()), new SortCriteria(1, true));
+        for (UserDto userDto : userDtoList) {
+            members.add(userDto.getUsername());
+        }
+        response.add("members", members);
+        
+        return Response.ok().entity(response.build()).build();
+    }
+}
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/ShareResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/ShareResource.java
index 869af2cb..93957469 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/ShareResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/ShareResource.java
@@ -37,6 +37,7 @@ public class ShareResource extends BaseResource {
      * Add a share to a document.
      *
      * @param documentId Document ID
+     * @param name Share name
      * @return Response
      */
     @PUT
@@ -53,7 +54,7 @@ public class ShareResource extends BaseResource {
 
         // Get the document
         DocumentDao documentDao = new DocumentDao();
-        if (documentDao.getDocument(documentId, PermType.WRITE, principal.getId()) == null) {
+        if (documentDao.getDocument(documentId, PermType.WRITE, getTargetIdList(null)) == null) {
             return Response.status(Status.NOT_FOUND).build();
         }
         
@@ -102,7 +103,7 @@ public class ShareResource extends BaseResource {
         }
         
         Acl acl = aclList.get(0);
-        if (!aclDao.checkPermission(acl.getSourceId(), PermType.WRITE, principal.getId())) {
+        if (!aclDao.checkPermission(acl.getSourceId(), PermType.WRITE, getTargetIdList(null))) {
             throw new ClientException("DocumentNotFound", MessageFormat.format("Document not found: {0}", acl.getSourceId()));
         }
 
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
index dbc35005..d27ca7c6 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
@@ -25,13 +25,17 @@ import javax.ws.rs.core.Response;
 import org.apache.commons.lang.StringUtils;
 
 import com.google.common.base.Strings;
+import com.google.common.collect.Sets;
 import com.sismics.docs.core.constant.Constants;
 import com.sismics.docs.core.dao.jpa.AuthenticationTokenDao;
 import com.sismics.docs.core.dao.jpa.DocumentDao;
 import com.sismics.docs.core.dao.jpa.FileDao;
+import com.sismics.docs.core.dao.jpa.GroupDao;
 import com.sismics.docs.core.dao.jpa.RoleBaseFunctionDao;
 import com.sismics.docs.core.dao.jpa.UserDao;
+import com.sismics.docs.core.dao.jpa.criteria.GroupCriteria;
 import com.sismics.docs.core.dao.jpa.criteria.UserCriteria;
+import com.sismics.docs.core.dao.jpa.dto.GroupDto;
 import com.sismics.docs.core.dao.jpa.dto.UserDto;
 import com.sismics.docs.core.event.DocumentDeletedAsyncEvent;
 import com.sismics.docs.core.event.FileDeletedAsyncEvent;
@@ -39,10 +43,9 @@ import com.sismics.docs.core.model.context.AppContext;
 import com.sismics.docs.core.model.jpa.AuthenticationToken;
 import com.sismics.docs.core.model.jpa.Document;
 import com.sismics.docs.core.model.jpa.File;
+import com.sismics.docs.core.model.jpa.Group;
 import com.sismics.docs.core.model.jpa.User;
 import com.sismics.docs.core.util.EncryptionUtil;
-import com.sismics.docs.core.util.jpa.PaginatedList;
-import com.sismics.docs.core.util.jpa.PaginatedLists;
 import com.sismics.docs.core.util.jpa.SortCriteria;
 import com.sismics.docs.rest.constant.BaseFunction;
 import com.sismics.rest.exception.ClientException;
@@ -299,14 +302,7 @@ public class UserResource extends BaseResource {
         }
 
         // Get the value of the session token
-        String authToken = null;
-        if (request.getCookies() != null) {
-            for (Cookie cookie : request.getCookies()) {
-                if (TokenBasedSecurityFilter.COOKIE_NAME.equals(cookie.getName())) {
-                    authToken = cookie.getValue();
-                }
-            }
-        }
+        String authToken = getAuthToken();
         
         AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
         AuthenticationToken authenticationToken = null;
@@ -328,7 +324,7 @@ public class UserResource extends BaseResource {
         
         // Deletes the client token in the HTTP response
         JsonObjectBuilder response = Json.createObjectBuilder();
-        NewCookie cookie = new NewCookie(TokenBasedSecurityFilter.COOKIE_NAME, null);
+        NewCookie cookie = new NewCookie(TokenBasedSecurityFilter.COOKIE_NAME, null, "/", null, 1, null, -1, new Date(1), false, false);
         return Response.ok().entity(response.build()).cookie(cookie).build();
     }
 
@@ -362,7 +358,7 @@ public class UserResource extends BaseResource {
         for (Document document : documentList) {
             DocumentDeletedAsyncEvent documentDeletedAsyncEvent = new DocumentDeletedAsyncEvent();
             documentDeletedAsyncEvent.setUserId(principal.getId());
-            documentDeletedAsyncEvent.setDocument(document);
+            documentDeletedAsyncEvent.setDocumentId(document.getId());
             AppContext.getInstance().getAsyncEventBus().post(documentDeletedAsyncEvent);
         }
         
@@ -403,7 +399,7 @@ public class UserResource extends BaseResource {
         
         // Ensure that the admin user is not deleted
         RoleBaseFunctionDao userBaseFuction = new RoleBaseFunctionDao();
-        Set<String> baseFunctionSet = userBaseFuction.findByRoleId(user.getRoleId());
+        Set<String> baseFunctionSet = userBaseFuction.findByRoleId(Sets.newHashSet(user.getRoleId()));
         if (baseFunctionSet.contains(BaseFunction.ADMIN.name())) {
             throw new ClientException("ForbiddenError", "The admin user cannot be deleted");
         }
@@ -421,7 +417,7 @@ public class UserResource extends BaseResource {
         for (Document document : documentList) {
             DocumentDeletedAsyncEvent documentDeletedAsyncEvent = new DocumentDeletedAsyncEvent();
             documentDeletedAsyncEvent.setUserId(principal.getId());
-            documentDeletedAsyncEvent.setDocument(document);
+            documentDeletedAsyncEvent.setDocumentId(document.getId());
             AppContext.getInstance().getAsyncEventBus().post(documentDeletedAsyncEvent);
         }
         
@@ -457,18 +453,39 @@ public class UserResource extends BaseResource {
                 response.add("is_default_password", Constants.DEFAULT_ADMIN_PASSWORD.equals(adminUser.getPassword()));
             }
         } else {
+            // Update the last connection date
+            String authToken = getAuthToken();
+            AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
+            authenticationTokenDao.updateLastConnectionDate(authToken);
+            
+            // Build the response
             response.add("anonymous", false);
             UserDao userDao = new UserDao();
+            GroupDao groupDao = new GroupDao();
             User user = userDao.getById(principal.getId());
+            List<GroupDto> groupDtoList = groupDao.findByCriteria(new GroupCriteria()
+                    .setUserId(user.getId())
+                    .setRecursive(true), null);
+            
             response.add("username", user.getUsername())
                     .add("email", user.getEmail())
                     .add("storage_quota", user.getStorageQuota())
                     .add("storage_current", user.getStorageCurrent());
+            
+            // Base functions
             JsonArrayBuilder baseFunctions = Json.createArrayBuilder();
             for (String baseFunction : ((UserPrincipal) principal).getBaseFunctionSet()) {
                 baseFunctions.add(baseFunction);
             }
+            
+            // Groups
+            JsonArrayBuilder groups = Json.createArrayBuilder();
+            for (GroupDto groupDto : groupDtoList) {
+                groups.add(groupDto.getName());
+            }
+            
             response.add("base_functions", baseFunctions)
+                    .add("groups", groups)
                     .add("is_default_password", hasBaseFunction(BaseFunction.ADMIN) && Constants.DEFAULT_ADMIN_PASSWORD.equals(user.getPassword()));
         }
         
@@ -495,8 +512,19 @@ public class UserResource extends BaseResource {
             throw new ClientException("UserNotFound", "The user doesn't exist");
         }
         
+        // Groups
+        GroupDao groupDao = new GroupDao();
+        List<GroupDto> groupDtoList = groupDao.findByCriteria(
+                new GroupCriteria().setUserId(user.getId()),
+                new SortCriteria(1, true));
+        JsonArrayBuilder groups = Json.createArrayBuilder();
+        for (GroupDto groupDto : groupDtoList) {
+            groups.add(groupDto.getName());
+        }
+        
         JsonObjectBuilder response = Json.createObjectBuilder()
                 .add("username", user.getUsername())
+                .add("groups", groups)
                 .add("email", user.getEmail())
                 .add("storage_quota", user.getStorageQuota())
                 .add("storage_current", user.getStorageCurrent());
@@ -506,30 +534,37 @@ public class UserResource extends BaseResource {
     /**
      * Returns all active users.
      * 
-     * @param limit Page limit
-     * @param offset Page offset
      * @param sortColumn Sort index
      * @param asc If true, ascending sorting, else descending
+     * @param groupName Only return users from this group
      * @return Response
      */
     @GET
     @Path("list")
     public Response list(
-            @QueryParam("limit") Integer limit,
-            @QueryParam("offset") Integer offset,
             @QueryParam("sort_column") Integer sortColumn,
-            @QueryParam("asc") Boolean asc) {
+            @QueryParam("asc") Boolean asc,
+            @QueryParam("group") String groupName) {
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
         
         JsonArrayBuilder users = Json.createArrayBuilder();
-        PaginatedList<UserDto> paginatedList = PaginatedLists.create(limit, offset);
         SortCriteria sortCriteria = new SortCriteria(sortColumn, asc);
 
+        // Validate the group
+        String groupId = null;
+        if (!Strings.isNullOrEmpty(groupName)) {
+            GroupDao groupDao = new GroupDao();
+            Group group = groupDao.getActiveByName(groupName);
+            if (group != null) {
+                groupId = group.getId();
+            }
+        }
+        
         UserDao userDao = new UserDao();
-        userDao.findByCriteria(paginatedList, new UserCriteria(), sortCriteria);
-        for (UserDto userDto : paginatedList.getResultList()) {
+        List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setGroupId(groupId), sortCriteria);
+        for (UserDto userDto : userDtoList) {
             users.add(Json.createObjectBuilder()
                     .add("id", userDto.getId())
                     .add("username", userDto.getUsername())
@@ -540,7 +575,6 @@ public class UserResource extends BaseResource {
         }
         
         JsonObjectBuilder response = Json.createObjectBuilder()
-                .add("total", paginatedList.getResultCount())
                 .add("users", users);
         return Response.ok().entity(response.build()).build();
     }
@@ -558,14 +592,7 @@ public class UserResource extends BaseResource {
         }
         
         // Get the value of the session token
-        String authToken = null;
-        if (request.getCookies() != null) {
-            for (Cookie cookie : request.getCookies()) {
-                if (TokenBasedSecurityFilter.COOKIE_NAME.equals(cookie.getName())) {
-                    authToken = cookie.getValue();
-                }
-            }
-        }
+        String authToken = getAuthToken();
         
         JsonArrayBuilder sessions = Json.createArrayBuilder();
         AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
@@ -600,14 +627,7 @@ public class UserResource extends BaseResource {
         }
         
         // Get the value of the session token
-        String authToken = null;
-        if (request.getCookies() != null) {
-            for (Cookie cookie : request.getCookies()) {
-                if (TokenBasedSecurityFilter.COOKIE_NAME.equals(cookie.getName())) {
-                    authToken = cookie.getValue();
-                }
-            }
-        }
+        String authToken = getAuthToken();
         
         // Remove other tokens
         AuthenticationTokenDao authenticationTokenDao = new AuthenticationTokenDao();
@@ -618,4 +638,21 @@ public class UserResource extends BaseResource {
                 .add("status", "ok");
         return Response.ok().entity(response.build()).build();
     }
+    
+    /**
+     * Returns the authentication token value.
+     * 
+     * @return Token value
+     */
+    private String getAuthToken() {
+        if (request.getCookies() != null) {
+            for (Cookie cookie : request.getCookies()) {
+                if (TokenBasedSecurityFilter.COOKIE_NAME.equals(cookie.getName())
+                        && !Strings.isNullOrEmpty(cookie.getValue())) {
+                    return cookie.getValue();
+                }
+            }
+        }
+        return null;
+    }
 }
diff --git a/docs-web/src/main/webapp/src/app/docs/app.js b/docs-web/src/main/webapp/src/app/docs/app.js
index 1d29aee4..cdcfb0d1 100644
--- a/docs-web/src/main/webapp/src/app/docs/app.js
+++ b/docs-web/src/main/webapp/src/app/docs/app.js
@@ -106,6 +106,33 @@ angular.module('docs',
           }
         }
       })
+    .state('settings.group', {
+        url: '/group',
+        views: {
+          'settings': {
+            templateUrl: 'partial/docs/settings.group.html',
+            controller: 'SettingsGroup'
+          }
+        }
+      })
+      .state('settings.group.edit', {
+        url: '/edit/:name',
+        views: {
+          'group': {
+            templateUrl: 'partial/docs/settings.group.edit.html',
+            controller: 'SettingsGroupEdit'
+          }
+        }
+      })
+      .state('settings.group.add', {
+        url: '/add',
+        views: {
+          'group': {
+            templateUrl: 'partial/docs/settings.group.edit.html',
+            controller: 'SettingsGroupEdit'
+          }
+        }
+      })
   .state('settings.vocabulary', {
     url: '/vocabulary',
     views: {
@@ -221,19 +248,37 @@ angular.module('docs',
     url: '/user',
     views: {
       'page': {
-        templateUrl: 'partial/docs/user.html',
-        controller: 'User'
+        templateUrl: 'partial/docs/usergroup.html',
+        controller: 'UserGroup'
       }
     }
   })
     .state('user.profile', {
       url: '/:username',
       views: {
-        'user': {
+        'sub': {
           templateUrl: 'partial/docs/user.profile.html',
           controller: 'UserProfile'
         }
       }
+    })
+  .state('group', {
+    url: '/group',
+    views: {
+      'page': {
+        templateUrl: 'partial/docs/usergroup.html',
+        controller: 'UserGroup'
+      }
+    }
+  })
+    .state('group.profile', {
+      url: '/:name',
+      views: {
+        'sub': {
+          templateUrl: 'partial/docs/group.profile.html',
+          controller: 'GroupProfile'
+        }
+      }
     });
   
   // Configuring Restangular
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/DocumentEdit.js b/docs-web/src/main/webapp/src/app/docs/controller/DocumentEdit.js
index 653133a0..e13839f9 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/DocumentEdit.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/DocumentEdit.js
@@ -50,6 +50,7 @@ angular.module('docs').controller('DocumentEdit', function($rootScope, $scope, $
   $scope.resetForm = function() {
     $scope.document = {
       tags: [],
+      relations: [],
       language: 'fra'
     };
     $scope.newFiles = [];
@@ -71,6 +72,9 @@ angular.module('docs').controller('DocumentEdit', function($rootScope, $scope, $
     
     // Extract ids from tags
     document.tags = _.pluck(document.tags, 'id');
+
+    // Extract ids from relations (only when our document is the source)
+    document.relations = _.pluck(_.where(document.relations, { source: true }), 'id');
     
     if ($scope.isEdit()) {
       promise = Restangular.one('document', $stateParams.id).post('', document);
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/DocumentViewPermissions.js b/docs-web/src/main/webapp/src/app/docs/controller/DocumentViewPermissions.js
index 2c6ecb5f..80231f2f 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/DocumentViewPermissions.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/DocumentViewPermissions.js
@@ -35,18 +35,21 @@ angular.module('docs').controller('DocumentViewPermissions', function ($scope, $
     if ($scope.acl.perm == 'READWRITE') {
       acls = [{
         source: $stateParams.id,
-        username: $scope.acl.username,
-        perm: 'READ'
+        target: $scope.acl.target.name,
+        perm: 'READ',
+        type: $scope.acl.target.type
       }, {
         source: $stateParams.id,
-        username: $scope.acl.username,
-        perm: 'WRITE'
+        target: $scope.acl.target.name,
+        perm: 'WRITE',
+        type: $scope.acl.target.type
       }];
     } else {
       acls = [{
         source: $stateParams.id,
-        username: $scope.acl.username,
-        perm: $scope.acl.perm
+        target: $scope.acl.target.name,
+        perm: $scope.acl.perm,
+        type: $scope.acl.target.type
       }];
     }
 
@@ -74,7 +77,20 @@ angular.module('docs').controller('DocumentViewPermissions', function ($scope, $
         .get({
           search: $viewValue
         }).then(function(data) {
-          deferred.resolve(_.pluck(data.users, 'username'), true);
+          var output = [];
+
+          // Add the type to use later
+          output.push.apply(output,  _.map(data.users, function(user) {
+            user.type = 'USER';
+            return user;
+          }));
+          output.push.apply(output, _.map(data.groups, function(group) {
+            group.type = 'GROUP';
+            return group;
+          }));
+
+          // Send the data to the typeahead directive
+          deferred.resolve(output, true);
         });
     return deferred.promise;
   };
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/GroupProfile.js b/docs-web/src/main/webapp/src/app/docs/controller/GroupProfile.js
new file mode 100644
index 00000000..3d47fda2
--- /dev/null
+++ b/docs-web/src/main/webapp/src/app/docs/controller/GroupProfile.js
@@ -0,0 +1,11 @@
+'use strict';
+
+/**
+ * Group profile controller.
+ */
+angular.module('docs').controller('GroupProfile', function($stateParams, Restangular, $scope) {
+  // Load user
+  Restangular.one('group', $stateParams.name).get().then(function(data) {
+    $scope.group = data;
+  });
+});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/SettingsGroup.js b/docs-web/src/main/webapp/src/app/docs/controller/SettingsGroup.js
new file mode 100644
index 00000000..2f28b1f9
--- /dev/null
+++ b/docs-web/src/main/webapp/src/app/docs/controller/SettingsGroup.js
@@ -0,0 +1,24 @@
+'use strict';
+
+/**
+ * Settings group page controller.
+ */
+angular.module('docs').controller('SettingsGroup', function($scope, $state, Restangular) {
+  /**
+   * Load groups from server.
+   */
+  $scope.loadGroups = function() {
+    Restangular.one('group').get().then(function(data) {
+      $scope.groups = data.groups;
+    });
+  };
+  
+  $scope.loadGroups();
+  
+  /**
+   * Edit a group.
+   */
+  $scope.editGroup = function(group) {
+    $state.go('settings.group.edit', { name: group.name });
+  };
+});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/SettingsGroupEdit.js b/docs-web/src/main/webapp/src/app/docs/controller/SettingsGroupEdit.js
new file mode 100644
index 00000000..0275288a
--- /dev/null
+++ b/docs-web/src/main/webapp/src/app/docs/controller/SettingsGroupEdit.js
@@ -0,0 +1,128 @@
+'use strict';
+
+/**
+ * Settings group edition page controller.
+ */
+angular.module('docs').controller('SettingsGroupEdit', function($scope, $dialog, $state, $stateParams, Restangular, $q) {
+  /**
+   * Returns true if in edit mode (false in add mode).
+   */
+  $scope.isEdit = function() {
+    return $stateParams.name;
+  };
+  
+  /**
+   * In edit mode, load the current group.
+   */
+  if ($scope.isEdit()) {
+    Restangular.one('group', $stateParams.name).get().then(function(data) {
+      $scope.group = data;
+    });
+  }
+
+  /**
+   * Update the current group.
+   */
+  $scope.edit = function() {
+    var promise = null;
+    var group = angular.copy($scope.group);
+
+    if ($scope.isEdit()) {
+      promise = Restangular
+        .one('group', $stateParams.name)
+        .post('', group);
+    } else {
+      promise = Restangular
+        .one('group')
+        .put(group);
+    }
+    
+    promise.then(function() {
+      $scope.loadGroups();
+      if ($scope.isEdit()) {
+        $state.go('settings.group');
+      } else {
+        // Go to edit this group to add members
+        $state.go('settings.group.edit', { name: group.name });
+      }
+    });
+  };
+
+  /**
+   * Delete the current group.
+   */
+  $scope.remove = function() {
+    var title = 'Delete group';
+    var msg = 'Do you really want to delete this group?';
+    var btns = [{result:'cancel', label: 'Cancel'}, {result:'ok', label: 'OK', cssClass: 'btn-primary'}];
+
+    $dialog.messageBox(title, msg, btns, function(result) {
+      if (result == 'ok') {
+        Restangular.one('group', $stateParams.name).remove().then(function() {
+          $scope.loadGroups();
+          $state.go('settings.group');
+        }, function() {
+          $state.go('settings.group');
+        });
+      }
+    });
+  };
+
+  /**
+   * Returns a promise for typeahead group.
+   */
+  $scope.getGroupTypeahead = function($viewValue) {
+    var deferred = $q.defer();
+    Restangular.one('group')
+        .getList('', {
+          sort_column: 1,
+          asc: true
+        }).then(function(data) {
+      deferred.resolve(_.pluck(_.filter(data.groups, function(group) {
+        return group.name.indexOf($viewValue) !== -1;
+      }), 'name'));
+    });
+    return deferred.promise;
+  };
+
+  /**
+   * Returns a promise for typeahead user.
+   */
+  $scope.getUserTypeahead = function($viewValue) {
+    var deferred = $q.defer();
+    Restangular.one('user')
+        .getList('list', {
+          search: $viewValue,
+          sort_column: 1,
+          asc: true
+        }).then(function(data) {
+      deferred.resolve(_.pluck(_.filter(data.users, function(user) {
+        return user.username.indexOf($viewValue) !== -1;
+      }), 'username'));
+    });
+    return deferred.promise;
+  };
+
+  /**
+   * Add a new member.
+   */
+  $scope.addMember = function(member) {
+    $scope.member = '';
+    Restangular.one('group/' + $stateParams.name).put({
+      username: member
+    }).then(function() {
+      if ($scope.group.members.indexOf(member) === -1) {
+        $scope.group.members.push(member);
+      }
+    });
+  };
+
+  /**
+   * Remove a member.
+   */
+  $scope.removeMember = function(member) {
+    Restangular.one('group/' + $stateParams.name, member).remove().then(function() {
+      $scope.group.members.splice($scope.group.members.indexOf(member), 1);
+    });
+  };
+});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/SettingsUser.js b/docs-web/src/main/webapp/src/app/docs/controller/SettingsUser.js
index 8a499264..de06b121 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/SettingsUser.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/SettingsUser.js
@@ -8,7 +8,10 @@ angular.module('docs').controller('SettingsUser', function($scope, $state, Resta
    * Load users from server.
    */
   $scope.loadUsers = function() {
-    Restangular.one('user/list').get({ limit: 100 }).then(function(data) {
+    Restangular.one('user/list').get({
+      sort_column: 1,
+      asc: true
+    }).then(function(data) {
       $scope.users = data.users;
     });
   };
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/SettingsUserEdit.js b/docs-web/src/main/webapp/src/app/docs/controller/SettingsUserEdit.js
index 792990c2..599001ee 100644
--- a/docs-web/src/main/webapp/src/app/docs/controller/SettingsUserEdit.js
+++ b/docs-web/src/main/webapp/src/app/docs/controller/SettingsUserEdit.js
@@ -31,12 +31,12 @@ angular.module('docs').controller('SettingsUserEdit', function($scope, $dialog,
     
     if ($scope.isEdit()) {
       promise = Restangular
-      .one('user', $stateParams.username)
-      .post('', user);
+        .one('user', $stateParams.username)
+        .post('', user);
     } else {
       promise = Restangular
-      .one('user')
-      .put(user);
+        .one('user')
+        .put(user);
     }
     
     promise.then(function() {
@@ -48,7 +48,7 @@ angular.module('docs').controller('SettingsUserEdit', function($scope, $dialog,
   /**
    * Delete the current user.
    */
-  $scope.remove = function () {
+  $scope.remove = function() {
     var title = 'Delete user';
     var msg = 'Do you really want to delete this user? All associated documents, files and tags will be deleted';
     var btns = [{result:'cancel', label: 'Cancel'}, {result:'ok', label: 'OK', cssClass: 'btn-primary'}];
@@ -58,7 +58,7 @@ angular.module('docs').controller('SettingsUserEdit', function($scope, $dialog,
         Restangular.one('user', $stateParams.username).remove().then(function() {
           $scope.loadUsers();
           $state.go('settings.user');
-        }, function () {
+        }, function() {
           $state.go('settings.user');
         });
       }
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/User.js b/docs-web/src/main/webapp/src/app/docs/controller/User.js
deleted file mode 100644
index 77bec639..00000000
--- a/docs-web/src/main/webapp/src/app/docs/controller/User.js
+++ /dev/null
@@ -1,16 +0,0 @@
-'use strict';
-
-/**
- * User controller.
- */
-angular.module('docs').controller('User', function(Restangular, $scope, $state) {
-  // Load users
-  Restangular.one('user/list').get({ limit: 100 }).then(function(data) {
-    $scope.users = data.users;
-  });
-
-  // Open a user
-  $scope.openUser = function(user) {
-    $state.go('user.profile', { username: user.username });
-  };
-});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/controller/UserGroup.js b/docs-web/src/main/webapp/src/app/docs/controller/UserGroup.js
new file mode 100644
index 00000000..fb3c27b8
--- /dev/null
+++ b/docs-web/src/main/webapp/src/app/docs/controller/UserGroup.js
@@ -0,0 +1,32 @@
+'use strict';
+
+/**
+ * User/group controller.
+ */
+angular.module('docs').controller('UserGroup', function(Restangular, $scope, $state) {
+  // Load users
+  Restangular.one('user/list').get({
+    sort_column: 1,
+    asc: true
+  }).then(function(data) {
+    $scope.users = data.users;
+  });
+
+  // Load groups
+  Restangular.one('group').get({
+    sort_column: 1,
+    asc: true
+  }).then(function(data) {
+    $scope.groups = data.groups;
+  });
+
+  // Open a user
+  $scope.openUser = function(user) {
+    $state.go('user.profile', { username: user.username });
+  };
+
+  // Open a group
+  $scope.openGroup = function(group) {
+    $state.go('group.profile', { name: group.name });
+  };
+});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/directive/Acl.js b/docs-web/src/main/webapp/src/app/docs/directive/Acl.js
new file mode 100644
index 00000000..ca1efbcc
--- /dev/null
+++ b/docs-web/src/main/webapp/src/app/docs/directive/Acl.js
@@ -0,0 +1,15 @@
+'use strict';
+
+/**
+ * ACL directive.
+ */
+angular.module('docs').directive('acl', function() {
+  return {
+    restrict: 'E',
+    template: '<span ng-if="data.type"><em>{{ data.type == \'SHARE\' ? \'Shared\' : (data.type == \'USER\' ? \'User\' : \'Group\') }}</em> {{ data.name }}</span>',
+    replace: true,
+    scope: {
+      data: '='
+    }
+  }
+});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/app/docs/directive/SelectRelation.js b/docs-web/src/main/webapp/src/app/docs/directive/SelectRelation.js
new file mode 100644
index 00000000..df0cdce6
--- /dev/null
+++ b/docs-web/src/main/webapp/src/app/docs/directive/SelectRelation.js
@@ -0,0 +1,68 @@
+'use strict';
+
+/**
+ * Relation selection directive.
+ */
+angular.module('docs').directive('selectRelation', function() {
+  return {
+    restrict: 'E',
+    templateUrl: 'partial/docs/directive.selectrelation.html',
+    replace: true,
+    scope: {
+      relations: '=',
+      ref: '@',
+      ngDisabled: '='
+    },
+    controller: function($scope, $q, Restangular) {
+      /**
+       * Add a relation.
+       */
+      $scope.addRelation = function($item) {
+        // Does the new relation is already in the model
+        var duplicate = _.find($scope.relations, function(relation) {
+          if ($item.id == relation.id) {
+            return relation;
+          }
+        });
+
+        // Add the new relation
+        if (!duplicate) {
+          $scope.relations.push({
+            id: $item.id,
+            title: $item.title,
+            source: true
+          });
+        }
+        $scope.input = '';
+      };
+      
+      /**
+       * Remove a relation.
+       */
+      $scope.deleteRelation = function(deleteRelation) {
+        $scope.relations = _.reject($scope.relations, function(relation) {
+          return relation.id == deleteRelation.id;
+        })
+      };
+
+      /**
+       * Returns a promise for typeahead title.
+       */
+      $scope.getDocumentTypeahead = function($viewValue) {
+        var deferred = $q.defer();
+        Restangular.one('document')
+            .getList('list', {
+              limit: 5,
+              sort_column: 1,
+              asc: true,
+              search: $viewValue
+            }).then(function(data) {
+          deferred.resolve(data.documents);
+        });
+        return deferred.promise;
+      };
+    },
+    link: function(scope, element, attr, ctrl) {
+    }
+  }
+});
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/img/background.jpg b/docs-web/src/main/webapp/src/img/background.jpg
new file mode 100644
index 00000000..000202f9
Binary files /dev/null and b/docs-web/src/main/webapp/src/img/background.jpg differ
diff --git a/docs-web/src/main/webapp/src/index.html b/docs-web/src/main/webapp/src/index.html
index a2b48b69..384c59b1 100644
--- a/docs-web/src/main/webapp/src/index.html
+++ b/docs-web/src/main/webapp/src/index.html
@@ -60,9 +60,12 @@
     <script src="app/docs/controller/SettingsLog.js" type="text/javascript"></script>
     <script src="app/docs/controller/SettingsUser.js" type="text/javascript"></script>
     <script src="app/docs/controller/SettingsUserEdit.js" type="text/javascript"></script>
+    <script src="app/docs/controller/SettingsGroup.js" type="text/javascript"></script>
+    <script src="app/docs/controller/SettingsGroupEdit.js" type="text/javascript"></script>
     <script src="app/docs/controller/SettingsVocabulary.js" type="text/javascript"></script>
-    <script src="app/docs/controller/User.js" type="text/javascript"></script>
+    <script src="app/docs/controller/UserGroup.js" type="text/javascript"></script>
     <script src="app/docs/controller/UserProfile.js" type="text/javascript"></script>
+    <script src="app/docs/controller/GroupProfile.js" type="text/javascript"></script>
     <script src="app/docs/service/User.js" type="text/javascript"></script>
     <script src="app/docs/service/Tag.js" type="text/javascript"></script>
     <script src="app/docs/filter/Newline.js" type="text/javascript"></script>
@@ -70,9 +73,11 @@
     <script src="app/docs/filter/Filesize.js" type="text/javascript"></script>
     <script src="app/docs/directive/File.js" type="text/javascript"></script>
     <script src="app/docs/directive/SelectTag.js" type="text/javascript"></script>
+    <script src="app/docs/directive/SelectRelation.js" type="text/javascript"></script>
     <script src="app/docs/directive/AuditLog.js" type="text/javascript"></script>
     <script src="app/docs/directive/InlineEdit.js" type="text/javascript"></script>
     <script src="app/docs/directive/ImgError.js" type="text/javascript"></script>
+    <script src="app/docs/directive/Acl.js" type="text/javascript"></script>
     <!-- endref -->
   </head>
   <body>
@@ -107,7 +112,7 @@
             <a href="#/tag"><span class="glyphicon glyphicon-tags"></span> Tags</a>
           </li>
           <li ng-class="{active: $uiRoute}" ui-route="/user.*">
-            <a href="#/user"><span class="glyphicon glyphicon-user"></span> Users</a>
+            <a href="#/user"><span class="glyphicon glyphicon-user"></span> Users &amp; Groups</a>
           </li>
         </ul>
 
diff --git a/docs-web/src/main/webapp/src/partial/docs/directive.auditlog.html b/docs-web/src/main/webapp/src/partial/docs/directive.auditlog.html
index 0b7734f1..3a15eba9 100644
--- a/docs-web/src/main/webapp/src/partial/docs/directive.auditlog.html
+++ b/docs-web/src/main/webapp/src/partial/docs/directive.auditlog.html
@@ -34,7 +34,10 @@
               <a href="#/tag">{{ log.message }}</a>
             </span>
             <span ng-switch-when="User">
-              <a href="#/settings/account">{{ log.message }}</a>
+              <a href="#/user/{{ log.message }}">{{ log.message }}</a>
+            </span>
+            <span ng-switch-when="Group">
+              <a href="#/group/{{ log.message }}">{{ log.message }}</a>
             </span>
           </span>
     </td>
diff --git a/docs-web/src/main/webapp/src/partial/docs/directive.selectrelation.html b/docs-web/src/main/webapp/src/partial/docs/directive.selectrelation.html
new file mode 100644
index 00000000..82f8a9c3
--- /dev/null
+++ b/docs-web/src/main/webapp/src/partial/docs/directive.selectrelation.html
@@ -0,0 +1,12 @@
+<div>
+  <ul class="list-inline">
+    <li ng-repeat="relation in relations | filter: { source: true }">
+      <span class="label label-info">{{ relation.title }}
+        <span class="glyphicon glyphicon-remove" ng-click="deleteRelation(relation)" ng-show="!ngDisabled"></span>
+      </span>
+    </li>
+  </ul>
+  <input class="form-control" type="text" id="{{ ref }}" placeholder="Type a document title" ng-model="input" ng-disabled="ngDisabled"
+    autocomplete="off" typeahead="document.title for document in getDocumentTypeahead($viewValue)"
+    typeahead-wait-ms="200" typeahead-on-select="addRelation($item)" />
+</div>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/directive.typeahead.acl.html b/docs-web/src/main/webapp/src/partial/docs/directive.typeahead.acl.html
new file mode 100644
index 00000000..4ad77ef5
--- /dev/null
+++ b/docs-web/src/main/webapp/src/partial/docs/directive.typeahead.acl.html
@@ -0,0 +1 @@
+<a tabindex="-1"><acl data="match.model"></acl></a>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/document.edit.html b/docs-web/src/main/webapp/src/partial/docs/document.edit.html
index 5a147655..049c0d77 100644
--- a/docs-web/src/main/webapp/src/partial/docs/document.edit.html
+++ b/docs-web/src/main/webapp/src/partial/docs/document.edit.html
@@ -9,7 +9,7 @@
         <div class="col-sm-10">
           <input required ng-maxlength="100" class="form-control" type="text" id="inputTitle"
             placeholder="The nature or genre of the resource" name="title" ng-model="document.title" autocomplete="off"
-            typeahead="document for document in getTitleTypeahead($viewValue) | filter: $viewValue"
+            typeahead="document for document in getTitleTypeahead($viewValue)"
             typeahead-wait-ms="200" ng-disabled="fileIsUploading" />
         </div>
       </div>
@@ -98,6 +98,7 @@
         <label class="col-sm-2 control-label" for="inputType">Type</label>
         <div class="col-sm-10">
           <select class="form-control" id="inputType" name="type" ng-model="document.type" ng-disabled="fileIsUploading">
+            <option value=""></option>
             <option ng-repeat="vocabulary in vocabularies['type']">{{ vocabulary.value }}</option>
           </select>
         </div>
@@ -106,6 +107,7 @@
         <label class="col-sm-2 control-label" for="inputCoverage">Coverage</label>
         <div class="col-sm-10">
           <select class="form-control" id="inputCoverage" name="coverage" ng-model="document.coverage" ng-disabled="fileIsUploading">
+            <option value=""></option>
             <option ng-repeat="vocabulary in vocabularies['coverage']">{{ vocabulary.value }}</option>
           </select>
         </div>
@@ -114,10 +116,17 @@
         <label class="col-sm-2 control-label" for="inputRights">Rights</label>
         <div class="col-sm-10">
           <select class="form-control" id="inputRights" name="rights" ng-model="document.rights" ng-disabled="fileIsUploading">
+            <option value=""></option>
             <option ng-repeat="vocabulary in vocabularies['rights']">{{ vocabulary.value }}</option>
           </select>
         </div>
       </div>
+      <div class="form-group">
+        <label class="col-sm-2 control-label" for="inputRelations">Relations</label>
+        <div class="col-sm-10">
+          <select-relation relations="document.relations" ref="inputRelations" ng-disabled="fileIsUploading"></select-relation>
+        </div>
+      </div>
     </fieldset>
 
     <div class="form-group">
diff --git a/docs-web/src/main/webapp/src/partial/docs/document.view.content.html b/docs-web/src/main/webapp/src/partial/docs/document.view.content.html
index 5b4f68ee..15127f09 100644
--- a/docs-web/src/main/webapp/src/partial/docs/document.view.content.html
+++ b/docs-web/src/main/webapp/src/partial/docs/document.view.content.html
@@ -19,13 +19,23 @@
   <dt>Contributors</dt>
   <dd>
     <span ng-repeat="contributor in document.contributors">
-      <span class="btn btn-default btn-xs">
+      <span class="btn btn-link btn-xs">
         <a href="#/user/{{ contributor.username }}">
           {{ contributor.username }}
         </a>
       </span>
     </span>
   </dd>
+  <dt ng-if="document.relations.length > 0">Relations</dt>
+  <dd ng-if="document.relations.length > 0">
+    <span ng-repeat="relation in document.relations">
+      <span class="btn btn-link btn-xs">
+        <a href="#/document/view/{{ relation.id }}">
+          {{ relation.title }}
+        </a>
+      </span>
+    </span>
+  </dd>
 </dl>
 
 <div ng-file-drop drag-over-class="bg-success" ng-multiple="true" allow-dir="false" ng-model="dropFiles"
diff --git a/docs-web/src/main/webapp/src/partial/docs/document.view.html b/docs-web/src/main/webapp/src/partial/docs/document.view.html
index ec003ceb..664eabd2 100644
--- a/docs-web/src/main/webapp/src/partial/docs/document.view.html
+++ b/docs-web/src/main/webapp/src/partial/docs/document.view.html
@@ -5,6 +5,10 @@
     <span class="glyphicon glyphicon-warning-sign"></span>
     Document not found
   </p>
+  <p class="text-center" ng-show="error.status == 403">
+    <span class="glyphicon glyphicon-warning-sign"></span>
+    Access forbidden
+  </p>
 </div>
 
 <div ng-show="document">
diff --git a/docs-web/src/main/webapp/src/partial/docs/document.view.permissions.html b/docs-web/src/main/webapp/src/partial/docs/document.view.permissions.html
index c8921061..07160373 100644
--- a/docs-web/src/main/webapp/src/partial/docs/document.view.permissions.html
+++ b/docs-web/src/main/webapp/src/partial/docs/document.view.permissions.html
@@ -5,7 +5,7 @@
   </tr>
 
   <tr ng-repeat="(id, acl) in acls">
-    <td><em>{{ acl[0].type == 'SHARE' ? 'Shared' : 'User' }}</em> {{ acl[0].name }}</td>
+    <td><acl data="acl[0]"></acl></td>
     <td>
             <span class="label label-default" style="margin-right: 6px;" ng-repeat="a in acl | orderBy: 'perm'">
               {{ a.perm }}
@@ -22,13 +22,19 @@
 
   <form name="aclForm" class="form-horizontal">
     <div class="form-group">
-      <label class=" col-sm-2 control-label" for="inputTarget">User</label>
+      <label class="col-sm-2 control-label" for="inputTarget">For</label>
       <div class="col-sm-3">
         <input required ng-maxlength="50" class="form-control" type="text" id="inputTarget"
-               placeholder="Type a username" name="username" ng-model="acl.username" autocomplete="off"
-               typeahead="username for username in getTargetAclTypeahead($viewValue) | filter: $viewValue"
+               placeholder="Search a user or group" name="target" ng-model="acl.target" autocomplete="off"
+               typeahead="target as target.name for target in getTargetAclTypeahead($viewValue) | filter: $viewValue"
+               typeahead-template-url="partial/docs/directive.typeahead.acl.html"
                typeahead-wait-ms="200" />
       </div>
+      <div class="col-sm-4">
+        <span class="btn btn-primary" ng-if="acl.target.type" ng-click="acl.target = null">
+          <acl data="acl.target"></acl>
+        </span>
+      </div>
     </div>
 
     <div class="form-group">
@@ -43,7 +49,7 @@
 
     <div class="form-group">
       <div class="col-sm-offset-2 col-sm-10">
-        <button type="submit" class="btn btn-primary"  ng-disabled="!aclForm.$valid" ng-click="addAcl()">
+        <button type="submit" class="btn btn-primary"  ng-disabled="!acl.target.type" ng-click="addAcl()">
           <span class="glyphicon glyphicon-plus"></span>
           Add
         </button>
diff --git a/docs-web/src/main/webapp/src/partial/docs/group.profile.html b/docs-web/src/main/webapp/src/partial/docs/group.profile.html
new file mode 100644
index 00000000..8aa8c586
--- /dev/null
+++ b/docs-web/src/main/webapp/src/partial/docs/group.profile.html
@@ -0,0 +1,22 @@
+<div class="page-header">
+  <h1>{{ group.name }}</h1>
+</div>
+
+<h4>Members</h4>
+<ul>
+  <li ng-repeat="member in group.members">
+    <a href="#/user/{{ member }}">{{ member }}</a>
+  </li>
+  <li ng-if="group.members.length == 0">No member</li>
+</ul>
+
+<div ng-if="userInfo.base_functions.indexOf('ADMIN') != -1">
+  <h4>Related links</h4>
+  <ul>
+    <li>
+      <a ng-href="#/settings/group/edit/{{ group.name }}">
+        Edit {{ group.name }} group
+      </a>
+    </li>
+  </ul>
+</div>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/login.html b/docs-web/src/main/webapp/src/partial/docs/login.html
index 887bd9a7..4aabda53 100644
--- a/docs-web/src/main/webapp/src/partial/docs/login.html
+++ b/docs-web/src/main/webapp/src/partial/docs/login.html
@@ -1,5 +1,11 @@
-<div class="row">
-  <div class="col-sm-offset-5 col-sm-3">
+<style>
+  /* No navbar in login screen */
+  .navbar {
+    display: none;
+  }
+</style>
+<div class="row vertical-center login-box-container">
+  <div class="col-sm-offset-5 col-sm-2 login-box">
     <form>
       <div class="form-group">
         <label class="sr-only" for="inputUsername">Username</label>
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.group.edit.html b/docs-web/src/main/webapp/src/partial/docs/settings.group.edit.html
new file mode 100644
index 00000000..1a49d88c
--- /dev/null
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.group.edit.html
@@ -0,0 +1,73 @@
+<img src="img/loader.gif" ng-show="!group && isEdit()" />
+
+<div ng-show="group || !isEdit()">
+  <h2 ng-show="isEdit()">Edit
+    <small>"{{ group.name }}"</small>
+  </h2>
+  <h2 ng-show="!isEdit()">Add
+    <small>group</small>
+  </h2>
+  <form class="form-horizontal" name="editGroupForm" novalidate>
+    <div class="form-group" ng-class="{ 'has-error': !editGroupForm.name.$valid, success: editGroupForm.name.$valid }">
+      <label class="col-sm-2 control-label" for="inputName">Name</label>
+  
+      <div class="col-sm-7">
+        <input name="name" type="text" id="inputName" required class="form-control"
+               ng-minlength="3" ng-maxlength="50" placeholder="Name" ng-model="group.name"/>
+      </div>
+
+      <div class="col-sm-3">
+        <span class="help-block" ng-show="editGroupForm.name.$error.required">Required</span>
+        <span class="help-block" ng-show="editGroupForm.name.$error.minlength">Too short</span>
+        <span class="help-block" ng-show="editGroupForm.name.$error.maxlength">Too long</span>
+      </div>
+    </div>
+    <div class="form-group">
+      <label class="col-sm-2 control-label" for="inputName">Parent group</label>
+
+      <div class="col-sm-7">
+        <input name="name" type="text" id="inputParent" class="form-control" autocomplete="off"
+               placeholder="Search a group" ng-model="group.parent"
+               typeahead="group for group in getGroupTypeahead($viewValue)"
+               typeahead-wait-ms="200" typeahead-editable="false" />
+      </div>
+    </div>
+    <div class="form-group">
+      <div class="col-sm-offset-2 col-sm-10">
+        <button type="submit" class="btn btn-primary" ng-click="edit()" ng-disabled="!editGroupForm.$valid">
+          <span class="glyphicon glyphicon-pencil"></span> {{ isEdit() ? 'Edit' : 'Add' }}
+        </button>
+        <button type="button" class="btn btn-danger" ng-click="remove()" ng-show="isEdit()">
+          <span class="glyphicon glyphicon-trash"></span> Delete
+        </button>
+      </div>
+    </div>
+  </form>
+
+  <div ng-show="isEdit()">
+    <h3>Members</h3>
+    <form class="form-horizontal" novalidate>
+      <div class="form-group">
+        <label class="col-sm-2 control-label" for="inputMember">New member</label>
+        <div class="col-sm-7">
+          <input name="member" type="text" id="inputMember" class="form-control" ng-model="member" placeholder="Search a user"
+                 typeahead="user for user in getUserTypeahead($viewValue)" typeahead-on-select="addMember($item)"
+                 typeahead-wait-ms="200" typeahead-editable="false" autocomplete="off" />
+        </div>
+      </div>
+
+      <div class="form-group">
+        <label class="col-sm-2 control-label">Members</label>
+        <div class="col-sm-7">
+          <span ng-repeat="member in group.members">
+            <span class="btn btn-default"
+               ng-click="removeMember(member)">
+              {{ member }}
+              <span class="glyphicon glyphicon-remove"></span>
+            </span>&nbsp;
+          </span>
+        </div>
+      </div>
+    </form>
+  </div>
+</div>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.group.html b/docs-web/src/main/webapp/src/partial/docs/settings.group.html
new file mode 100644
index 00000000..284706ec
--- /dev/null
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.group.html
@@ -0,0 +1,23 @@
+<h1>Groups <small>management</small> <a class="btn btn-primary" href="#/settings/group/add">Add</a></h1>
+
+<div class="row">
+  <div class="col-md-4 well">
+    <table class="table table-striped table-hover table-users">
+      <thead>
+        <tr>
+          <th>Name</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr ng-repeat="group in groups | orderBy: 'name'" ng-click="editGroup(group)"
+            ng-class="{ active: $stateParams.name == group.name }">
+          <td>{{ group.name }}</td>
+        </tr>
+      </tbody>
+    </table>
+  </div>
+
+  <div class="col-md-8">
+    <div ui-view="group"></div>
+  </div>
+</div>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.html b/docs-web/src/main/webapp/src/partial/docs/settings.html
index 4bc1a5d0..ced011b6 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.html
@@ -12,6 +12,7 @@
       <div class="panel-heading" ng-show="isAdmin"><strong>General settings</strong></div>
       <ul class="list-group">
         <a class="list-group-item" ng-show="isAdmin" ng-class="{active: $uiRoute}" ui-route="/settings/user.*" href="#/settings/user">Users</a>
+        <a class="list-group-item" ng-show="isAdmin" ng-class="{active: $uiRoute}" ui-route="/settings/group.*" href="#/settings/group">Groups</a>
         <a class="list-group-item" ng-show="isAdmin" ng-class="{active: $uiRoute}" ui-route="/settings/vocabulary.*" href="#/settings/vocabulary">Vocabularies</a>
         <a class="list-group-item" ng-show="isAdmin" ng-class="{active: $uiRoute}" ui-route="/settings/log" href="#/settings/log">Server logs</a>
       </ul>
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html b/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
index d0208b85..2b1a3500 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
@@ -37,6 +37,15 @@
         <span class="help-block" ng-show="editUserForm.email.$error.maxlength">Too long</span>
       </div>
     </div>
+    <div class="form-group" ng-if="user.groups.length > 0">
+      <label class="col-sm-2 control-label">Groups</label>
+
+      <div class="col-sm-7">
+        <a class="btn btn-default"
+           ng-repeat="group in user.groups"
+           href="#/settings/group/edit/{{ group }}">{{ group }}</a>
+      </div>
+    </div>
     <div class="form-group" ng-class="{ 'has-error': !editUserForm.storage_quota.$valid, success: editUserForm.storage_quota.$valid }">
       <label class="col-sm-2 control-label" for="inputQuota">Storage quota</label>
 
@@ -90,5 +99,4 @@
       </div>
     </div>
   </form>
-  <alert ng-repeat="alert in alerts" type="alert.type" close="closeAlert($index)">{{ alert.msg }}</alert>
 </div>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.user.html b/docs-web/src/main/webapp/src/partial/docs/settings.user.html
index 0d918214..c4fb3c1b 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.user.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.user.html
@@ -10,7 +10,8 @@
         </tr>
       </thead>
       <tbody>
-        <tr ng-repeat="user in users | orderBy: 'username'" ng-click="editUser(user)">
+        <tr ng-repeat="user in users | orderBy: 'username'" ng-click="editUser(user)"
+            ng-class="{ active: $stateParams.username == user.username }">
           <td>{{ user.username }}</td>
           <td>{{ user.create_date | date: 'yyyy-MM-dd' }}</td>
         </tr>
diff --git a/docs-web/src/main/webapp/src/partial/docs/user.profile.html b/docs-web/src/main/webapp/src/partial/docs/user.profile.html
index 4b225d04..b67c0f6c 100644
--- a/docs-web/src/main/webapp/src/partial/docs/user.profile.html
+++ b/docs-web/src/main/webapp/src/partial/docs/user.profile.html
@@ -2,6 +2,13 @@
   <h1>{{ user.username }} <small>{{ user.email }}</small></h1>
 </div>
 
+<h4 ng-if="user.groups.length > 0">Groups</h4>
+<ul ng-if="user.groups.length > 0">
+  <li ng-repeat="group in user.groups">
+    <a href="#/group/{{ group }}">{{ group }}</a>
+  </li>
+</ul>
+
 <h4>Quota used</h4>
 <div class="row">
   <div class="col-md-6">
@@ -20,9 +27,9 @@
       Documents created by {{ user.username }}
     </a>
   </li>
-  <li>
-    <a ng-href="#/settings/user/edit/{{ user.username }}" ng-if="userInfo.base_functions.indexOf('ADMIN') != -1">
-      Edit {{ user.username}} user
+  <li ng-if="userInfo.base_functions.indexOf('ADMIN') != -1">
+    <a ng-href="#/settings/user/edit/{{ user.username }}">
+      Edit {{ user.username }} user
     </a>
   </li>
 </ul>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/docs/user.html b/docs-web/src/main/webapp/src/partial/docs/usergroup.html
similarity index 53%
rename from docs-web/src/main/webapp/src/partial/docs/user.html
rename to docs-web/src/main/webapp/src/partial/docs/usergroup.html
index 07a5261d..6e0000b1 100644
--- a/docs-web/src/main/webapp/src/partial/docs/user.html
+++ b/docs-web/src/main/webapp/src/partial/docs/usergroup.html
@@ -3,12 +3,30 @@
     <div class="well">
       <p class="input-group">
         <span class="input-group-addon"><span class="glyphicon glyphicon-search"></span></span>
-        <input type="search" class="form-control" placeholder="Search" ng-model="search">
+        <input type="search" class="form-control" placeholder="Search in groups" ng-model="searchGroup">
       </p>
 
       <table class="row table table-striped table-hover">
         <tbody>
-        <tr class="pointer" ng-repeat="user in users | filter: search"
+        <tr class="pointer" ng-repeat="group in groups | filter: searchGroup"
+            ng-click="openGroup(group)" ng-class="{ active: $stateParams.name == group.name }">
+          <td class="col-xs-4">
+            {{ group.name }}
+          </td>
+        </tr>
+        </tbody>
+      </table>
+    </div>
+
+    <div class="well">
+      <p class="input-group">
+        <span class="input-group-addon"><span class="glyphicon glyphicon-search"></span></span>
+        <input type="search" class="form-control" placeholder="Search in users" ng-model="searchUser">
+      </p>
+
+      <table class="row table table-striped table-hover">
+        <tbody>
+        <tr class="pointer" ng-repeat="user in users | filter: searchUser"
             ng-click="openUser(user)" ng-class="{ active: $stateParams.username == user.username }">
           <td class="col-xs-4">
             <span class="glyphicon glyphicon-user"></span>
@@ -22,6 +40,6 @@
   </div>
 
   <div class="col-md-8">
-    <div ui-view="user"></div>
+    <div ui-view="sub"></div>
   </div>
 </div>
\ No newline at end of file
diff --git a/docs-web/src/main/webapp/src/partial/share/share.html b/docs-web/src/main/webapp/src/partial/share/share.html
index e857d6f5..c581ae07 100644
--- a/docs-web/src/main/webapp/src/partial/share/share.html
+++ b/docs-web/src/main/webapp/src/partial/share/share.html
@@ -51,6 +51,16 @@
       <dd ng-if="document.coverage">{{ document.coverage }}</dd>
       <dt ng-if="document.rights">rights</dt>
       <dd ng-if="document.rights">{{ document.rights }}</dd>
+      <dt>Contributors</dt>
+      <dd>
+        <span ng-repeat="contributor in document.contributors">
+          <span class="btn btn-default btn-xs">
+            <a href="mailto:{{ contributor.email }}">
+              {{ contributor.username }}
+            </a>
+          </span>
+        </span>
+      </dd>
     </dl>
 
     <div class="row" ui-sortable="fileSortableOptions" ng-model="files" ng-show="files.length > 0">
diff --git a/docs-web/src/main/webapp/src/style/main.less b/docs-web/src/main/webapp/src/style/main.less
index e07a3b06..588f939b 100644
--- a/docs-web/src/main/webapp/src/style/main.less
+++ b/docs-web/src/main/webapp/src/style/main.less
@@ -12,6 +12,15 @@
   background-color: #263238;
 }
 
+// Selected table line
+.table tr {
+  &.active {
+    td {
+      background-color: #e8e8e8 !important;
+    }
+  }
+}
+
 // Documents list
 .table-documents {
 	thead th {
@@ -20,12 +29,6 @@
 	
 	tbody tr {
     cursor: pointer;
-
-    &.active {
-      td {
-        background-color: #e8e8e8;
-      }
-    }
 	}
 	
 	.cell-tags {
@@ -208,4 +211,34 @@ input[readonly].share-link {
       white-space: nowrap;
     }
   }
+}
+
+// Vertical alignment
+.vertical-center {
+  min-height: 100vh;
+
+  /* Make it a flex container */
+  display: -webkit-box;
+  display: -moz-box;
+  display: -ms-flexbox;
+  display: -webkit-flex;
+  display: flex;
+
+  /* Align the bootstrap's container vertically */
+  -webkit-box-align : center;
+  -webkit-align-items : center;
+  -moz-box-align : center;
+  -ms-flex-align : center;
+  align-items : center;
+}
+
+// Login
+.login-box-container {
+  background: url('../img/background.jpg') no-repeat center;
+}
+
+.login-box {
+  background: rgba(255, 255, 255, 0.5);
+  padding: 20px;
+  border-radius: 4px
 }
\ No newline at end of file
diff --git a/docs-web/src/prod/resources/config.properties b/docs-web/src/prod/resources/config.properties
index 6c2faf82..44ddb414 100644
--- a/docs-web/src/prod/resources/config.properties
+++ b/docs-web/src/prod/resources/config.properties
@@ -1,3 +1,3 @@
 api.current_version=${project.version}
 api.min_version=1.0
-db.version=6
\ No newline at end of file
+db.version=8
\ No newline at end of file
diff --git a/docs-web/src/stress/resources/config.properties b/docs-web/src/stress/resources/config.properties
index 6c2faf82..44ddb414 100644
--- a/docs-web/src/stress/resources/config.properties
+++ b/docs-web/src/stress/resources/config.properties
@@ -1,3 +1,3 @@
 api.current_version=${project.version}
 api.min_version=1.0
-db.version=6
\ No newline at end of file
+db.version=8
\ No newline at end of file
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
index 3dba5baf..1da249fe 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAclResource.java
@@ -28,15 +28,18 @@ public class TestAclResource extends BaseJerseyTest {
      */
     @Test
     public void testAclResource() {
+        // Create aclGroup2
+        clientUtil.createGroup("aclGroup2");
+        
         // Login acl1
         clientUtil.createUser("acl1");
         String acl1Token = clientUtil.login("acl1");
         
         // Login acl2
-        clientUtil.createUser("acl2");
+        clientUtil.createUser("acl2", "aclGroup2");
         String acl2Token = clientUtil.login("acl2");
         
-        // Create a document
+        // Create a document with acl1
         JsonObject json = target().path("/document").request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
                 .put(Entity.form(new Form()
@@ -57,7 +60,7 @@ public class TestAclResource extends BaseJerseyTest {
         Response response = target().path("/document/" + document1Id).request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
                 .get();
-        Assert.assertEquals(Status.FORBIDDEN, Status.fromStatusCode(response.getStatus()));
+        Assert.assertEquals(Status.NOT_FOUND, Status.fromStatusCode(response.getStatus()));
         
         // Add an ACL READ for acl2 with acl1
         json = target().path("/acl").request()
@@ -65,7 +68,8 @@ public class TestAclResource extends BaseJerseyTest {
                 .put(Entity.form(new Form()
                         .param("source", document1Id)
                         .param("perm", "READ")
-                        .param("username", "acl2")), JsonObject.class);
+                        .param("target", "acl2")
+                        .param("type", "USER")), JsonObject.class);
         String acl2Id = json.getString("id");
         
         // Add an ACL WRITE for acl2 with acl1
@@ -74,7 +78,8 @@ public class TestAclResource extends BaseJerseyTest {
                 .put(Entity.form(new Form()
                         .param("source", document1Id)
                         .param("perm", "WRITE")
-                        .param("username", "acl2")), JsonObject.class);
+                        .param("target", "acl2")
+                        .param("type", "USER")), JsonObject.class);
         
         // Add an ACL WRITE for acl2 with acl1 (again)
         json = target().path("/acl").request()
@@ -82,7 +87,37 @@ public class TestAclResource extends BaseJerseyTest {
                 .put(Entity.form(new Form()
                         .param("source", document1Id)
                         .param("perm", "WRITE")
-                        .param("username", "acl2")), JsonObject.class);
+                        .param("target", "acl2")
+                        .param("type", "USER")), JsonObject.class);
+        
+        // Add an ACL READ for aclGroup2 with acl1
+        json = target().path("/acl").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
+                .put(Entity.form(new Form()
+                        .param("source", document1Id)
+                        .param("perm", "READ")
+                        .param("target", "aclGroup2")
+                        .param("type", "GROUP")), JsonObject.class);
+        String aclGroup2Id = json.getString("id");
+        
+        // Add an ACL WRITE for aclGroup2 with acl1
+        json = target().path("/acl").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
+                .put(Entity.form(new Form()
+                        .param("source", document1Id)
+                        .param("perm", "WRITE")
+                        .param("target", "aclGroup2")
+                        .param("type", "GROUP")), JsonObject.class);
+        
+        // List all documents with acl2
+        json = target().path("/document/list")
+                .queryParam("sort_column", 3)
+                .queryParam("asc", true)
+                .request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
+                .get(JsonObject.class);
+        JsonArray documents = json.getJsonArray("documents");
+        Assert.assertEquals(1, documents.size());
         
         // Get the document as acl1
         json = target().path("/document/" + document1Id).request()
@@ -90,7 +125,8 @@ public class TestAclResource extends BaseJerseyTest {
                 .get(JsonObject.class);
         Assert.assertEquals(document1Id, json.getString("id"));
         acls = json.getJsonArray("acls");
-        Assert.assertEquals(4, acls.size());
+        Assert.assertEquals(6, acls.size());
+        Assert.assertTrue(json.getBoolean("writable"));
         
         // Get the document as acl2
         json = target().path("/document/" + document1Id).request()
@@ -98,13 +134,15 @@ public class TestAclResource extends BaseJerseyTest {
                 .get(JsonObject.class);
         Assert.assertEquals(document1Id, json.getString("id"));
         acls = json.getJsonArray("acls");
-        Assert.assertEquals(4, acls.size());
+        Assert.assertEquals(6, acls.size());
+        Assert.assertTrue(json.getBoolean("writable"));
         
         // Update the document as acl2
         json = target().path("/document/" + document1Id).request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
                 .post(Entity.form(new Form()
-                        .param("title", "My new super document 1")), JsonObject.class);
+                        .param("title", "My new super document 1")
+                        .param("language", "eng")), JsonObject.class);
         Assert.assertEquals(document1Id, json.getString("id"));
         
         // Get the document as acl2
@@ -120,6 +158,29 @@ public class TestAclResource extends BaseJerseyTest {
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
                 .delete(JsonObject.class);
         
+        // Get the document as acl2
+        json = target().path("/document/" + document1Id).request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
+                .get(JsonObject.class);
+        Assert.assertEquals(document1Id, json.getString("id"));
+        acls = json.getJsonArray("acls");
+        Assert.assertEquals(5, acls.size());
+        Assert.assertTrue(json.getBoolean("writable")); // Writable by aclGroup2
+        
+        // Delete the ACL WRITE for aclGroup2 with acl2
+        target().path("/acl/" + document1Id + "/WRITE/" + aclGroup2Id).request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
+                .delete(JsonObject.class);
+        
+        // Get the document as acl2
+        json = target().path("/document/" + document1Id).request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
+                .get(JsonObject.class);
+        Assert.assertEquals(document1Id, json.getString("id"));
+        acls = json.getJsonArray("acls");
+        Assert.assertEquals(4, acls.size());
+        Assert.assertFalse(json.getBoolean("writable"));
+        
         // Delete the ACL READ for acl2 with acl2 (not authorized)
         response = target().path("/acl/" + document1Id + "/READ/" + acl2Id).request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
@@ -131,6 +192,16 @@ public class TestAclResource extends BaseJerseyTest {
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
                 .delete(JsonObject.class);
         
+        // Get the document as acl2 (visible by group)
+        target().path("/document/" + document1Id).request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
+                .get(JsonObject.class);
+        
+        // Delete the ACL READ for aclGroup2 with acl1
+        target().path("/acl/" + document1Id + "/READ/" + aclGroup2Id).request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
+                .delete(JsonObject.class);
+        
         // Get the document as acl1
         json = target().path("/document/" + document1Id).request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
@@ -144,7 +215,7 @@ public class TestAclResource extends BaseJerseyTest {
         response = target().path("/document/" + document1Id).request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl2Token)
                 .get();
-        Assert.assertEquals(Status.FORBIDDEN, Status.fromStatusCode(response.getStatus()));
+        Assert.assertEquals(Status.NOT_FOUND, Status.fromStatusCode(response.getStatus()));
         
         // Delete the ACL READ for acl1 with acl1
         response = target().path("/acl/" + document1Id + "/READ/" + acl1Id).request()
@@ -158,7 +229,7 @@ public class TestAclResource extends BaseJerseyTest {
                 .delete();
         Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus()));
         
-        // Search target list
+        // Search target list (acl)
         json = target().path("/acl/target/search")
                 .queryParam("search", "acl")
                 .request()
@@ -166,5 +237,18 @@ public class TestAclResource extends BaseJerseyTest {
                 .get(JsonObject.class);
         JsonArray users = json.getJsonArray("users");
         Assert.assertEquals(2, users.size());
+        JsonArray groups = json.getJsonArray("groups");
+        Assert.assertEquals(1, groups.size());
+        
+        // Search target list (admin)
+        json = target().path("/acl/target/search")
+                .queryParam("search", "admin")
+                .request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, acl1Token)
+                .get(JsonObject.class);
+        users = json.getJsonArray("users");
+        Assert.assertEquals(1, users.size());
+        groups = json.getJsonArray("groups");
+        Assert.assertEquals(1, groups.size());
     }
 }
\ No newline at end of file
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
index 9c1b426f..e6cf2e40 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestAppResource.java
@@ -27,11 +27,11 @@ public class TestAppResource extends BaseJerseyTest {
     @Test
     public void testAppResource() {
         // Login admin
-        String adminAuthenticationToken = clientUtil.login("admin", "admin", false);
+        String adminToken = clientUtil.login("admin", "admin", false);
         
         // Check the application info
         JsonObject json = target().path("/app").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .get(JsonObject.class);
         String currentVersion = json.getString("current_version");
         Assert.assertNotNull(currentVersion);
@@ -44,19 +44,19 @@ public class TestAppResource extends BaseJerseyTest {
         
         // Rebuild Lucene index
         Response response = target().path("/app/batch/reindex").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .post(Entity.form(new Form()));
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
         
         // Clean storage
         response = target().path("/app/batch/clean_storage").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .post(Entity.form(new Form()));
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
         
         // Recompute quota
         response = target().path("/app/batch/recompute_quota").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .post(Entity.form(new Form()));
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
     }
@@ -69,13 +69,13 @@ public class TestAppResource extends BaseJerseyTest {
     @Test
     public void testLogResource() {
         // Login admin
-        String adminAuthenticationToken = clientUtil.login("admin", "admin", false);
+        String adminToken = clientUtil.login("admin", "admin", false);
         
         // Check the logs (page 1)
         JsonObject json = target().path("/app/log")
                 .queryParam("level", "DEBUG")
                 .request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .get(JsonObject.class);
         JsonArray logs = json.getJsonArray("logs");
         Assert.assertTrue(logs.size() > 0);
@@ -88,7 +88,7 @@ public class TestAppResource extends BaseJerseyTest {
                 .queryParam("offset",  "10")
                 .queryParam("level", "DEBUG")
                 .request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .get(JsonObject.class);
         logs = json.getJsonArray("logs");
         Assert.assertTrue(logs.size() > 0);
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestCommentResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestCommentResource.java
index b59551dd..f4677dd9 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestCommentResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestCommentResource.java
@@ -108,7 +108,8 @@ public class TestCommentResource extends BaseJerseyTest {
                 .put(Entity.form(new Form()
                         .param("source", document1Id)
                         .param("perm", "READ")
-                        .param("username", "comment2")), JsonObject.class);
+                        .param("target", "comment2")
+                        .param("type", "USER")), JsonObject.class);
         
         // Create a comment with comment2
         json = target().path("/comment").request()
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java
index 2bc19d0a..b48dd754 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestDocumentResource.java
@@ -76,6 +76,16 @@ public class TestDocumentResource extends BaseJerseyTest {
         String document1Id = json.getString("id");
         Assert.assertNotNull(document1Id);
         
+        // Create a document with document1
+        json = target().path("/document").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
+                .put(Entity.form(new Form()
+                        .param("title", "My super title document 2")
+                        .param("language", "eng")
+                        .param("relations", document1Id)), JsonObject.class);
+        String document2Id = json.getString("id");
+        Assert.assertNotNull(document2Id);
+        
         // Add a file
         String file1Id = null;
         try (InputStream is = Resources.getResource("file/Einstein-Roosevelt-letter.png").openStream()) {
@@ -100,13 +110,13 @@ public class TestDocumentResource extends BaseJerseyTest {
         // List all documents
         json = target().path("/document/list")
                 .queryParam("sort_column", 3)
-                .queryParam("asc", false)
+                .queryParam("asc", true)
                 .request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
                 .get(JsonObject.class);
         JsonArray documents = json.getJsonArray("documents");
         JsonArray tags = documents.getJsonObject(0).getJsonArray("tags");
-        Assert.assertTrue(documents.size() == 1);
+        Assert.assertTrue(documents.size() == 2);
         Assert.assertEquals(document1Id, documents.getJsonObject(0).getString("id"));
         Assert.assertEquals("eng", documents.getJsonObject(0).getString("language"));
         Assert.assertEquals(1, documents.getJsonObject(0).getInt("file_count"));
@@ -130,8 +140,8 @@ public class TestDocumentResource extends BaseJerseyTest {
         json = target().path("/document").request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document3Token)
                 .put(Entity.form(new Form()
-                        .param("title", "My super title document 1")
-                        .param("description", "My super description for document 1")
+                        .param("title", "My super title document 3")
+                        .param("description", "My super description for document 3")
                         .param("language", "eng")
                         .param("create_date", Long.toString(create3Date))), JsonObject.class);
         String document3Id = json.getString("id");
@@ -165,8 +175,8 @@ public class TestDocumentResource extends BaseJerseyTest {
         
         // Search documents
         Assert.assertEquals(1, searchDocuments("full:uranium full:einstein", document1Token));
-        Assert.assertEquals(1, searchDocuments("full:title", document1Token));
-        Assert.assertEquals(1, searchDocuments("title", document1Token));
+        Assert.assertEquals(2, searchDocuments("full:title", document1Token));
+        Assert.assertEquals(2, searchDocuments("title", document1Token));
         Assert.assertEquals(1, searchDocuments("super description", document1Token));
         Assert.assertEquals(1, searchDocuments("subject", document1Token));
         Assert.assertEquals(1, searchDocuments("identifier", document1Token));
@@ -177,15 +187,15 @@ public class TestDocumentResource extends BaseJerseyTest {
         Assert.assertEquals(1, searchDocuments("greenland", document1Token));
         Assert.assertEquals(1, searchDocuments("public domain", document1Token));
         Assert.assertEquals(0, searchDocuments("by:document3", document1Token));
-        Assert.assertEquals(1, searchDocuments("by:document1", document1Token));
+        Assert.assertEquals(2, searchDocuments("by:document1", document1Token));
         Assert.assertEquals(0, searchDocuments("by:nobody", document1Token));
-        Assert.assertEquals(1, searchDocuments("at:" + DateTimeFormat.forPattern("yyyy").print(new Date().getTime()), document1Token));
-        Assert.assertEquals(1, searchDocuments("at:" + DateTimeFormat.forPattern("yyyy-MM").print(new Date().getTime()), document1Token));
-        Assert.assertEquals(1, searchDocuments("at:" + DateTimeFormat.forPattern("yyyy-MM-dd").print(new Date().getTime()), document1Token));
-        Assert.assertEquals(1, searchDocuments("after:2010 before:2040-08", document1Token));
+        Assert.assertEquals(2, searchDocuments("at:" + DateTimeFormat.forPattern("yyyy").print(new Date().getTime()), document1Token));
+        Assert.assertEquals(2, searchDocuments("at:" + DateTimeFormat.forPattern("yyyy-MM").print(new Date().getTime()), document1Token));
+        Assert.assertEquals(2, searchDocuments("at:" + DateTimeFormat.forPattern("yyyy-MM-dd").print(new Date().getTime()), document1Token));
+        Assert.assertEquals(2, searchDocuments("after:2010 before:2040-08", document1Token));
         Assert.assertEquals(1, searchDocuments("tag:super", document1Token));
         Assert.assertEquals(1, searchDocuments("shared:yes", document1Token));
-        Assert.assertEquals(1, searchDocuments("lang:eng", document1Token));
+        Assert.assertEquals(2, searchDocuments("lang:eng", document1Token));
         Assert.assertEquals(1, searchDocuments("after:2010 before:2040-08 tag:super shared:yes lang:eng title description full:uranium", document1Token));
 
         // Search documents (nothing)
@@ -199,7 +209,7 @@ public class TestDocumentResource extends BaseJerseyTest {
         Assert.assertEquals(0, searchDocuments("tag:Nop", document1Token));
         Assert.assertEquals(0, searchDocuments("lang:fra", document1Token));
 
-        // Get a document
+        // Get document 1
         json = target().path("/document/" + document1Id).request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
                 .get(JsonObject.class);
@@ -225,6 +235,22 @@ public class TestDocumentResource extends BaseJerseyTest {
         JsonArray contributors = json.getJsonArray("contributors");
         Assert.assertEquals(1, contributors.size());
         Assert.assertEquals("document1", contributors.getJsonObject(0).getString("username"));
+        JsonArray relations = json.getJsonArray("relations");
+        Assert.assertEquals(1, relations.size());
+        Assert.assertEquals(document2Id, relations.getJsonObject(0).getString("id"));
+        Assert.assertFalse(relations.getJsonObject(0).getBoolean("source"));
+        Assert.assertEquals("My super title document 2", relations.getJsonObject(0).getString("title"));
+        
+        // Get document 2
+        json = target().path("/document/" + document2Id).request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
+                .get(JsonObject.class);
+        Assert.assertEquals(document2Id, json.getString("id"));
+        relations = json.getJsonArray("relations");
+        Assert.assertEquals(1, relations.size());
+        Assert.assertEquals(document1Id, relations.getJsonObject(0).getString("id"));
+        Assert.assertTrue(relations.getJsonObject(0).getBoolean("source"));
+        Assert.assertEquals("My super title document 1", relations.getJsonObject(0).getString("title"));
         
         // Export a document in PDF format
         Response response = target().path("/document/" + document1Id).request()
@@ -241,7 +267,7 @@ public class TestDocumentResource extends BaseJerseyTest {
         String tag2Id = json.getString("id");
         Assert.assertNotNull(tag1Id);
         
-        // Update a document
+        // Update document 1
         json = target().path("/document/" + document1Id).request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
                 .post(Entity.form(new Form()
@@ -254,18 +280,29 @@ public class TestDocumentResource extends BaseJerseyTest {
                         .param("source", "My new source for document 1")
                         .param("type", "Image")
                         .param("coverage", "France")
+                        .param("language", "eng")
                         .param("rights", "All Rights Reserved")
                         .param("tags", tag2Id)), JsonObject.class);
         Assert.assertEquals(document1Id, json.getString("id"));
         
+        // Update document 2
+        json = target().path("/document/" + document2Id).request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
+                .post(Entity.form(new Form()
+                        .param("title", "My super title document 2")
+                        .param("language", "eng")), JsonObject.class);
+        Assert.assertEquals(document2Id, json.getString("id"));
+        
         // Search documents by query
         json = target().path("/document/list")
-                .queryParam("search", "super")
+                .queryParam("search", "new")
                 .request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
                 .get(JsonObject.class);
+        documents = json.getJsonArray("documents");
+        Assert.assertEquals(1, documents.size());
         
-        // Get a document
+        // Get document 1
         json = target().path("/document/" + document1Id).request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
                 .get(JsonObject.class);
@@ -285,6 +322,15 @@ public class TestDocumentResource extends BaseJerseyTest {
         contributors = json.getJsonArray("contributors");
         Assert.assertEquals(1, contributors.size());
         Assert.assertEquals("document1", contributors.getJsonObject(0).getString("username"));
+        relations = json.getJsonArray("relations");
+        Assert.assertEquals(0, relations.size());
+        
+        // Get document 2
+        json = target().path("/document/" + document1Id).request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, document1Token)
+                .get(JsonObject.class);
+        relations = json.getJsonArray("relations");
+        Assert.assertEquals(0, relations.size());
         
         // Deletes a document
         json = target().path("/document/" + document1Id).request()
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java
index f4e851b3..93cd5a5c 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestFileResource.java
@@ -42,12 +42,12 @@ public class TestFileResource extends BaseJerseyTest {
     public void testFileResource() throws Exception {
         // Login file1
         clientUtil.createUser("file1");
-        String file1AuthenticationToken = clientUtil.login("file1");
+        String file1Token = clientUtil.login("file1");
         
         // Create a document
         long create1Date = new Date().getTime();
         JsonObject json = target().path("/document").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .put(Entity.form(new Form()
                         .param("title", "File test document 1")
                         .param("language", "eng")
@@ -63,7 +63,7 @@ public class TestFileResource extends BaseJerseyTest {
                 json = target()
                         .register(MultiPartFeature.class)
                         .path("/file").request()
-                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                         .put(Entity.entity(multiPart.field("id", document1Id).bodyPart(streamDataBodyPart),
                                 MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class);
                 file1Id = json.getString("id");
@@ -80,7 +80,7 @@ public class TestFileResource extends BaseJerseyTest {
                 json = target()
                         .register(MultiPartFeature.class)
                         .path("/file").request()
-                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                         .put(Entity.entity(multiPart.field("id", document1Id).bodyPart(streamDataBodyPart),
                                 MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class);
                 file2Id = json.getString("id");
@@ -90,7 +90,7 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Get the file data
         Response response = target().path("/file/" + file1Id + "/data").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .get();
         InputStream is = (InputStream) response.getEntity();
         byte[] fileBytes = ByteStreams.toByteArray(is);
@@ -101,7 +101,7 @@ public class TestFileResource extends BaseJerseyTest {
         response = target().path("/file/" + file1Id + "/data")
                 .queryParam("size", "thumb")
                 .request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .get();
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
         is = (InputStream) response.getEntity();
@@ -113,7 +113,7 @@ public class TestFileResource extends BaseJerseyTest {
         response = target().path("/file/" + file1Id + "/data")
                 .queryParam("size", "web")
                 .request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .get();
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
         is = (InputStream) response.getEntity();
@@ -131,7 +131,7 @@ public class TestFileResource extends BaseJerseyTest {
         json = target().path("/file/list")
                 .queryParam("id", document1Id)
                 .request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .get(JsonObject.class);
         JsonArray files = json.getJsonArray("files");
         Assert.assertEquals(2, files.size());
@@ -141,7 +141,7 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Reorder files
         json = target().path("/file/reorder").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .post(Entity.form(new Form()
                         .param("id", document1Id)
                         .param("order", file2Id)
@@ -151,7 +151,7 @@ public class TestFileResource extends BaseJerseyTest {
         json = target().path("/file/list")
                 .queryParam("id", document1Id)
                 .request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .get(JsonObject.class);
         files = json.getJsonArray("files");
         Assert.assertEquals(2, files.size());
@@ -162,7 +162,7 @@ public class TestFileResource extends BaseJerseyTest {
         response = target().path("/file/zip")
                 .queryParam("id", document1Id)
                 .request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .get();
         is = (InputStream) response.getEntity();
         fileBytes = ByteStreams.toByteArray(is);
@@ -170,13 +170,13 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Deletes a file
         json = target().path("/file/" + file1Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .delete(JsonObject.class);
         Assert.assertEquals("ok", json.getString("status"));
         
         // Get the file data (not found)
         response = target().path("/file/" + file1Id + "/data").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .get();
         Assert.assertEquals(Status.NOT_FOUND, Status.fromStatusCode(response.getStatus()));
         
@@ -192,7 +192,7 @@ public class TestFileResource extends BaseJerseyTest {
         json = target().path("/file/list")
                 .queryParam("id", document1Id)
                 .request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file1Token)
                 .get(JsonObject.class);
         files = json.getJsonArray("files");
         Assert.assertEquals(1, files.size());
@@ -202,7 +202,7 @@ public class TestFileResource extends BaseJerseyTest {
     public void testOrphanFile() throws Exception {
         // Login file2
         clientUtil.createUser("file2");
-        String file2AuthenticationToken = clientUtil.login("file2");
+        String file2Token = clientUtil.login("file2");
         
         // Add a file
         String file1Id = null;
@@ -212,7 +212,7 @@ public class TestFileResource extends BaseJerseyTest {
                 JsonObject json = target()
                         .register(MultiPartFeature.class)
                         .path("/file").request()
-                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken)
+                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token)
                         .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart),
                                 MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class);
                 file1Id = json.getString("id");
@@ -222,14 +222,14 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Get all orphan files
         JsonObject json = target().path("/file/list").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token)
                 .get(JsonObject.class);
         JsonArray files = json.getJsonArray("files");
         Assert.assertEquals(1, files.size());
         
         // Get the file data
         Response response = target().path("/file/" + file1Id + "/data").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token)
                 .get();
         InputStream is = (InputStream) response.getEntity();
         byte[] fileBytes = ByteStreams.toByteArray(is);
@@ -238,7 +238,7 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Create a document
         json = target().path("/document").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token)
                 .put(Entity.form(new Form()
                         .param("title", "File test document 1")
                         .param("language", "eng")), JsonObject.class);
@@ -247,7 +247,7 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Attach a file to a document
         json = target().path("/file/" + file1Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token)
                 .post(Entity.form(new Form()
                         .param("id", document1Id)), JsonObject.class);
         
@@ -255,7 +255,7 @@ public class TestFileResource extends BaseJerseyTest {
         json = target().path("/file/list")
                 .queryParam("id", document1Id)
                 .request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token)
                 .get(JsonObject.class);
         files = json.getJsonArray("files");
         Assert.assertEquals(1, files.size());
@@ -268,7 +268,7 @@ public class TestFileResource extends BaseJerseyTest {
                 json = target()
                         .register(MultiPartFeature.class)
                         .path("/file").request()
-                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken)
+                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token)
                         .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart),
                                 MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class);
                 file2Id = json.getString("id");
@@ -278,7 +278,7 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Deletes a file
         json = target().path("/file/" + file2Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, file2Token)
                 .delete(JsonObject.class);
         Assert.assertEquals("ok", json.getString("status"));
     }
@@ -287,7 +287,7 @@ public class TestFileResource extends BaseJerseyTest {
     public void testQuota() throws Exception {
         // Login file_quota
         clientUtil.createUser("file_quota");
-        String fileQuotaAuthenticationToken = clientUtil.login("file_quota");
+        String fileQuotaToken = clientUtil.login("file_quota");
         
         // Add a file (292641 bytes large)
         String file1Id = null;
@@ -297,7 +297,7 @@ public class TestFileResource extends BaseJerseyTest {
                 JsonObject json = target()
                     .register(MultiPartFeature.class)
                     .path("/file").request()
-                    .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken)
+                    .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken)
                     .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart),
                             MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class);
                 file1Id = json.getString("id");
@@ -307,7 +307,7 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Check current quota
         JsonObject json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken)
                 .get(JsonObject.class);
         Assert.assertEquals(292641l, json.getJsonNumber("storage_current").longValue());
         
@@ -318,7 +318,7 @@ public class TestFileResource extends BaseJerseyTest {
                 target()
                     .register(MultiPartFeature.class)
                     .path("/file").request()
-                    .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken)
+                    .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken)
                     .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart),
                             MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class);
             }
@@ -326,7 +326,7 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Check current quota
         json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken)
                 .get(JsonObject.class);
         Assert.assertEquals(585282l, json.getJsonNumber("storage_current").longValue());
         
@@ -337,7 +337,7 @@ public class TestFileResource extends BaseJerseyTest {
                 target()
                     .register(MultiPartFeature.class)
                     .path("/file").request()
-                    .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken)
+                    .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken)
                     .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart),
                             MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class);
             }
@@ -345,7 +345,7 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Check current quota
         json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken)
                 .get(JsonObject.class);
         Assert.assertEquals(877923l, json.getJsonNumber("storage_current").longValue());
         
@@ -356,7 +356,7 @@ public class TestFileResource extends BaseJerseyTest {
                 Response response = target()
                         .register(MultiPartFeature.class)
                         .path("/file").request()
-                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken)
+                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken)
                         .put(Entity.entity(multiPart.bodyPart(streamDataBodyPart),
                                 MediaType.MULTIPART_FORM_DATA_TYPE));
                 Assert.assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -365,13 +365,13 @@ public class TestFileResource extends BaseJerseyTest {
         
         // Deletes a file
         json = target().path("/file/" + file1Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken)
                 .delete(JsonObject.class);
         Assert.assertEquals("ok", json.getString("status"));
         
         // Check current quota
         json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, fileQuotaToken)
                 .get(JsonObject.class);
         Assert.assertEquals(585282l, json.getJsonNumber("storage_current").longValue());
     }
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java
new file mode 100644
index 00000000..834c1261
--- /dev/null
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestGroupResource.java
@@ -0,0 +1,186 @@
+package com.sismics.docs.rest;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.json.JsonArray;
+import javax.json.JsonObject;
+import javax.ws.rs.client.Entity;
+import javax.ws.rs.core.Form;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.sismics.util.filter.TokenBasedSecurityFilter;
+
+
+/**
+ * Test the group resource.
+ * 
+ * @author bgamard
+ */
+public class TestGroupResource extends BaseJerseyTest {
+    /**
+     * Test the group resource.
+     * 
+     * @throws JSONException
+     */
+    @Test
+    public void testGroupResource() {
+        // Login admin
+        String adminToken = clientUtil.login("admin", "admin", false);
+        
+        // Create group hierarchy
+        clientUtil.createGroup("g1");
+        clientUtil.createGroup("g11", "g1");
+        clientUtil.createGroup("g12", "g1");
+        clientUtil.createGroup("g111", "g11");
+        clientUtil.createGroup("g112", "g11");
+        
+        // Login group1
+        clientUtil.createUser("group1", "g112", "g12");
+        String group1Token = clientUtil.login("group1");
+        
+        // Login admin2
+        clientUtil.createUser("admin2", "administrators");
+        String admin2Token = clientUtil.login("admin2");
+        
+        // Create trashme
+        clientUtil.createUser("trashme");
+        
+        // Delete trashme with admin2
+        target().path("/user/trashme").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, admin2Token)
+                .delete(JsonObject.class);
+        
+        // Get all groups
+        JsonObject json = target().path("/group")
+                .queryParam("sort_column", "1")
+                .queryParam("asc", "true")
+                .request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .get(JsonObject.class);
+        JsonArray groups = json.getJsonArray("groups");
+        Assert.assertEquals(6, groups.size());
+        JsonObject groupG11 = groups.getJsonObject(2);
+        Assert.assertEquals("g11", groupG11.getString("name"));
+        Assert.assertEquals("g1", groupG11.getString("parent"));
+        
+        // Check admin groups (all computed groups)
+        json = target().path("/user").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .get(JsonObject.class);
+        groups = json.getJsonArray("groups");
+        Assert.assertEquals(1, groups.size());
+        Assert.assertEquals("administrators", groups.getString(0));
+        
+        // Check group1 groups (all computed groups)
+        json = target().path("/user").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, group1Token)
+                .get(JsonObject.class);
+        groups = json.getJsonArray("groups");
+        List<String> groupList = new ArrayList<>();
+        for (int i = 0; i < groups.size(); i++) {
+            groupList.add(groups.getString(i));
+        }
+        Assert.assertEquals(4, groups.size());
+        Assert.assertTrue(groupList.contains("g1"));
+        Assert.assertTrue(groupList.contains("g12"));
+        Assert.assertTrue(groupList.contains("g11"));
+        Assert.assertTrue(groupList.contains("g112"));
+        
+        // Check group1 groups with admin (only direct groups)
+        json = target().path("/user/group1").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .get(JsonObject.class);
+        groups = json.getJsonArray("groups");
+        Assert.assertEquals(2, groups.size());
+        Assert.assertEquals("g112", groups.getString(0));
+        Assert.assertEquals("g12", groups.getString(1));
+        
+        // List all users in group1
+        json = target().path("/user/list")
+                .queryParam("group", "g112")
+                .request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .get(JsonObject.class);
+        JsonArray users = json.getJsonArray("users");
+        Assert.assertEquals(1, users.size());
+        
+        // Add group1 to g112 (again)
+        json = target().path("/group/g112").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .put(Entity.form(new Form()
+                        .param("username", "group1")), JsonObject.class);
+        
+        // Check group1 groups (all computed groups)
+        json = target().path("/user").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, group1Token)
+                .get(JsonObject.class);
+        groups = json.getJsonArray("groups");
+        Assert.assertEquals(4, groups.size());
+        
+        // Update group g12
+        target().path("/group/g12").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .post(Entity.form(new Form()
+                        .param("name", "g12new")
+                        .param("parent", "g11")), JsonObject.class);
+        
+        // Check group1 groups with admin (only direct groups)
+        json = target().path("/user/group1").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .get(JsonObject.class);
+        groups = json.getJsonArray("groups");
+        Assert.assertEquals(2, groups.size());
+        Assert.assertEquals("g112", groups.getString(0));
+        Assert.assertEquals("g12new", groups.getString(1));
+        
+        // Get group g12new
+        json = target().path("/group/g12new").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .get(JsonObject.class);
+        Assert.assertEquals("g12new", json.getString("name"));
+        Assert.assertEquals("g11", json.getString("parent"));
+        JsonArray members = json.getJsonArray("members");
+        Assert.assertEquals(1, members.size());
+        Assert.assertEquals("group1", members.getString(0));
+        
+        // Remove group1 from g12new
+        json = target().path("/group/g12new/group1").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .delete(JsonObject.class);
+        
+        // Check group1 groups (all computed groups)
+        json = target().path("/user").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, group1Token)
+                .get(JsonObject.class);
+        groups = json.getJsonArray("groups");
+        groupList = new ArrayList<>();
+        for (int i = 0; i < groups.size(); i++) {
+            groupList.add(groups.getString(i));
+        }
+        Assert.assertEquals(3, groups.size());
+        Assert.assertTrue(groupList.contains("g1"));
+        Assert.assertTrue(groupList.contains("g11"));
+        Assert.assertTrue(groupList.contains("g112"));
+        
+        // Delete group g1
+        json = target().path("/group/g1").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
+                .delete(JsonObject.class);
+        
+        // Check group1 groups (all computed groups)
+        json = target().path("/user").request()
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, group1Token)
+                .get(JsonObject.class);
+        groups = json.getJsonArray("groups");
+        groupList = new ArrayList<>();
+        for (int i = 0; i < groups.size(); i++) {
+            groupList.add(groups.getString(i));
+        }
+        Assert.assertEquals(2, groups.size());
+        Assert.assertTrue(groupList.contains("g11"));
+        Assert.assertTrue(groupList.contains("g112"));
+    }
+}
\ No newline at end of file
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java b/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java
index a05571fd..0b938a64 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestSecurity.java
@@ -38,11 +38,11 @@ public class TestSecurity extends BaseJerseyTest {
         Assert.assertEquals("You don't have access to this resource", json.getString("message"));
 
         // User testsecurity logs in
-        String testSecurityAuthenticationToken = clientUtil.login("testsecurity");
+        String testSecurityToken = clientUtil.login("testsecurity");
         
         // User testsecurity creates a new user KO : no permission
         response = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityToken)
                 .put(Entity.form(new Form()));
         Assert.assertEquals(Status.FORBIDDEN, Status.fromStatusCode(response.getStatus()));
         Assert.assertEquals("ForbiddenError", json.getString("type"));
@@ -50,29 +50,29 @@ public class TestSecurity extends BaseJerseyTest {
         
         // User testsecurity changes his email OK
         json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityToken)
                 .post(Entity.form(new Form()
                         .param("email", "testsecurity2@docs.com")), JsonObject.class);
         Assert.assertEquals("ok", json.getString("status"));
 
         // User testsecurity logs out
         response = target().path("/user/logout").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityToken)
                 .post(Entity.form(new Form()));
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
-        testSecurityAuthenticationToken = clientUtil.getAuthenticationCookie(response);
-        Assert.assertTrue(StringUtils.isEmpty(testSecurityAuthenticationToken));
+        testSecurityToken = clientUtil.getAuthenticationCookie(response);
+        Assert.assertTrue(StringUtils.isEmpty(testSecurityToken));
 
         // User testsecurity logs out KO : he is not connected anymore
         response = target().path("/user/logout").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, testSecurityToken)
                 .post(Entity.form(new Form()));
         Assert.assertEquals(Status.FORBIDDEN, Status.fromStatusCode(response.getStatus()));
 
         // User testsecurity logs in with a long lived session
-        testSecurityAuthenticationToken = clientUtil.login("testsecurity", "12345678", true);
+        testSecurityToken = clientUtil.login("testsecurity", "12345678", true);
 
         // User testsecurity logs out
-        clientUtil.logout(testSecurityAuthenticationToken);
+        clientUtil.logout(testSecurityToken);
     }
 }
\ No newline at end of file
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java
index eea8ab85..4bccaf43 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestShareResource.java
@@ -36,11 +36,11 @@ public class TestShareResource extends BaseJerseyTest {
     public void testShareResource() throws Exception {
         // Login share1
         clientUtil.createUser("share1");
-        String share1AuthenticationToken = clientUtil.login("share1");
+        String share1Token = clientUtil.login("share1");
         
         // Create a document
         JsonObject json = target().path("/document").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1Token)
                 .put(Entity.form(new Form()
                         .param("title", "File test document 1")
                         .param("language", "eng")), JsonObject.class);
@@ -55,7 +55,7 @@ public class TestShareResource extends BaseJerseyTest {
                 json = target()
                         .register(MultiPartFeature.class)
                         .path("/file").request()
-                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1AuthenticationToken)
+                        .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1Token)
                         .put(Entity.entity(multiPart.field("id", document1Id).bodyPart(streamDataBodyPart),
                                 MediaType.MULTIPART_FORM_DATA_TYPE), JsonObject.class);
                 file1Id = json.getString("id");
@@ -64,7 +64,7 @@ public class TestShareResource extends BaseJerseyTest {
         
         // Share this document
         json = target().path("/share").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1Token)
                 .put(Entity.form(new Form()
                         .param("id", document1Id)
                         .param("name", "4 All")), JsonObject.class);
@@ -107,9 +107,9 @@ public class TestShareResource extends BaseJerseyTest {
         
         // Deletes the share (not allowed)
         clientUtil.createUser("share2");
-        String share2AuthenticationToken = clientUtil.login("share2");
+        String share2Token = clientUtil.login("share2");
         response = target().path("/share/" + share1Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share2AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share2Token)
                 .delete();
         Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus()));
         json = response.readEntity(JsonObject.class);
@@ -117,13 +117,13 @@ public class TestShareResource extends BaseJerseyTest {
         
         // Deletes the share
         json = target().path("/share/" + share1Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1Token)
                 .delete(JsonObject.class);
         Assert.assertEquals("ok", json.getString("status"));
 
         // Deletes the share again
         response = target().path("/share/" + share1Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1AuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, share1Token)
                 .delete();
         Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus()));
         json = response.readEntity(JsonObject.class);
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java
index af9c8eb3..49f68a9d 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestTagResource.java
@@ -85,6 +85,8 @@ public class TestTagResource extends BaseJerseyTest {
         response = target().path("/document/" + document2Id).request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token)
                 .post(Entity.form(new Form()
+                        .param("title", "My super document 2")
+                        .param("language", "eng")
                         .param("tags", tag3Id)
                         .param("tags", tag4Id)));
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
@@ -102,6 +104,8 @@ public class TestTagResource extends BaseJerseyTest {
         response = target().path("/document/" + document2Id).request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, tag1Token)
                 .post(Entity.form(new Form()
+                        .param("title", "My super document 2")
+                        .param("language", "eng")
                         .param("tags", tag4Id)));
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
         
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
index a67ce500..aca82154 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestUserResource.java
@@ -37,14 +37,14 @@ public class TestUserResource extends BaseJerseyTest {
         clientUtil.createUser("alice");
 
         // Login admin
-        String adminAuthenticationToken = clientUtil.login("admin", "admin", false);
+        String adminToken = clientUtil.login("admin", "admin", false);
         
         // List all users
         json = target().path("/user/list")
                 .queryParam("sort_column", 2)
                 .queryParam("asc", false)
                 .request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .get(JsonObject.class);
         JsonArray users = json.getJsonArray("users");
         Assert.assertTrue(users.size() > 0);
@@ -58,7 +58,7 @@ public class TestUserResource extends BaseJerseyTest {
         
         // Create a user KO (login length validation)
         Response response = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .put(Entity.form(new Form()
                         .param("username", "   bb  ")
                         .param("email", "bob@docs.com")
@@ -71,7 +71,7 @@ public class TestUserResource extends BaseJerseyTest {
 
         // Create a user KO (login format validation)
         response = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .put(Entity.form(new Form()
                         .param("username", "bob-")
                         .param("email", "bob@docs.com")
@@ -84,7 +84,7 @@ public class TestUserResource extends BaseJerseyTest {
         
         // Create a user KO (invalid quota)
         response = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .put(Entity.form(new Form()
                         .param("username", "bob")
                         .param("email", "bob@docs.com")
@@ -97,7 +97,7 @@ public class TestUserResource extends BaseJerseyTest {
 
         // Create a user KO (email format validation)
         response = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .put(Entity.form(new Form()
                         .param("username", "bob")
                         .param("email", "bobdocs.com")
@@ -115,12 +115,12 @@ public class TestUserResource extends BaseJerseyTest {
                 .param("password", " 12345678 ")
                 .param("storage_quota", "10");
         json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .put(Entity.form(form), JsonObject.class);
 
         // Create a user bob KO : duplicate username
         response = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .put(Entity.form(form));
         Assert.assertNotSame(Status.OK, Status.fromStatusCode(response.getStatus()));
         json = response.readEntity(JsonObject.class);
@@ -144,12 +144,12 @@ public class TestUserResource extends BaseJerseyTest {
         String aliceAuthToken = clientUtil.getAuthenticationCookie(response);
 
         // Login user bob twice
-        String bobAuthToken = clientUtil.login("bob");
-        String bobAuthToken2 = clientUtil.login("bob");
+        String bobToken = clientUtil.login("bob");
+        String bobToken2 = clientUtil.login("bob");
 
         // List sessions
         response = target().path("/user/session").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobAuthToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobToken)
                 .get();
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
         json = response.readEntity(JsonObject.class);
@@ -160,13 +160,13 @@ public class TestUserResource extends BaseJerseyTest {
         
         // Delete all sessions
         response = target().path("/user/session").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobAuthToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobToken)
                 .delete();
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
 
         // Check bob user information with token 2 (just deleted)
         response = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobAuthToken2)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobToken2)
                 .get();
         Assert.assertEquals(Status.OK, Status.fromStatusCode(response.getStatus()));
         json = response.readEntity(JsonObject.class);
@@ -183,7 +183,7 @@ public class TestUserResource extends BaseJerseyTest {
         
         // Check bob user information
         json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobAuthToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, bobToken)
                 .get(JsonObject.class);
         Assert.assertEquals("bob@docs.com", json.getString("email"));
         
@@ -238,11 +238,11 @@ public class TestUserResource extends BaseJerseyTest {
         clientUtil.createUser("admin_user1");
 
         // Login admin
-        String adminAuthenticationToken = clientUtil.login("admin", "admin", false);
+        String adminToken = clientUtil.login("admin", "admin", false);
 
         // Check admin information
         JsonObject json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .get(JsonObject.class);
         Assert.assertTrue(json.getBoolean("is_default_password"));
         Assert.assertEquals(0l, json.getJsonNumber("storage_current").longValue());
@@ -250,27 +250,27 @@ public class TestUserResource extends BaseJerseyTest {
 
         // User admin updates his information
         json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .post(Entity.form(new Form()
                         .param("email", "newadminemail@docs.com")), JsonObject.class);
         Assert.assertEquals("ok", json.getString("status"));
 
         // Check admin information update
         json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .get(JsonObject.class);
         Assert.assertEquals("newadminemail@docs.com", json.getString("email"));
 
         // User admin update admin_user1 information
         json = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .post(Entity.form(new Form()
                         .param("email", " alice2@docs.com ")), JsonObject.class);
         Assert.assertEquals("ok", json.getString("status"));
         
         // User admin deletes himself: forbidden
         Response response = target().path("/user").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .delete();
         Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus()));
         json = response.readEntity(JsonObject.class);
@@ -278,13 +278,13 @@ public class TestUserResource extends BaseJerseyTest {
 
         // User admin deletes user admin_user1
         json = target().path("/user/admin_user1").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .delete(JsonObject.class);
         Assert.assertEquals("ok", json.getString("status"));
         
         // User admin deletes user admin_user1 : KO (user doesn't exist)
         response = target().path("/user/admin_user1").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .delete();
         Assert.assertEquals(Status.BAD_REQUEST, Status.fromStatusCode(response.getStatus()));
         json = response.readEntity(JsonObject.class);
diff --git a/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java b/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java
index 491bab7a..9d2005e3 100644
--- a/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java
+++ b/docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java
@@ -29,7 +29,7 @@ public class TestVocabularyResource extends BaseJerseyTest {
         String vocabulary1Token = clientUtil.login("vocabulary1");
         
         // Login admin
-        String adminAuthenticationToken = clientUtil.login("admin", "admin", false);
+        String adminToken = clientUtil.login("admin", "admin", false);
         
         // Get coverage vocabularies entries
         JsonObject json = target().path("/vocabulary/coverage").request()
@@ -49,7 +49,7 @@ public class TestVocabularyResource extends BaseJerseyTest {
         
         // Create a vocabulary entry with admin
         json = target().path("/vocabulary").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .put(Entity.form(new Form()
                         .param("name", "test-voc-1")
                         .param("value", "First value")
@@ -62,7 +62,7 @@ public class TestVocabularyResource extends BaseJerseyTest {
         
         // Create a vocabulary entry with admin
         Response response = target().path("/vocabulary").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .put(Entity.form(new Form()
                         .param("name", "NOT_VALID")
                         .param("value", "First value")
@@ -81,7 +81,7 @@ public class TestVocabularyResource extends BaseJerseyTest {
         
         // Update a vocabulary entry with admin
         json = target().path("/vocabulary/" + vocabulary1Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .post(Entity.form(new Form()
                         .param("name", "test-voc-1-updated")
                         .param("value", "First value updated")
@@ -103,7 +103,7 @@ public class TestVocabularyResource extends BaseJerseyTest {
         
         // Delete a vocabulary entry with admin
         json = target().path("/vocabulary/" + vocabulary1Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminToken)
                 .delete(JsonObject.class);
         
         // Get test-voc-1-updated vocabularies entries