diff --git a/lib/main/models/__init__.py b/lib/main/models/__init__.py
index cc5012381d..6ae2df03c5 100644
--- a/lib/main/models/__init__.py
+++ b/lib/main/models/__init__.py
@@ -1,6 +1,7 @@
 from django.db import models
 from django.db.models import CASCADE, SET_NULL, PROTECT
 from django.utils.translation import ugettext_lazy as _
+from django.core.urlresolvers import reverse
 
 # TODO: jobs and events model TBD
 # TODO: reporting model TBD
@@ -64,6 +65,10 @@ class Organization(CommonModel):
     admins   = models.ManyToManyField('User', blank=True, related_name='admin_of_organizations')
     projects = models.ManyToManyField('Project', blank=True, related_name='organizations')
 
+    def get_absolute_url(self):
+        import lib.urls
+        return reverse(lib.urls.views_OrganizationsDetail, args=(self.pk,))
+
 class Inventory(CommonModel):
     ''' 
     an inventory source contains lists and hosts.
diff --git a/lib/main/serializers.py b/lib/main/serializers.py
index 687900cfd2..2f1fbd2452 100644
--- a/lib/main/serializers.py
+++ b/lib/main/serializers.py
@@ -4,7 +4,8 @@ from rest_framework import serializers, pagination
 
 class OrganizationSerializer(serializers.ModelSerializer):
 
+    url = serializers.CharField(source='get_absolute_url', read_only=True)
+
     class Meta:
         model = Organization
-        fields = ('name', 'description')
-
+        fields = ('url', 'name', 'description')
diff --git a/lib/main/tests.py b/lib/main/tests.py
index 5feaed38b6..a0a62c0d60 100644
--- a/lib/main/tests.py
+++ b/lib/main/tests.py
@@ -134,7 +134,7 @@ class OrganizationsTest(BaseTest):
         # superuser credentials == 200, full list
         data = self.get(self.collection(), expect=200, auth=self.get_super_credentials())
         self.check_pagination_and_size(data, 10, previous=None, next=None)
-        [self.assertTrue(key in data['results'][0]) for key in ['name', 'description' ]] # url
+        [self.assertTrue(key in data['results'][0]) for key in ['name', 'description', 'url' ]]
 
         # normal credentials == 200, get only organizations that I am actually added to (there are 2)
         data = self.get(self.collection(), expect=200, auth=self.get_normal_credentials())
diff --git a/lib/main/views.py b/lib/main/views.py
index 42a2b4cb93..6a506ef4b5 100644
--- a/lib/main/views.py
+++ b/lib/main/views.py
@@ -2,6 +2,7 @@ from django.http import HttpResponse
 from django.views.decorators.csrf import csrf_exempt
 #from rest_framework.renderers import JSONRenderer
 #from rest_framework.parsers import JSONParser
+
 from lib.main.models import *
 from lib.main.serializers import *
 from django.contrib.auth.models import AnonymousUser
@@ -9,7 +10,7 @@ from django.contrib.auth.models import AnonymousUser
 from rest_framework import mixins
 from rest_framework import generics
 from rest_framework import permissions
-from rest_framework import permissions
+#from rest_framework.authentication import authentication
 
 # TODO: verify pagination
 # TODO: how to add relative resources
@@ -18,15 +19,31 @@ from rest_framework import permissions
 class CustomRbac(permissions.BasePermission):
 
     def has_permission(self, request, view, obj=None):
+
+        # no anonymous users
         if type(request.user) == AnonymousUser:
             return False
 
+        # superusers are always good
+        if request.user.is_superuser:
+            return True
+
+        # other users must have associated acom user records
+        # and be active
+        acom_user = User.objects.filter(auth_user = request.user)
+        if len(acom_user) != 1:
+            return False
+        if not acom_user[0].active:
+            return False
+
         if obj is None:
             return True
         else:
+            # haven't tested around these confines yet
             raise Exception("FIXME")
 
     def has_object_permission(self, request, view, obj):
+        # make sure we're running with a tested version since this is a security-related function
         raise Exception("newer than expected version of django-rest-framework installed")
 
 
diff --git a/lib/urls.py b/lib/urls.py
index 5b67f03d70..3e055d24db 100644
--- a/lib/urls.py
+++ b/lib/urls.py
@@ -2,10 +2,13 @@ from django.conf import settings
 from django.conf.urls import *
 import lib.main.views as views
 
+views_OrganizationsList = views.OrganizationsList.as_view()
+views_OrganizationsDetail = views.OrganizationsDetail.as_view()
+
 urlpatterns = patterns('',
     url(r'', include('lib.web.urls')),
-    url(r'^api/v1/organizations/$',                 views.OrganizationsList.as_view()),
-    url(r'^api/v1/organizations/(?P<pk>[0-9]+)/$',  views.OrganizationsDetail.as_view()),
+    url(r'^api/v1/organizations/$',                 views_OrganizationsList),
+    url(r'^api/v1/organizations/(?P<pk>[0-9]+)/$',  views_OrganizationsDetail),
 )
 
 if 'django.contrib.admin' in settings.INSTALLED_APPS: