diff --git a/src/app/models/user.rb b/src/app/models/user.rb
index 61d72871e77..f16f30ce164 100644
--- a/src/app/models/user.rb
+++ b/src/app/models/user.rb
@@ -118,8 +118,8 @@ def allowed_all_tags?(verbs, resource_type,  org = nil)
     verbs = [] if verbs.nil?
     verbs = [verbs] unless verbs.is_a? Array
     org = Organization.find(org) if Numeric === org
-    Rails.logger.debug "Checking if user #{username} is allowed to #{verbs.join(',')} in
-          #{resource_type.inspect} in organization #{org && org.inspect}"
+
+    log_roles(verbs, resource_type, nil,org)
 
     org_permissions = org_permissions_query(org, resource_type == :organizations)
     org_permissions = org_permissions.where(:organization_id => nil) if resource_type == :organizations
@@ -198,8 +198,7 @@ def allowed_to?(verbs, resource_type, tags = nil, org = nil, any_tags = false)
     ResourceType.check resource_type, verbs
     verbs = [] if verbs.nil?
     verbs = [verbs] unless verbs.is_a? Array
-    Rails.logger.debug "Checking if user #{username} is allowed to #{verbs.join(',')} in
-          #{resource_type.inspect} scoped #{tags.inspect} in organization #{org && org.inspect}"
+    log_roles(verbs, resource_type, tags,org, any_tags)
 
     return true if allowed_all_tags?( verbs,resource_type, org)
 
@@ -383,8 +382,7 @@ def allowed_tags_query(verbs, resource_type,  org = nil, allowed_to_check = true
     ResourceType.check resource_type, verbs
     verbs = [] if verbs.nil?
     verbs = [verbs] unless verbs.is_a? Array
-    Rails.logger.debug "Checking if user #{username} is allowed to #{verbs.join(',')} in
-          #{resource_type.inspect} in organization #{org && org.inspect}"
+    log_roles(verbs, resource_type, nil,org)
     org = Organization.find(org) if Numeric === org
     org_permissions = org_permissions_query(org, resource_type == :organizations)
 
@@ -431,4 +429,17 @@ def org_permissions_query(org, exclude_orgs_clause = false)
     query
   end
 
+
+  def log_roles verbs, resource_type, tags, org, any_tags = false
+    if  AppConfig.allow_roles_logging
+      verbs_str = verbs ? verbs.join(','):"perform any verb"
+      tags_str = "any tags"
+      if tags
+        tag_str = any_tags ? "any tag in #{tags.join(',')}" : "all the tags in #{tags.join(',')}"
+      end
+
+      org_str = org ? "organization #{org.inspect}":" any organization"
+      Rails.logger.info "Checking if user #{username} is allowed to #{verbs_str} in  #{resource_type.inspect} scoped for #{tags_str} in  #{org_str}"
+    end
+  end
 end