diff --git a/cliquet/permission/postgresql/__init__.py b/cliquet/permission/postgresql/__init__.py
index 09a02743..5371e82c 100644
--- a/cliquet/permission/postgresql/__init__.py
+++ b/cliquet/permission/postgresql/__init__.py
@@ -187,14 +187,18 @@ def principals_accessible_objects(self, principals, permission,
         ),
         user_principals AS (
           VALUES %(principals)s
+        ),
+        potential_objects AS (
+          SELECT object_id, required_perms.column1 AS pattern
+            FROM access_control_entries
+            JOIN user_principals
+              ON (principal = user_principals.column1)
+            JOIN required_perms
+              ON (permission = required_perms.column2)
         )
         SELECT object_id
-          FROM access_control_entries
-            JOIN required_perms
-              ON (object_id ~ required_perms.column1 AND
-                  permission = required_perms.column2)
-            JOIN user_principals
-              ON (principal = user_principals.column1);
+          FROM potential_objects
+         WHERE object_id ~ pattern;
         """ % dict(perms=perms_values,
                    principals=principals_values)
 
diff --git a/cliquet/permission/postgresql/schema.sql b/cliquet/permission/postgresql/schema.sql
index 88f5f5c9..08f17208 100644
--- a/cliquet/permission/postgresql/schema.sql
+++ b/cliquet/permission/postgresql/schema.sql
@@ -12,3 +12,10 @@ CREATE TABLE IF NOT EXISTS access_control_entries (
 
     PRIMARY KEY (object_id, permission, principal)
 );
+
+DROP INDEX IF EXISTS idx_access_control_entries_object_id;
+CREATE INDEX idx_access_control_entries_object_id ON access_control_entries(object_id);
+DROP INDEX IF EXISTS idx_access_control_entries_permission;
+CREATE INDEX idx_access_control_entries_permission ON access_control_entries(permission);
+DROP INDEX IF EXISTS idx_access_control_entries_principal;
+CREATE INDEX idx_access_control_entries_principal ON access_control_entries(principal);