diff --git a/model/AdminService.php b/model/AdminService.php
index d86f44bb..204d512d 100644
--- a/model/AdminService.php
+++ b/model/AdminService.php
@@ -22,7 +22,6 @@
 
 namespace oat\taoDacSimple\model;
 
-use oat\generis\model\data\permission\PermissionInterface;
 use oat\oatbox\service\ServiceManager;
 
 /**
@@ -65,10 +64,7 @@ public static function setOwner($resourceUri, $userUri)
      */
     public static function getUsersPermissions($resourceId)
     {
-        /** @var PermissionProvider $permissionProvider */
-        $permissionProvider = self::getServiceManager()->get(PermissionInterface::SERVICE_ID);
-
-        return $permissionProvider->getResourceAccessData($resourceId);
+        return self::getRolePrivilegeRetriever()->retrieveByResourceIds([$resourceId]);
     }
 
     /**
@@ -95,4 +91,9 @@ public static function getServiceManager()
     {
         return ServiceManager::getServiceManager();
     }
+
+    private static function getRolePrivilegeRetriever(): RolePrivilegeRetriever
+    {
+        return self::getServiceManager()->get(RolePrivilegeRetriever::class);
+    }
 }
diff --git a/model/PermissionProvider.php b/model/PermissionProvider.php
index aad5b8f9..ea54d017 100644
--- a/model/PermissionProvider.php
+++ b/model/PermissionProvider.php
@@ -138,19 +138,16 @@ public static function getSupportedRootClasses()
         ];
     }
 
+    /**
+     * @deprecated Use RolePrivilegeRetriever::retrieveByResourceIds()
+     */
     public function getResourceAccessData(string $resourceId): array
     {
-        /** @var DataBaseAccess $db */
-        $db = $this->getServiceLocator()->get(DataBaseAccess::SERVICE_ID);
-        $results = $db->getUsersWithPermissions([$resourceId]);
-
-        $permissions = [];
-        foreach ($results as $result) {
-            $user = $result['user_id'];
-
-            $permissions[$user][] = $result['privilege'];
-        }
+        return $this->getRolePrivilegeRetriever()->retrieveByResourceIds([$resourceId]);
+    }
 
-        return $permissions;
+    private function getRolePrivilegeRetriever(): RolePrivilegeRetriever
+    {
+        return $this->getServiceLocator()->get(RolePrivilegeRetriever::class);
     }
 }
diff --git a/model/RolePrivilegeRetriever.php b/model/RolePrivilegeRetriever.php
new file mode 100644
index 00000000..bddeaab5
--- /dev/null
+++ b/model/RolePrivilegeRetriever.php
@@ -0,0 +1,68 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; under version 2
+ * of the License (non-upgradable).
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * Copyright (c) 2021 (original work) Open Assessment Technologies SA (under the project TAO-PRODUCT);
+ *
+ */
+
+namespace oat\taoDacSimple\model;
+
+use oat\oatbox\service\ConfigurableService;
+
+class RolePrivilegeRetriever extends ConfigurableService
+{
+    /**
+     * Sample data to be returned:
+     * [
+     *    'http://www.tao.lu/Ontologies/TAO.rdf#BackOfficeRole' => [
+     *        'GRANT',
+     *        'READ',
+     *        'WRITE'
+     *    ],
+     *    'http://www.tao.lu/Ontologies/TAO.rdf#ItemAuthor' => [
+     *        'GRANT',
+     *        'READ'
+     *    ],
+     * ]
+     */
+    public function retrieveByResourceIds(array $resourceIds): array
+    {
+        $results = $this->getDataBaseAccess()
+            ->getUsersWithPermissions($resourceIds);
+
+        $permissions = [];
+
+        foreach ($results as $result) {
+            $user = $result['user_id'];
+
+            if (!isset($permissions[$user])) {
+                $permissions[$user] = [];
+            }
+
+            $permissions[$user][] = $result['privilege'];
+        }
+
+        return $permissions;
+    }
+
+    private function getDataBaseAccess(): DataBaseAccess
+    {
+        return $this->getServiceLocator()->get(DataBaseAccess::SERVICE_ID);
+    }
+}
diff --git a/test/unit/model/PermissionProviderTest.php b/test/unit/model/PermissionProviderTest.php
index 7b905574..a7a2c533 100644
--- a/test/unit/model/PermissionProviderTest.php
+++ b/test/unit/model/PermissionProviderTest.php
@@ -14,7 +14,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  *
- * Copyright (c) 2020 (original work) Open Assessment Technologies SA;
+ * Copyright (c) 2020-2021 (original work) Open Assessment Technologies SA;
  *
  */
 
@@ -25,18 +25,25 @@
 use oat\generis\test\TestCase;
 use oat\taoDacSimple\model\DataBaseAccess;
 use oat\taoDacSimple\model\PermissionProvider;
+use oat\taoDacSimple\model\RolePrivilegeRetriever;
 
 class PermissionProviderTest extends TestCase
 {
     /** @var PermissionProvider */
     private $sut;
 
+    /** @var RolePrivilegeRetriever */
+    private $userPrivilegeRetriever;
+
     public function setUp(): void
     {
-        $databaseAccess = $this->createDatabaseAccessMock();
-        $serviceLocator = $this->getServiceLocatorMock([
-            DataBaseAccess::SERVICE_ID => $databaseAccess
-        ]);
+        $this->userPrivilegeRetriever = $this->createMock(RolePrivilegeRetriever::class);
+        $serviceLocator = $this->getServiceLocatorMock(
+            [
+                DataBaseAccess::SERVICE_ID => $this->createMock(DataBaseAccess::class),
+                RolePrivilegeRetriever::class => $this->userPrivilegeRetriever,
+            ]
+        );
 
         $this->sut = new PermissionProvider();
         $this->sut->setServiceLocator($serviceLocator);
@@ -44,40 +51,11 @@ public function setUp(): void
 
     public function testGetResourceAccessData(): void
     {
-        $result = $this->sut->getResourceAccessData('id');
-        $expected = [
-            'http://www.tao.lu/Ontologies/TAO.rdf#BackOfficeRole' => ['READ', 'WRITE', 'GRANT']
-        ];
-
-        self::assertSame($expected, $result);
-    }
-
-    private function createDatabaseAccessMock(): DataBaseAccess
-    {
-        $databaseAccess = $this->createMock(DataBaseAccess::class);
-
-        $databaseAccess
-            ->expects($this->once())
-            ->method('getUsersWithPermissions')
+        $this->userPrivilegeRetriever
+            ->method('retrieveByResourceIds')
             ->with(['id'])
-            ->willReturn([
-                [
-                    'resource_id' => 'id',
-                    'user_id' => 'http://www.tao.lu/Ontologies/TAO.rdf#BackOfficeRole',
-                    'privilege' => 'READ'
-                ],
-                [
-                    'resource_id' => 'id',
-                    'user_id' => 'http://www.tao.lu/Ontologies/TAO.rdf#BackOfficeRole',
-                    'privilege' => 'WRITE'
-                ],
-                [
-                    'resource_id' => 'id',
-                    'user_id' => 'http://www.tao.lu/Ontologies/TAO.rdf#BackOfficeRole',
-                    'privilege' => 'GRANT'
-                ]
-            ]);
+            ->willReturn([]);
 
-        return $databaseAccess;
+        self::assertSame([], $this->sut->getResourceAccessData('id'));
     }
 }
diff --git a/test/unit/model/RolePrivilegeRetrieverTest.php b/test/unit/model/RolePrivilegeRetrieverTest.php
new file mode 100644
index 00000000..ad8309b7
--- /dev/null
+++ b/test/unit/model/RolePrivilegeRetrieverTest.php
@@ -0,0 +1,88 @@
+<?php
+
+/**
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; under version 2
+ * of the License (non-upgradable).
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * Copyright (c) 2021 (original work) Open Assessment Technologies SA;
+ *
+ */
+
+declare(strict_types=1);
+
+namespace oat\taoDacSimple\test\unit\model;
+
+use oat\generis\test\TestCase;
+use oat\taoDacSimple\model\DataBaseAccess;
+use oat\taoDacSimple\model\RolePrivilegeRetriever;
+
+class RolePrivilegeRetrieverTest extends TestCase
+{
+    /** @var RolePrivilegeRetriever */
+    private $sut;
+
+    /** @var DataBaseAccess */
+    private $databaseAccess;
+
+    public function setUp(): void
+    {
+        $this->databaseAccess = $this->createMock(DataBaseAccess::class);
+
+        $this->sut = new RolePrivilegeRetriever();
+        $this->sut->setServiceLocator(
+            $this->getServiceLocatorMock(
+                [
+                    DataBaseAccess::SERVICE_ID => $this->databaseAccess
+                ]
+            )
+        );
+    }
+
+    public function testRetrieveByResourceIds(): void
+    {
+        $this->databaseAccess
+            ->method('getUsersWithPermissions')
+            ->with(['id'])
+            ->willReturn(
+                [
+                    [
+                        'resource_id' => 'id',
+                        'user_id' => 'http://www.tao.lu/Ontologies/TAO.rdf#BackOfficeRole',
+                        'privilege' => 'READ'
+                    ],
+                    [
+                        'resource_id' => 'id',
+                        'user_id' => 'http://www.tao.lu/Ontologies/TAO.rdf#BackOfficeRole',
+                        'privilege' => 'WRITE'
+                    ],
+                    [
+                        'resource_id' => 'id',
+                        'user_id' => 'http://www.tao.lu/Ontologies/TAO.rdf#BackOfficeRole',
+                        'privilege' => 'GRANT'
+                    ]
+                ]
+            );
+
+        $this->assertSame(
+            [
+                'http://www.tao.lu/Ontologies/TAO.rdf#BackOfficeRole' => [
+                    'READ',
+                    'WRITE',
+                    'GRANT'
+                ]
+            ],
+            $this->sut->retrieveByResourceIds(['id'])
+        );
+    }
+}