diff --git a/kea-dhcp/acl_security.pl b/kea-dhcp/acl_security.pl
index d663e4b85..b71792205 100644
--- a/kea-dhcp/acl_security.pl
+++ b/kea-dhcp/acl_security.pl
@@ -18,13 +18,13 @@ my ($o) = @_;
 print ui_table_span(&ui_tag('b', &html_escape($text{'acl_section_view'})));
 foreach my $a (qw(dhcp4 dhcp6 ddns services runtime)) {
 	print ui_table_row($text{'acl_'.$a},
-			   ui_yesno_radio($a, kea_check_acl($a, $o)), 3);
+			   ui_yesno_radio($a, $o->{$a}), 3);
 	}
 print ui_table_hr();
 print ui_table_span(&ui_tag('b', &html_escape($text{'acl_section_change'})));
 foreach my $a (qw(edit4 edit6 editddns manual apply install)) {
 	print ui_table_row($text{'acl_'.$a},
-			   ui_yesno_radio($a, kea_check_acl($a, $o)), 3);
+			   ui_yesno_radio($a, $o->{$a}), 3);
 	}
 }
 
@@ -34,7 +34,8 @@ sub acl_security_save
 {
 my ($o) = @_;
 
-foreach my $a (kea_acl_keys()) {
+foreach my $a (qw(dhcp4 dhcp6 ddns services runtime edit4 edit6 editddns
+		  manual apply install)) {
 	$o->{$a} = $in{$a} || 0;
 	}
 }
diff --git a/kea-dhcp/delete_objects.cgi b/kea-dhcp/delete_objects.cgi
index 77ed1737c..4da77a76f 100755
--- a/kea-dhcp/delete_objects.cgi
+++ b/kea-dhcp/delete_objects.cgi
@@ -9,7 +9,9 @@ our (%in, %text);
 &error_setup($text{'eacl_aviol'});
 
 my $ver = $in{'version'} == 6 ? 6 : 4;
-&kea_assert_acl('edit'.$ver);
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_pedit'.$ver}")
+	if (!$access{'edit'.$ver});
 my ($c, $root, $data, $err) = &kea_read_dhcp_config($ver);
 &error($err) if ($err);
 
diff --git a/kea-dhcp/edit_ddns.cgi b/kea-dhcp/edit_ddns.cgi
index c913a8b5c..1704119fa 100755
--- a/kea-dhcp/edit_ddns.cgi
+++ b/kea-dhcp/edit_ddns.cgi
@@ -7,7 +7,9 @@ require './kea-dhcp-lib.pl';    ## no critic
 &ReadParse();
 our (%in, %text);
 &error_setup($text{'eacl_aviol'});
-&kea_assert_acl('editddns');
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_peditddns'}")
+	if (!$access{'editddns'});
 
 my $c = &kea_component('ddns');
 my ($root, $err) = &kea_read_component_config($c);
diff --git a/kea-dhcp/edit_options.cgi b/kea-dhcp/edit_options.cgi
index ceccc2e68..111d45a0e 100755
--- a/kea-dhcp/edit_options.cgi
+++ b/kea-dhcp/edit_options.cgi
@@ -9,7 +9,9 @@ our (%in, %text);
 &error_setup($text{'eacl_aviol'});
 
 my $ver = $in{'version'} == 6 ? 6 : 4;
-&kea_assert_acl('edit'.$ver);
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_pedit'.$ver}")
+	if (!$access{'edit'.$ver});
 my ($c, $root, $data, $err) = &kea_read_dhcp_config($ver);
 &error($err) if ($err);
 
diff --git a/kea-dhcp/edit_shared.cgi b/kea-dhcp/edit_shared.cgi
index 10b16fba3..15455350c 100755
--- a/kea-dhcp/edit_shared.cgi
+++ b/kea-dhcp/edit_shared.cgi
@@ -9,7 +9,9 @@ our (%in, %text);
 &error_setup($text{'eacl_aviol'});
 
 my $ver = $in{'version'} == 6 ? 6 : 4;
-&kea_assert_acl('edit'.$ver);
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_pedit'.$ver}")
+	if (!$access{'edit'.$ver});
 my ($c, $root, $data, $err) = &kea_read_dhcp_config($ver);
 &error($err) if ($err);
 my $shareds = &kea_shared_networks($root);
diff --git a/kea-dhcp/edit_subnet.cgi b/kea-dhcp/edit_subnet.cgi
index 0f6f6c7b6..c0bc40634 100755
--- a/kea-dhcp/edit_subnet.cgi
+++ b/kea-dhcp/edit_subnet.cgi
@@ -9,7 +9,9 @@ our (%in, %text);
 &error_setup($text{'eacl_aviol'});
 
 my $ver = $in{'version'} == 6 ? 6 : 4;
-&kea_assert_acl('edit'.$ver);
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_pedit'.$ver}")
+	if (!$access{'edit'.$ver});
 my ($c, $root, $data, $err) = &kea_read_dhcp_config($ver);
 &error($err) if ($err);
 my $sidx = defined($in{'sidx'}) ? $in{'sidx'} : "";
diff --git a/kea-dhcp/edit_text.cgi b/kea-dhcp/edit_text.cgi
index 1b4b8b7a1..a1bea72fa 100755
--- a/kea-dhcp/edit_text.cgi
+++ b/kea-dhcp/edit_text.cgi
@@ -7,7 +7,8 @@ require './kea-dhcp-lib.pl';    ## no critic
 &ReadParse();
 our (%in, %text);
 &error_setup($text{'eacl_aviol'});
-&kea_assert_acl('manual');
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_pmanual'}") if (!$access{'manual'});
 
 my @files = &kea_manual_edit_files();
 &error($text{'edit_enofile'}) if (!@files);
diff --git a/kea-dhcp/index.cgi b/kea-dhcp/index.cgi
index 71d904a29..443ea808d 100755
--- a/kea-dhcp/index.cgi
+++ b/kea-dhcp/index.cgi
@@ -7,11 +7,13 @@ require './kea-dhcp-lib.pl';    ## no critic
 &ReadParse();
 our (%in, %text);
 our $module_name;
-my %access = &kea_effective_acl();
+my %access = &get_module_acl();
 my $delete_formno;
 &error_setup($text{'eacl_aviol'});
 &error("$text{'eacl_np'} $text{'eacl_penter'}")
-	unless &kea_can_enter_module(\%access);
+	unless grep { $access{$_} } qw(dhcp4 dhcp6 ddns services runtime
+				       edit4 edit6 editddns manual apply
+				       install);
 
 # If the Kea daemons cannot be found, keep the index page focused on the
 # repair path. Leftover config files are not enough to run the module safely.
diff --git a/kea-dhcp/kea-dhcp-lib.pl b/kea-dhcp/kea-dhcp-lib.pl
index dec0bc33f..c8f763c70 100644
--- a/kea-dhcp/kea-dhcp-lib.pl
+++ b/kea-dhcp/kea-dhcp-lib.pl
@@ -12,51 +12,6 @@ our $module_root_directory;
 &init_config();
 &load_kea_defaults();
 
-# kea_acl_keys()
-# Returns the supported Kea DHCP ACL capabilities.
-sub kea_acl_keys
-{
-return qw(dhcp4 dhcp6 ddns services runtime edit4 edit6 editddns manual apply install);
-}
-
-# kea_effective_acl([&raw-acl])
-# Returns normalized ACL settings for the current Webmin user.
-sub kea_effective_acl
-{
-my ($rawacl) = @_;
-my %raw = $rawacl ? %$rawacl : &get_module_acl();
-return map { $_ => $raw{$_} ? 1 : 0 } &kea_acl_keys();
-}
-
-# kea_check_acl(action, [&raw-acl])
-# Returns true when an effective ACL permits the requested action.
-sub kea_check_acl
-{
-my ($action, $rawacl) = @_;
-my %acl = &kea_effective_acl($rawacl);
-return $acl{$action} ? 1 : 0;
-}
-
-# kea_assert_acl(action)
-# Fails if the current Webmin user cannot perform an action.
-sub kea_assert_acl
-{
-my ($action) = @_;
-&kea_check_acl($action) ||
-	&error("$text{'eacl_np'} $text{'eacl_p'.$action}");
-}
-
-# kea_can_enter_module(&acl)
-# Returns true if a user has at least one useful module capability.
-sub kea_can_enter_module
-{
-my ($acl) = @_;
-foreach my $a (&kea_acl_keys()) {
-	return 1 if ($acl->{$a});
-	}
-return 0;
-}
-
 # kea_can_view_dhcp(&acl, version)
 # Structured edit access implies read access to that DHCP version.
 sub kea_can_view_dhcp
diff --git a/kea-dhcp/lang/en b/kea-dhcp/lang/en
index 100b7628d..2b42d1245 100644
--- a/kea-dhcp/lang/en
+++ b/kea-dhcp/lang/en
@@ -387,19 +387,19 @@ acl_manual=Edit config files manually
 acl_apply=Start, stop, or restart Kea services
 acl_install=Install Kea packages
 eacl_aviol=Kea DHCP access denied
-eacl_np=You do not have permission to
-eacl_penter=access the Kea DHCP module
-eacl_pdhcp4=view DHCPv4 configuration
-eacl_pdhcp6=view DHCPv6 configuration
-eacl_pddns=view DHCP-DDNS configuration
-eacl_pservices=view Kea service status
-eacl_pruntime=view runtime status
-eacl_pedit4=edit DHCPv4 configuration
-eacl_pedit6=edit DHCPv6 configuration
-eacl_peditddns=edit DHCP-DDNS configuration
-eacl_pmanual=edit Kea config files manually
-eacl_papply=start, stop, or restart Kea services
-eacl_pinstall=install Kea packages
+eacl_np=Access denied:
+eacl_penter=Access to the Kea DHCP module is not permitted.
+eacl_pdhcp4=Viewing DHCPv4 configuration is not permitted.
+eacl_pdhcp6=Viewing DHCPv6 configuration is not permitted.
+eacl_pddns=Viewing DHCP-DDNS configuration is not permitted.
+eacl_pservices=Viewing Kea service status is not permitted.
+eacl_pruntime=Viewing runtime status is not permitted.
+eacl_pedit4=Editing DHCPv4 configuration is not permitted.
+eacl_pedit6=Editing DHCPv6 configuration is not permitted.
+eacl_peditddns=Editing DHCP-DDNS configuration is not permitted.
+eacl_pmanual=Editing Kea config files manually is not permitted.
+eacl_papply=Starting, stopping, or restarting Kea services is not permitted.
+eacl_pinstall=Installing Kea packages is not permitted.
 log_start=Started Kea services
 log_stop=Stopped Kea services
 log_apply=Reloaded Kea services
diff --git a/kea-dhcp/restart.cgi b/kea-dhcp/restart.cgi
index 0a69b0ec9..cccfb72e0 100755
--- a/kea-dhcp/restart.cgi
+++ b/kea-dhcp/restart.cgi
@@ -6,7 +6,8 @@ use warnings;
 require './kea-dhcp-lib.pl';    ## no critic
 our %text;
 &error_setup($text{'eacl_aviol'});
-&kea_assert_acl('apply');
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_papply'}") if (!$access{'apply'});
 
 # Restart/reload applies the saved configuration for all Kea services.
 &error_setup($text{'restart_fail'});
diff --git a/kea-dhcp/runtime.cgi b/kea-dhcp/runtime.cgi
index 933c0acf1..1dba1a052 100755
--- a/kea-dhcp/runtime.cgi
+++ b/kea-dhcp/runtime.cgi
@@ -7,7 +7,8 @@ require './kea-dhcp-lib.pl';    ## no critic
 &ReadParse();
 our (%in, %text);
 &error_setup($text{'eacl_aviol'});
-&kea_assert_acl('runtime');
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_pruntime'}") if (!$access{'runtime'});
 
 &ui_print_header(undef, $text{'runtime_title'}, "", undef, 1, 1);
 
diff --git a/kea-dhcp/save_ddns.cgi b/kea-dhcp/save_ddns.cgi
index 02aed3c2b..9ef2f48b1 100755
--- a/kea-dhcp/save_ddns.cgi
+++ b/kea-dhcp/save_ddns.cgi
@@ -7,7 +7,9 @@ require './kea-dhcp-lib.pl';    ## no critic
 &ReadParse();
 our (%in, %text);
 &error_setup($text{'eacl_aviol'});
-&kea_assert_acl('editddns');
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_peditddns'}")
+	if (!$access{'editddns'});
 
 my $c = &kea_component('ddns');
 my ($root, $err, $data) = &kea_read_component_config($c);
diff --git a/kea-dhcp/save_options.cgi b/kea-dhcp/save_options.cgi
index 6fa5c81f4..9eba3e4de 100755
--- a/kea-dhcp/save_options.cgi
+++ b/kea-dhcp/save_options.cgi
@@ -9,7 +9,9 @@ our (%in, %text);
 &error_setup($text{'eacl_aviol'});
 
 my $ver = $in{'version'} == 6 ? 6 : 4;
-&kea_assert_acl('edit'.$ver);
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_pedit'.$ver}")
+	if (!$access{'edit'.$ver});
 my ($c, $root, $data, $err) = &kea_read_dhcp_config($ver);
 &error($err) if ($err);
 
diff --git a/kea-dhcp/save_shared.cgi b/kea-dhcp/save_shared.cgi
index c36aee773..c090025d2 100755
--- a/kea-dhcp/save_shared.cgi
+++ b/kea-dhcp/save_shared.cgi
@@ -9,7 +9,9 @@ our (%in, %text);
 &error_setup($text{'eacl_aviol'});
 
 my $ver = $in{'version'} == 6 ? 6 : 4;
-&kea_assert_acl('edit'.$ver);
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_pedit'.$ver}")
+	if (!$access{'edit'.$ver});
 my ($c, $root, $data, $err) = &kea_read_dhcp_config($ver);
 &error($err) if ($err);
 my $shareds = &kea_shared_networks($root);
diff --git a/kea-dhcp/save_subnet.cgi b/kea-dhcp/save_subnet.cgi
index d5d880017..a5d8d197b 100755
--- a/kea-dhcp/save_subnet.cgi
+++ b/kea-dhcp/save_subnet.cgi
@@ -9,7 +9,9 @@ our (%in, %text);
 &error_setup($text{'eacl_aviol'});
 
 my $ver = $in{'version'} == 6 ? 6 : 4;
-&kea_assert_acl('edit'.$ver);
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_pedit'.$ver}")
+	if (!$access{'edit'.$ver});
 my ($c, $root, $data, $err) = &kea_read_dhcp_config($ver);
 &error($err) if ($err);
 
diff --git a/kea-dhcp/save_text.cgi b/kea-dhcp/save_text.cgi
index ca322f49f..c2920a6f8 100755
--- a/kea-dhcp/save_text.cgi
+++ b/kea-dhcp/save_text.cgi
@@ -7,7 +7,8 @@ require './kea-dhcp-lib.pl';    ## no critic
 &ReadParseMime();
 our (%in, %text);
 &error_setup($text{'eacl_aviol'});
-&kea_assert_acl('manual');
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_pmanual'}") if (!$access{'manual'});
 
 my $info = &kea_manual_edit_file($in{'file'});
 &error($text{'save_efile'}) if (!$info);
diff --git a/kea-dhcp/start.cgi b/kea-dhcp/start.cgi
index fde5f3c66..e86dee276 100755
--- a/kea-dhcp/start.cgi
+++ b/kea-dhcp/start.cgi
@@ -6,7 +6,8 @@ use warnings;
 require './kea-dhcp-lib.pl';    ## no critic
 our %text;
 &error_setup($text{'eacl_aviol'});
-&kea_assert_acl('apply');
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_papply'}") if (!$access{'apply'});
 
 # The header action buttons operate on all configured Kea components together.
 &error_setup($text{'start_fail'});
diff --git a/kea-dhcp/stop.cgi b/kea-dhcp/stop.cgi
index dde9d5775..b6ceaf54f 100755
--- a/kea-dhcp/stop.cgi
+++ b/kea-dhcp/stop.cgi
@@ -6,7 +6,8 @@ use warnings;
 require './kea-dhcp-lib.pl';    ## no critic
 our %text;
 &error_setup($text{'eacl_aviol'});
-&kea_assert_acl('apply');
+my %access = &get_module_acl();
+&error("$text{'eacl_np'} $text{'eacl_papply'}") if (!$access{'apply'});
 
 # The header action buttons operate on all configured Kea components together.
 &error_setup($text{'stop_fail'});