diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 20d58bf..f3712f7 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -5,6 +5,11 @@ class ApplicationController < ActionController::Base
   before_filter :init_noosfero_plugins_controller_filters
   before_filter :allow_cross_domain_access
   before_filter :login_required, :if => :private_environment?
+  before_filter :verify_members_whitelist, :if => :user
+
+  def verify_members_whitelist
+    render_access_denied unless user.is_admin? || environment.members_whitelist.blank? || environment.in_whitelist?(user)
+  end
 
   def allow_cross_domain_access
     origin = request.headers['Origin']
diff --git a/app/models/environment.rb b/app/models/environment.rb
index 7d64472..df98113 100644
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@@ -295,6 +295,16 @@ class Environment < ActiveRecord::Base
   settings_items :access_control_allow_origin, :type => Array, :default => []
   settings_items :access_control_allow_methods, :type => String
 
+  settings_items :members_whitelist, :type => Array, :default => []
+
+  def in_whitelist?(person)
+    members_whitelist.include?(person.identifier)
+  end
+
+  def members_whitelist=(members)
+    settings[:members_whitelist] = members.split(',').map(&:strip).reject(&:blank?)
+  end
+
   def news_amount_by_folder=(amount)
     settings[:news_amount_by_folder] = amount.to_i
   end
diff --git a/app/views/features/index.rhtml b/app/views/features/index.rhtml
index fe9ff0a..e9c72ff 100644
--- a/app/views/features/index.rhtml
+++ b/app/views/features/index.rhtml
@@ -37,6 +37,11 @@ Check all the features you want to enable for your environment, uncheck all the 
   <%= select_organization_approval_method('environment', 'organization_approval_method') %>
 <hr/>
 
+<h3><%= _('Members Whitelist') %></h3>
+  <div class="info"><%= _('Allow these people to access this environment (separate with commas):') %></div>
+  <%= text_field :environment, :members_whitelist, :value => environment.members_whitelist.join(',') %>
+<hr/>
+
 <div>
   <% button_bar do %>
     <%= submit_button('save', _('Save changes')) %>
diff --git a/test/functional/application_controller_test.rb b/test/functional/application_controller_test.rb
index cd612c1..718ad2d 100644
--- a/test/functional/application_controller_test.rb
+++ b/test/functional/application_controller_test.rb
@@ -581,4 +581,43 @@ class ApplicationControllerTest < ActionController::TestCase
     assert_redirected_to :controller => 'account', :action => 'login'
   end
 
+  should 'do allow member in whitelist to access an environment' do
+    user = create_user
+    e = Environment.default
+    e.members_whitelist = 'admin'
+    e.save!
+    login_as(user.login)
+    get :index
+    assert_response :forbidden
+  end
+
+  should 'allow member in whitelist to access an environment' do
+    user = create_user
+    e = Environment.default
+    e.members_whitelist = user.person.identifier
+    e.save!
+    login_as(user.login)
+    get :index
+    assert_response :success
+  end
+
+  should 'allow members to access an environment if whitelist is blank' do
+    user = create_user
+    e = Environment.default
+    e.members_whitelist = ''
+    e.save!
+    login_as(user.login)
+    get :index
+    assert_response :success
+  end
+
+  should 'allow admin to access an environment' do
+    e = Environment.default
+    e.members_whitelist = 'ze'
+    e.save!
+    login_as(create_admin_user(e))
+    get :index
+    assert_response :success
+  end
+
 end
--
libgit2 0.21.2