Scalr_Account_User::canManageAcl PHP Method

    public function canManageAcl()
    {
        return $this->getType() == Scalr_Account_User::TYPE_ACCOUNT_OWNER || $this->getType() == Scalr_Account_User::TYPE_ACCOUNT_SUPER_ADMIN || $this->getType() == Scalr_Account_User::TYPE_ACCOUNT_ADMIN;
    }

 /**
  * Checks if specified resource is allowed for superposition of the roles.
  *
  * If access permission is allowed at least in one role it is considered to be allowed.
  * Current exclude filter will be applied
  *
  * @param   int              $resourceId   The ID of the resource.
  * @param   string           $permissionId optional The ID of the permission associated with resource.
  * @return  bool|null        Returns true if access is allowed.
  *                           If resource or permission isn't overridden it returns null.
  * @throws  Exception\RoleObjectException
  */
 public function isAllowed($resourceId, $permissionId = null)
 {
     $allowed = false;
     if ($this->user) {
         if ($this->user->isAccountOwner() || $this->user->isScalrAdmin()) {
             //Scalr Admin and Account Owner is allowed for everything, without any ACL defined for them.
             return true;
         } else {
             if ($resourceId === Acl::RESOURCE_ENVADMINISTRATION_ENV_CLOUDS && $permissionId === null && $this->user->canManageAcl()) {
                 //Account Admin should be able to manage all relatings between environments and teams
                 return true;
             }
         }
     }
     $iterator = $this->getIterator();
     while ($iterator->valid() && !$allowed) {
         //If access permission is allowed at least in one role it is considered to be allowed.
         $allowed = $allowed || (bool) $iterator->current()->isAllowed($resourceId, $permissionId);
         $iterator->next();
     }
     return $allowed;
 }