diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
index a04e7cc1ecd..2496083b66c 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
+++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
@@ -301,6 +301,9 @@ Release 2.7.0 - UNRELEASED
     HDFS-7473. Document setting dfs.namenode.fs-limits.max-directory-items to 0
     is invalid. (Akira AJISAKA via cnauroth)
 
+    HDFS-7481. Add ACL indicator to the "Permission Denied" exception.
+    (vinayakumarb)
+
 Release 2.6.1 - UNRELEASED
 
   INCOMPATIBLE CHANGES
diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
index 8de8c54bfc5..050848492d4 100644
--- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
+++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSPermissionChecker.java
@@ -47,6 +47,12 @@ class FSPermissionChecker {
   /** @return a string for throwing {@link AccessControlException} */
   private String toAccessControlString(INode inode, int snapshotId,
       FsAction access, FsPermission mode) {
+    return toAccessControlString(inode, snapshotId, access, mode, false);
+  }
+
+  /** @return a string for throwing {@link AccessControlException} */
+  private String toAccessControlString(INode inode, int snapshotId, FsAction access,
+      FsPermission mode, boolean deniedFromAcl) {
     StringBuilder sb = new StringBuilder("Permission denied: ")
       .append("user=").append(user).append(", ")
       .append("access=").append(access).append(", ")
@@ -55,6 +61,9 @@ private String toAccessControlString(INode inode, int snapshotId,
       .append(inode.getGroupName(snapshotId)).append(':')
       .append(inode.isDirectory() ? 'd' : '-')
       .append(mode);
+    if (deniedFromAcl) {
+      sb.append("+");
+    }
     return sb.toString();
   }
 
@@ -338,7 +347,7 @@ private void checkAccessAcl(INode inode, int snapshotId, FsAction access,
     }
 
     throw new AccessControlException(
-      toAccessControlString(inode, snapshotId, access, mode));
+      toAccessControlString(inode, snapshotId, access, mode, true));
   }
 
   /** Guarded by {@link FSNamesystem#readLock()} */