A method and apparatus for automatically determining optimum placement of privileged code enablement locations in existing code are provided. A method invocation graph of existing code is generated and a static analysis of the method invocation graph is performed. The static analysis is used to analyze the permission propagation through chains of method invocations in the method invocation graph. When a method invocation in the method invocation graph satisfies one or more user definable criteria, the location in the method invocation graph is saved to a file that identifies recommended insertion points for a call to the authorization enablement code. This file may then be used to manually review the code to determine if a call to privileged mode enablement should actually be made at the identified locations. Alternatively, the call to privileged mode enablement may be automatically inserted at the indicated locations using refactoring.