diff --git a/pkg/services/common/ape/checker.go b/pkg/services/common/ape/checker.go
index c9b0b7363..0f342df46 100644
--- a/pkg/services/common/ape/checker.go
+++ b/pkg/services/common/ape/checker.go
@@ -104,7 +104,7 @@ func (c *checkerCoreImpl) CheckAPE(ctx context.Context, prm CheckPrm) error {
 	if found && status == apechain.Allow {
 		return nil
 	}
-	return newChainRouterError(prm.Request.Operation(), status)
+	return newChainRouterError(rt, prm.Request, status)
 }
 
 // isValidBearer checks whether bearer token was correctly signed by authorized
diff --git a/pkg/services/common/ape/error.go b/pkg/services/common/ape/error.go
index d3c381de7..e5f6ac352 100644
--- a/pkg/services/common/ape/error.go
+++ b/pkg/services/common/ape/error.go
@@ -3,31 +3,47 @@ package ape
 import (
 	"fmt"
 
+	aperequest "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/ape/request"
 	apechain "git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
+	policyengine "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 )
 
 // ChainRouterError is returned when chain router validation prevents
 // the APE request from being processed (no rule found, access denied, etc.).
 type ChainRouterError struct {
-	operation string
-	status    apechain.Status
+	target  policyengine.RequestTarget
+	request aperequest.Request
+	status  apechain.Status
 }
 
 func (e *ChainRouterError) Error() string {
-	return fmt.Sprintf("access to operation %s is denied by access policy engine: %s", e.Operation(), e.Status())
+	return fmt.Sprintf("access to operation %s is denied by access policy engine: %s", e.Request().Operation(), e.Status())
 }
 
-func (e *ChainRouterError) Operation() string {
-	return e.operation
+func (e *ChainRouterError) Target() policyengine.RequestTarget {
+	return e.target
+}
+
+func (e *ChainRouterError) Request() aperequest.Request {
+	return e.request
+}
+
+func (e *ChainRouterError) Resource() aperequest.Resource {
+	res, ok := e.request.Resource().(*aperequest.Resource)
+	if !ok {
+		return aperequest.Resource{}
+	}
+	return *res
 }
 
 func (e *ChainRouterError) Status() apechain.Status {
 	return e.status
 }
 
-func newChainRouterError(operation string, status apechain.Status) *ChainRouterError {
+func newChainRouterError(target policyengine.RequestTarget, request aperequest.Request, status apechain.Status) *ChainRouterError {
 	return &ChainRouterError{
-		operation: operation,
-		status:    status,
+		target:  target,
+		request: request,
+		status:  status,
 	}
 }