diff --git a/src/main/java/ch/eitchnet/privilege/model/PrivilegeContext.java b/src/main/java/ch/eitchnet/privilege/model/PrivilegeContext.java
index 8cd33eef1..09a282567 100644
--- a/src/main/java/ch/eitchnet/privilege/model/PrivilegeContext.java
+++ b/src/main/java/ch/eitchnet/privilege/model/PrivilegeContext.java
@@ -16,8 +16,10 @@
 package ch.eitchnet.privilege.model;
 
 import java.text.MessageFormat;
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -71,6 +73,18 @@ public class PrivilegeContext {
 		return this.privileges.keySet();
 	}
 
+	public IPrivilege getPrivilege(String privilegeName) {
+		return this.privileges.get(privilegeName);
+	}
+
+	public List<String> getFlatAllowList() {
+		List<String> allowList = new ArrayList<>();
+		for (IPrivilege privilege : this.privileges.values()) {
+			allowList.addAll(privilege.getAllowList());
+		}
+		return allowList;
+	}
+
 	// 
 	// business logic
 	//
diff --git a/src/main/java/ch/eitchnet/privilege/model/internal/PrivilegeImpl.java b/src/main/java/ch/eitchnet/privilege/model/internal/PrivilegeImpl.java
index e9d2b937c..3efe3e36a 100644
--- a/src/main/java/ch/eitchnet/privilege/model/internal/PrivilegeImpl.java
+++ b/src/main/java/ch/eitchnet/privilege/model/internal/PrivilegeImpl.java
@@ -15,6 +15,7 @@
  */
 package ch.eitchnet.privilege.model.internal;
 
+import java.text.MessageFormat;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
@@ -76,13 +77,13 @@ public final class PrivilegeImpl implements IPrivilege {
 			throw new PrivilegeException("No name defined!"); //$NON-NLS-1$
 		}
 		if (StringHelper.isEmpty(policy)) {
-			throw new PrivilegeException("Policy may not be empty!"); //$NON-NLS-1$
+			throw new PrivilegeException(MessageFormat.format("Policy may not be empty for Privilege {0}!", name)); //$NON-NLS-1$
 		}
 		if (denyList == null) {
-			throw new PrivilegeException("denyList is null!"); //$NON-NLS-1$
+			throw new PrivilegeException(MessageFormat.format("denyList is null for Privilege {0}!", name)); //$NON-NLS-1$
 		}
 		if (allowList == null) {
-			throw new PrivilegeException("allowList is null!"); //$NON-NLS-1$
+			throw new PrivilegeException(MessageFormat.format("allowList is null for Privilege {0}!", name)); //$NON-NLS-1$
 		}
 
 		this.name = name;