diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
index d13f1c13a..fd30c1de5 100644
--- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
+++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
@@ -20,16 +20,6 @@ import java.io.FileInputStream;
 import java.text.MessageFormat;
 import java.util.Map;
 
-import li.strolch.agent.api.ComponentContainer;
-import li.strolch.agent.api.StrolchComponent;
-import li.strolch.agent.api.StrolchRealm;
-import li.strolch.exception.StrolchException;
-import li.strolch.model.audit.AccessType;
-import li.strolch.model.audit.Audit;
-import li.strolch.persistence.api.StrolchTransaction;
-import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
-import li.strolch.runtime.configuration.ComponentConfiguration;
-import li.strolch.runtime.configuration.RuntimeConfiguration;
 import ch.eitchnet.privilege.base.AccessDeniedException;
 import ch.eitchnet.privilege.base.PrivilegeException;
 import ch.eitchnet.privilege.handler.DefaultPrivilegeHandler;
@@ -44,6 +34,16 @@ import ch.eitchnet.privilege.model.PrivilegeContext;
 import ch.eitchnet.privilege.model.internal.PrivilegeContainerModel;
 import ch.eitchnet.privilege.xml.PrivilegeConfigSaxReader;
 import ch.eitchnet.utils.helper.XmlHelper;
+import li.strolch.agent.api.ComponentContainer;
+import li.strolch.agent.api.StrolchComponent;
+import li.strolch.agent.api.StrolchRealm;
+import li.strolch.exception.StrolchException;
+import li.strolch.model.audit.AccessType;
+import li.strolch.model.audit.Audit;
+import li.strolch.persistence.api.StrolchTransaction;
+import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
+import li.strolch.runtime.configuration.ComponentConfiguration;
+import li.strolch.runtime.configuration.RuntimeConfiguration;
 
 public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements PrivilegeHandler {
 
@@ -178,8 +178,8 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
 	}
 
 	@Override
-	public void runAsSystem(String systemUsername, SystemUserAction action) throws PrivilegeException {
-		this.privilegeHandler.runAsSystem(systemUsername, action);
+	public <T extends SystemUserAction> T runAsSystem(String systemUsername, T action) throws PrivilegeException {
+		return this.privilegeHandler.runAsSystem(systemUsername, action);
 	}
 
 	@Override
diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java
index 00a263713..d15cc8a02 100644
--- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java
+++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java
@@ -70,7 +70,8 @@ public interface PrivilegeHandler {
 	 * @see ch.eitchnet.privilege.handler.PrivilegeHandler#runAsSystem(java.lang.String,
 	 *      ch.eitchnet.privilege.handler.SystemUserAction)
 	 */
-	public abstract void runAsSystem(String systemUsername, SystemUserAction action) throws PrivilegeException;
+	public abstract <T extends SystemUserAction> T runAsSystem(String systemUsername, T action)
+			throws PrivilegeException;
 
 	/**
 	 * @param certificate
diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/RunAsAgent.java b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/RunAsAgent.java
new file mode 100644
index 000000000..6dd324cd8
--- /dev/null
+++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/RunAsAgent.java
@@ -0,0 +1,31 @@
+package li.strolch.runtime.privilege;
+
+import ch.eitchnet.privilege.handler.SystemUserAction;
+import ch.eitchnet.privilege.model.PrivilegeContext;
+import li.strolch.service.api.AbstractService;
+import li.strolch.service.api.ServiceArgument;
+import li.strolch.service.api.ServiceHandler;
+import li.strolch.service.api.ServiceResult;
+
+public class RunAsAgent<T extends ServiceArgument, U extends ServiceResult> extends SystemUserAction {
+
+	private ServiceHandler svcHandler;
+	private AbstractService<T, U> svc;
+	private T arg;
+	private U result;
+
+	public RunAsAgent(ServiceHandler svcHandler, AbstractService<T, U> svc, T arg) {
+		this.svcHandler = svcHandler;
+		this.svc = svc;
+		this.arg = arg;
+	}
+
+	public U getResult() {
+		return result;
+	}
+
+	@Override
+	public void execute(PrivilegeContext privilegeContext) {
+		this.result = svcHandler.doService(privilegeContext.getCertificate(), svc, arg);
+	}
+}
diff --git a/li.strolch.agent/src/main/java/li/strolch/service/api/AbstractService.java b/li.strolch.agent/src/main/java/li/strolch/service/api/AbstractService.java
index 573fcd414..277c51f7e 100644
--- a/li.strolch.agent/src/main/java/li/strolch/service/api/AbstractService.java
+++ b/li.strolch.agent/src/main/java/li/strolch/service/api/AbstractService.java
@@ -17,19 +17,21 @@ package li.strolch.service.api;
 
 import java.text.MessageFormat;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import ch.eitchnet.privilege.base.PrivilegeException;
+import ch.eitchnet.privilege.handler.SystemUserAction;
+import ch.eitchnet.privilege.model.Certificate;
+import ch.eitchnet.privilege.model.PrivilegeContext;
+import ch.eitchnet.utils.dbc.DBC;
 import li.strolch.agent.api.ComponentContainer;
 import li.strolch.agent.api.StrolchComponent;
 import li.strolch.agent.api.StrolchRealm;
 import li.strolch.exception.StrolchException;
 import li.strolch.persistence.api.StrolchTransaction;
 import li.strolch.runtime.configuration.RuntimeConfiguration;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import ch.eitchnet.privilege.model.Certificate;
-import ch.eitchnet.privilege.model.PrivilegeContext;
-import ch.eitchnet.utils.dbc.DBC;
+import li.strolch.runtime.privilege.PrivilegeHandler;
 
 /**
  * @author Robert von Burg <eitch@eitchnet.ch>
@@ -91,6 +93,15 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
 		return this.container;
 	}
 
+	/**
+	 * Returns the reference to the {@link PrivilegeHandler}
+	 * 
+	 * @return the privilege handler
+	 */
+	public PrivilegeHandler getPrivilegeHandler() throws IllegalArgumentException {
+		return this.container.getPrivilegeHandler();
+	}
+
 	/**
 	 * Returns the reference to the {@link StrolchComponent} with the given name, if it exists. If it does not exist, an
 	 * {@link IllegalArgumentException} is thrown
@@ -197,6 +208,23 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
 		return this.container.getRealm(getCertificate()).openTx(getCertificate(), action);
 	}
 
+	/**
+	 * Performs the given {@link SystemUserAction} as a system user with the given username. Returns the action for
+	 * chaining calls
+	 * 
+	 * @param username
+	 *            the name of the system user to perform the action as
+	 * @param action
+	 *            the action to perform
+	 * 
+	 * @return the action performed for chaining calls
+	 * 
+	 * @throws PrivilegeException
+	 */
+	protected <V extends SystemUserAction> V runAs(String username, V action) throws PrivilegeException {
+		return this.container.getPrivilegeHandler().runAsSystem(username, action);
+	}
+
 	/**
 	 * This method is final as it enforces that the argument is valid, and catches all exceptions and enforces that a
 	 * service result is returned. A concrete implementation will implement the business logic in
diff --git a/li.strolch.agent/src/main/java/li/strolch/service/api/Command.java b/li.strolch.agent/src/main/java/li/strolch/service/api/Command.java
index c827745ba..75c2c7c86 100644
--- a/li.strolch.agent/src/main/java/li/strolch/service/api/Command.java
+++ b/li.strolch.agent/src/main/java/li/strolch/service/api/Command.java
@@ -18,6 +18,8 @@ package li.strolch.service.api;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import ch.eitchnet.privilege.base.PrivilegeException;
+import ch.eitchnet.privilege.handler.SystemUserAction;
 import ch.eitchnet.privilege.model.Restrictable;
 import li.strolch.agent.api.ComponentContainer;
 import li.strolch.agent.api.StrolchComponent;
@@ -100,6 +102,23 @@ public abstract class Command implements Restrictable {
 		return policy;
 	}
 
+	/**
+	 * Performs the given {@link SystemUserAction} as a system user with the given username. Returns the action for
+	 * chaining calls
+	 * 
+	 * @param username
+	 *            the name of the system user to perform the action as
+	 * @param action
+	 *            the action to perform
+	 * 
+	 * @return the action performed for chaining calls
+	 * 
+	 * @throws PrivilegeException
+	 */
+	protected <V extends SystemUserAction> V runAs(String username, V action) throws PrivilegeException {
+		return this.container.getPrivilegeHandler().runAsSystem(username, action);
+	}
+
 	/**
 	 * Returns the {@link StrolchTransaction} bound to this {@link Command}'s runtime
 	 *