diff --git a/ch.eitchnet.privilege b/ch.eitchnet.privilege
index a3d76d4cd..fa40671b8 160000
--- a/ch.eitchnet.privilege
+++ b/ch.eitchnet.privilege
@@ -1 +1 @@
-Subproject commit a3d76d4cd88ffd1fbeb6e9c646db0e55211f6d09
+Subproject commit fa40671b8cc8c1b4f0cefc877d2786edbb77cc88
diff --git a/ch.eitchnet.utils b/ch.eitchnet.utils
index 07f009b7f..638cebe01 160000
--- a/ch.eitchnet.utils
+++ b/ch.eitchnet.utils
@@ -1 +1 @@
-Subproject commit 07f009b7ff7cba427e4f0508da65f8d9b04db2f4
+Subproject commit 638cebe01e8275c188b9e444576569e6e29ae73e
diff --git a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
index ee0b934a3..2772e87e2 100644
--- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
+++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
@@ -148,7 +148,6 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
 	public ch.eitchnet.privilege.handler.PrivilegeHandler getPrivilegeHandler(Certificate certificate)
 			throws PrivilegeException {
 		assertContainerStarted();
-		this.privilegeHandler.assertIsPrivilegeAdmin(certificate);
 		return this.privilegeHandler;
 	}
 }
diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
index 750450528..3dbb2f5b1 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
@@ -92,7 +92,11 @@ public class AuthenticationService {
 			loginResult.setParameters(certificate.getPropertyMap());
 			loginResult.setRoles(new ArrayList<>(certificate.getUserRoles()));
 
-			List<String> allowList = privilegeContext.getFlatAllowList();
+			// TODO rethink this stupid aggregating of the allow list
+			List<String> allowList = new ArrayList<>();
+			for (String name : privilegeContext.getPrivilegeNames()) {
+				allowList.addAll(privilegeContext.getPrivilege(name).getAllowList());
+			}
 			if (allowList.isEmpty())
 				loginResult.setPrivileges(Arrays.asList("*")); //$NON-NLS-1$
 			else