diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6e8a418d4e00e86fd8654296c772fdd7456db688..a79e438e7d393a248e0ec23522f521a82a4ae196 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,6 +39,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Tests for caosdb-server#217
 * Tests for caosdb-pylib#61
 * Test for [caosdb-server#136](https://gitlab.com/caosdb/caosdb-server/-/issues/136)
+* Test for [caosdb-server#141](https://gitlab.com/caosdb/caosdb-server/-/issues/141)
 
 ### Changed (for changes in existing functionality)
 
diff --git a/tests/test_issues_server.py b/tests/test_issues_server.py
index daa874fb217f1ab9ea49477c74a9abcb3f9a5ecc..cf4632d2753c97d00b144ca941810c746afcfcf9 100644
--- a/tests/test_issues_server.py
+++ b/tests/test_issues_server.py
@@ -26,15 +26,27 @@ import tempfile
 import time
 
 import caosdb as db
+from caosdb import administration as admin
 import pytest
 from caosdb.exceptions import TransactionError
 
+CURATOR_ROLE = "curator"
+
 
 def setup_module():
+    db.configure_connection()
     try:
         db.execute_query("FIND ENTITY WITH ID > 99").delete()
     except Exception as delete_exc:
         print(delete_exc)
+    try:
+        admin._delete_user("TestUser")
+    except Exception as delete_exc:
+        print(delete_exc)
+    try:
+        admin._delete_role(CURATOR_ROLE)
+    except Exception as delete_exc:
+        print(delete_exc)
 
 
 def setup_function(function):
@@ -44,7 +56,7 @@ def setup_function(function):
 
 def teardown_function(function):
     """Deleting entities again."""
-    pass  # setup_module()
+    setup_module()
 
 
 # ########################### Issue tests start here #####################
@@ -800,3 +812,39 @@ def test_136():
     te = err.value
     assert te.has_error(db.UnqualifiedPropertiesError)
     assert "Cannot parse value to integer" in str(te)
+
+
+def test_141():
+    """Roles with `Grant(*)P` permissions still can't update other people's
+    entities."""
+    admin._insert_role(name=CURATOR_ROLE, description="Desc")
+
+    perms = admin._get_permissions(CURATOR_ROLE)
+    g = admin.PermissionRule(action="Grant", permission="*", priority=True)
+    d = admin.PermissionRule(action="Deny", permission="*", priority=True)
+    if g in perms:
+        perms.remove(g)
+    if d in perms:
+        perms.remove(d)
+    perms.add(g)
+    admin._set_permissions(CURATOR_ROLE, permission_rules=perms)
+    perms = admin._get_permissions(CURATOR_ROLE)
+    print(perms)
+
+    rt = db.RecordType(name="TestRT", description="Desc1").insert()
+
+    admin._insert_user(name="TestUser", password="Password1!", status="ACTIVE")
+    admin._set_roles(username="TestUser", roles=[CURATOR_ROLE])
+
+    db.configure_connection(username="TestUser", password_method="plain",
+                            password="Password1!")
+    assert db.Info().user_info.name == "TestUser"
+    assert db.Info().user_info.roles == [CURATOR_ROLE]
+
+    rt.description = "Desc2"
+    rt.update()
+    assert rt.description == "Desc2"
+
+    # switch back to admin user
+    db.configure_connection()
+    assert db.execute_query("FIND TestRT", unique=True).description == "Desc2"