diff --git a/tests/test_issues_server.py b/tests/test_issues_server.py
index 22de51b6d1e8474bcbedbed1d78117294be149cf..8fa900336546cade081f8b3ab2e8793e723d638f 100644
--- a/tests/test_issues_server.py
+++ b/tests/test_issues_server.py
@@ -1177,8 +1177,7 @@ def test_192():
     assert count7 == 1
     assert count8 == 1
 
-
-def test_196():
+def test_196a():
     """See https://gitlab.com/caosdb/caosdb-server/-/issues/196"""
     admin._insert_role(name=CURATOR_ROLE, description="Desc")
 
@@ -1204,6 +1203,8 @@ def test_196():
 
     db.configure_connection(username="TestUser", password_method="plain",
                             password="Password1!")
+
+    # it is still allowed to insert a record type...
     db.RecordType(name="TestRT2").insert()
 
     # fails
@@ -1211,3 +1212,45 @@ def test_196():
         # this should fail because the curator doesn't have TRANSACTION:INSERT:PROPERTY
         db.Property(name="TestProp2", datatype=db.TEXT).insert()
     assert cm.value.errors[0].msg == "You are not allowed to do this."
+
+
+@pytest.mark.parametrize("deny", ["TRANSACTION:INSERT:", "TRANSACTION:INSERT:*"])
+def test_196b(deny):
+    """Same as test_196a but we completely deny insertion."""
+    admin._insert_role(name=CURATOR_ROLE, description="Desc")
+
+    perms = admin._get_permissions(CURATOR_ROLE)
+    g = admin.PermissionRule(action="Grant", permission="TRANSACTION:*")
+    perms.add(g)
+    admin._set_permissions(CURATOR_ROLE, permission_rules=perms)
+    admin._insert_user(name="TestUser", password="Password1!", status="ACTIVE")
+    admin._set_roles(username="TestUser", roles=[CURATOR_ROLE])
+
+    db.configure_connection(username="TestUser", password_method="plain",
+                            password="Password1!")
+    # works
+    db.RecordType(name="TestRT1").insert()
+    db.Property(name="TestProp1", datatype=db.TEXT).insert()
+
+    # Deny TRANSACTION:INSERT
+    db.configure_connection()
+    perms = admin._get_permissions(CURATOR_ROLE)
+    g = admin.PermissionRule(action="Deny", permission=deny)
+    perms.add(g)
+    admin._set_permissions(CURATOR_ROLE, permission_rules=perms)
+
+    db.configure_connection(username="TestUser", password_method="plain",
+                            password="Password1!")
+
+    # fails (in contrast to test_196a)
+    with pytest.raises(TransactionError) as cm:
+        # this should fail because the curator doesn't have TRANSACTION:INSERT:RECORDTYPE
+        db.RecordType(name="TestRT2").insert()
+    assert cm.value.errors[0].msg == "You are not allowed to do this."
+
+    # fails
+    with pytest.raises(TransactionError) as cm:
+        # this should fail because the curator doesn't have TRANSACTION:INSERT:PROPERTY
+        db.Property(name="TestProp2", datatype=db.TEXT).insert()
+    assert cm.value.errors[0].msg == "You are not allowed to do this."
+