diff --git a/src/main/java/org/caosdb/server/permissions/EntityACL.java b/src/main/java/org/caosdb/server/permissions/EntityACL.java
index 5adaca78fc03e760a42f1715d2a6cfff56826fc9..9c2fa6c73dc502b90c15d23f4fac7d7ded90613f 100644
--- a/src/main/java/org/caosdb/server/permissions/EntityACL.java
+++ b/src/main/java/org/caosdb/server/permissions/EntityACL.java
@@ -253,7 +253,9 @@ public class EntityACL {
public final Element toElement() {
final Element ret = new Element("EntityACL");
- for (final EntityACI aci : this.acl) {
+ final List<EntityACI> localAcl = new ArrayList<>(this.acl);
+ localAcl.addAll(GLOBAL_PERMISSIONS.acl);
+ for (final EntityACI aci : localAcl) {
final boolean isDenial = isDenial(aci.getBitSet());
final boolean isPriority = isPriorityBitSet(aci.getBitSet());
final Element e = new Element(isDenial ? "Deny" : "Grant");
diff --git a/src/main/java/org/caosdb/server/transaction/Update.java b/src/main/java/org/caosdb/server/transaction/Update.java
index 894728ccb7ed6c1e3eb72d40d6ea821e9e92ee68..75ec7532daf9e04a9cdf1095378591bfe2dd19c8 100644
--- a/src/main/java/org/caosdb/server/transaction/Update.java
+++ b/src/main/java/org/caosdb/server/transaction/Update.java
@@ -40,6 +40,7 @@ import org.caosdb.server.entity.FileProperties;
import org.caosdb.server.entity.RetrieveEntity;
import org.caosdb.server.entity.container.TransactionContainer;
import org.caosdb.server.entity.container.UpdateContainer;
+import org.caosdb.server.entity.wrapper.EntityWrapper;
import org.caosdb.server.entity.wrapper.Parent;
import org.caosdb.server.entity.wrapper.Property;
import org.caosdb.server.permissions.EntityPermission;
@@ -239,7 +240,8 @@ public class Update extends WriteTransaction<UpdateContainer> {
}
// entity role
- if (newEntity.hasRole()
+ if (!(newEntity instanceof EntityWrapper)
+ && newEntity.hasRole()
&& oldEntity.hasRole()
&& !newEntity.getRole().equals(oldEntity.getRole())
|| newEntity.hasRole() ^ oldEntity.hasRole()) {