diff --git a/src/main/java/org/caosdb/server/query/Query.java b/src/main/java/org/caosdb/server/query/Query.java
index b9fe03dd330e66073edfcd8c238c5ce7b3306b8a..6e861ea215ef1501e9ff6e03652d97fe9d45a067 100644
--- a/src/main/java/org/caosdb/server/query/Query.java
+++ b/src/main/java/org/caosdb/server/query/Query.java
@@ -799,71 +799,71 @@ public class Query implements QueryInterface, ToElementable, TransactionInterfac
       return;
     }
     cachable = false;
-    try (final Statement stmt = this.getConnection().createStatement()) {
-      // final ResultSet rs = stmt.executeQuery("SELECT id from `" + resultSet + "`");
-
-      String logstr = "";
-      final String query =
-          ("SELECT t1.id, entity_acl.acl from (select entities.id, entities.acl from entities where id in (select id from `"
-              + resultSet
-              + "`) ) as t1 inner join entity_acl on t1.acl=entity_acl.id;");
-      logstr += "SQL query: " + query + "\n";
-      long begin_t = System.currentTimeMillis();
-
-      final ResultSet rs = stmt.executeQuery(query);
-      final HashMap<String, Boolean> acl_cache = new HashMap<String, Boolean>();
-      final List<Integer> toBeDeleted = new LinkedList<Integer>();
-      final List<Integer> allrs = new ArrayList<Integer>();
-      logstr += "Got rs: " + (System.currentTimeMillis() - begin_t) + " s\n";
-      long count = 0;
-
-      long count2 = 0;
-      // @todo here, we must operate on sql site. only retrieve different permissions
-      while (rs.next()) {
-        final long t1 = System.currentTimeMillis();
-        final Integer id = rs.getInt("id");
-        if (id <= 99) {
-          continue;
-        }
-        count2 += 1;
-
-        allrs.add(id);
-        final String acl_str = bytes2UTF8(rs.getBytes("ACL"));
-        if (!acl_cache.containsKey(acl_str)) {
-          count += 1;
-          acl_cache.put(
-              acl_str,
-              EntityACL.deserialize(acl_str)
-                  .isPermitted(this.getUser(), EntityPermission.RETRIEVE_ENTITY));
-        }
-
-        if (!acl_cache.get(acl_str)) {
-          toBeDeleted.add(id);
-        }
 
-        final long t2 = System.currentTimeMillis();
-        this.addBenchmark("filterEntitiesWithoutRetrievePermission", t2 - t1);
+    /*
+      * The following creates a table with the columns (entity ID, acl) from
+      * a given table with entity IDs. Here, acl is the string representation
+      * of the acl.
+      *
+      * TODO:In future, one might want to retrieve only a distinct set of acl
+      * with (acl_id, acl) and a table with (entity_id, acl_id) to reduce the
+      * amount of data being transfered.
+      */
+    final Statement stmt = this.getConnection().createStatement()
+    String logstr = "";
+    long begin_t = System.currentTimeMillis();
+    final String query =
+        ("SELECT entity_n_acl.id, entity_acl.acl from "
+          + "(select entities.id, entities.acl from entities "
+          + "inner join `" + resultSet + " as rs on entities.id=rs.id`) "
+          + "as entity_n_acl "
+          + "left join entity_acl on entity_n_acl.acl=entity_acl.id;");
+    logstr += "SQL query: " + query + "\n";
+    final ResultSet entities_with_acl = stmt.executeQuery(query);
+
+    final HashMap<String, Boolean> acl_cache = new HashMap<String, Boolean>();
+    final List<Integer> toBeDeleted = new LinkedList<Integer>();
+    final List<Integer> allrs = new ArrayList<Integer>();
+    logstr += "Got rs: " + (System.currentTimeMillis() - begin_t) + " s\n";
+    long count = 0;
+    long count2 = 0;
+
+    // @todo here, we must operate on sql site. only retrieve different permissions
+    while (entities_with_acl.next()) {
+      final long t1 = System.currentTimeMillis();
+      final Integer id = entities_with_acl.getInt("id");
+      if (id <= 99) {
+        continue;
+      }
+      count2 += 1;
+      allrs.add(id);
+
+      final String acl_str = bytes2UTF8(entities_with_acl.getBytes("ACL"));
+      if (!acl_cache.containsKey(acl_str)) {
+        count += 1;
+        acl_cache.put(
+            acl_str,
+            EntityACL.deserialize(acl_str)
+                .isPermitted(this.getUser(), EntityPermission.RETRIEVE_ENTITY));
       }
-      logstr += "done with looking up acl: " + (System.currentTimeMillis() - begin_t) + " s\n";
-
-      allrs.sort(Comparator.naturalOrder());
-      logstr += "iterations: " + count + "\n";
-      logstr += "iterations: " + count2 + "\n";
-
-      logstr += "Full time: " + (System.currentTimeMillis() - begin_t) + "\n";
-
-      this.logger.warn(logstr);
 
-      rs.close();
-      for (final Integer id : toBeDeleted) {
-        stmt.execute("DELETE FROM `" + resultSet + "` WHERE id = " + id);
+      if (!acl_cache.get(acl_str)) {
+        toBeDeleted.add(id);
       }
 
-    } catch (SQLException e1) {
-      // TODO Auto-generated catch block
-      e1.printStackTrace();
-    } catch (final TransactionException e) {
-      this.logger.warn("Error in result filter");
+      final long t2 = System.currentTimeMillis();
+      this.addBenchmark("filterEntitiesWithoutRetrievePermission", t2 - t1);
+    }
+    logstr += "done with looking up acl: " + (System.currentTimeMillis() - begin_t) + " s\n";
+    entities_with_acl.close();
+    allrs.sort(Comparator.naturalOrder());
+    logstr += "iterations: " + count + "\n";
+    logstr += "iterations: " + count2 + "\n";
+    logstr += "Full time: " + (System.currentTimeMillis() - begin_t) + "\n";
+    this.logger.warn(logstr);
+    // TODO is there a better way than the following?
+    for (final Integer id : toBeDeleted) {
+      stmt.execute("DELETE FROM `" + resultSet + "` WHERE id = " + id);
     }
   }