diff --git a/src/main/java/caosdb/server/jobs/core/Atomic.java b/src/main/java/caosdb/server/jobs/core/Atomic.java
index f41eba282f750e6ec0f388d801e0eeabc7c60352..cdc9f25d7367a9732dcdcc9a0e03dd5e359acaa2 100644
--- a/src/main/java/caosdb/server/jobs/core/Atomic.java
+++ b/src/main/java/caosdb/server/jobs/core/Atomic.java
@@ -27,11 +27,15 @@ import caosdb.server.entity.EntityInterface;
 import caosdb.server.jobs.ContainerJob;
 import caosdb.server.jobs.JobAnnotation;
 import caosdb.server.jobs.JobExecutionTime;
+import caosdb.server.transaction.WriteTransaction;
 import caosdb.server.utils.EntityStatus;
 import caosdb.server.utils.Observable;
 import caosdb.server.utils.ServerMessages;
 
-@JobAnnotation(time = JobExecutionTime.POST_CHECK)
+@JobAnnotation(
+    time = JobExecutionTime.POST_CHECK,
+    transaction = WriteTransaction.class,
+    loadAlways = true)
 public class Atomic extends ContainerJob {
 
   private boolean doCheck() {
diff --git a/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java b/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
index cc280c69b22c44e613642ddf5ad5a2cb449c0cae..2412a43fb4c1d7091dfe974b841ffd5c5a416019 100644
--- a/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
+++ b/src/main/java/caosdb/server/jobs/extension/AWIBoxLoan.java
@@ -8,6 +8,7 @@ import caosdb.server.datatype.SingleValue;
 import caosdb.server.entity.Entity;
 import caosdb.server.entity.EntityInterface;
 import caosdb.server.entity.Message;
+import caosdb.server.entity.Message.MessageType;
 import caosdb.server.entity.wrapper.Property;
 import caosdb.server.jobs.JobAnnotation;
 import caosdb.server.jobs.core.CheckNoAdditionalPropertiesPresent;
@@ -51,6 +52,9 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
             || isRequestReturnSetUser()
             || isRequestReturnUpdateLoan())) {
       addError(ServerMessages.AUTHORIZATION_ERROR);
+      getContainer()
+          .addMessage(
+              new Message(MessageType.Info, 0, "Anonymous users have restricted permissions."));
       return;
     } else if (!(isRequestLoanSetUser()
         || isRequestLoanInsertLoan()
@@ -92,6 +96,7 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
   EntityACL getBoxACL() {
     EntityACLFactory f = new EntityACLFactory();
     f.grant(ANONYMOUS_ROLE, false, EntityPermission.UPDATE_ADD_PROPERTY);
+    f.grant(ANONYMOUS_ROLE, false, EntityPermission.UPDATE_REMOVE_PROPERTY);
     return f.create();
   }
 
@@ -127,11 +132,12 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
       for (EntityInterface e : getContainer()) {
         if (boxHasLoanProperty(e)) {
           e.addError(BOX_HAS_LOAN);
-          return true;
+          return false;
         }
         if (!isBoxRecord(e) || !hasOnlyAllowedBoxProperties4RequestLoan(e)) {
           return false;
         }
+        appendJob(e, CheckNoAdditionalPropertiesPresent.class);
       }
       return true;
     }
@@ -152,12 +158,8 @@ public class AWIBoxLoan extends AWIBoxLoanModel {
   boolean hasOnlyAllowedBoxProperties4RequestLoan(EntityInterface e) {
     int count = 0;
     for (Property p : e.getProperties()) {
-      if (p.getEntityStatus() == EntityStatus.QUALIFIED) { // this means update
-        if (Objects.equals(p.getId(), getLoanId())) {
-          count++;
-          continue;
-        }
-        return false; // this is not a Loan.
+      if (p.getEntityStatus() == EntityStatus.QUALIFIED && Objects.equals(p.getId(), getLoanId())) {
+        count++;
       }
     }
 
diff --git a/src/main/java/caosdb/server/jobs/extension/AWIBoxLoanModel.java b/src/main/java/caosdb/server/jobs/extension/AWIBoxLoanModel.java
index e4abafe1b717e914786bb24f06c56494eb82362b..a113c00e2cd81071c7b657635b3b21071ddce410 100644
--- a/src/main/java/caosdb/server/jobs/extension/AWIBoxLoanModel.java
+++ b/src/main/java/caosdb/server/jobs/extension/AWIBoxLoanModel.java
@@ -21,7 +21,7 @@ public abstract class AWIBoxLoanModel extends ContainerJob {
   boolean isBoxRecord(EntityInterface e) {
     return e.getRole() == Role.Record
         && e.getParents().size() == 1
-        && Objects.equals(retrieveValidIDByName(e.getParents().get(0).getName()), getBoxId());
+        && Objects.equals(e.getParents().get(0).getId(), getBoxId());
   }
 
   /** Is Record and has single loan parent */
diff --git a/src/main/java/caosdb/server/permissions/EntityACL.java b/src/main/java/caosdb/server/permissions/EntityACL.java
index 86346bdfa3c3846e7951e41268e117ec2a99aaab..c18bfb79ce882672cadc5a67676e67dc64c6ef0d 100644
--- a/src/main/java/caosdb/server/permissions/EntityACL.java
+++ b/src/main/java/caosdb/server/permissions/EntityACL.java
@@ -60,6 +60,8 @@ public class EntityACL {
     final EntityACLFactory f = new EntityACLFactory();
     f.grant(OWNER_ROLE, "*");
     f.grant(OTHER_ROLE, "RETRIEVE:*");
+    f.grant(Role.ANONYMOUS_ROLE, "RETRIEVE:*");
+    f.grant(Role.ANONYMOUS_ROLE, "USE:*");
     f.deny(OTHER_ROLE, "UPDATE:*");
     f.deny(OTHER_ROLE, "DELETE");
     f.deny(OTHER_ROLE, true, "EDIT:ACL");
diff --git a/src/main/java/caosdb/server/transaction/Transaction.java b/src/main/java/caosdb/server/transaction/Transaction.java
index f4dda3fb66ebe761b816e3769e8652cd62066d48..de1e5e279ee4b1cd252dda0fdf6bb23e8f93e57f 100644
--- a/src/main/java/caosdb/server/transaction/Transaction.java
+++ b/src/main/java/caosdb/server/transaction/Transaction.java
@@ -38,7 +38,6 @@ import caosdb.server.jobs.Job;
 import caosdb.server.jobs.JobExecutionTime;
 import caosdb.server.jobs.Schedule;
 import caosdb.server.jobs.core.AccessControl;
-import caosdb.server.jobs.core.Atomic;
 import caosdb.server.jobs.core.CheckDatatypePresent;
 import caosdb.server.jobs.core.CheckEntityACLRoles;
 import caosdb.server.jobs.core.Mode;
@@ -86,9 +85,6 @@ public abstract class Transaction<C extends TransactionContainer> extends Abstra
     this.schedule.add(loadContainerFlags);
     this.schedule.runJob(loadContainerFlags);
 
-    // all transactions are atomic
-    this.schedule.add(Job.getJob(Atomic.class.getSimpleName(), Mode.MUST, null, this));
-
     // AccessControl
     this.schedule.add(Job.getJob(AccessControl.class.getSimpleName(), Mode.MUST, null, this));
     this.schedule.add(Job.getJob(CheckEntityACLRoles.class.getSimpleName(), Mode.MUST, null, this));
diff --git a/src/test/java/caosdb/server/jobs/extension/TestAWIBoxLoan.java b/src/test/java/caosdb/server/jobs/extension/TestAWIBoxLoan.java
index 59ce687d2d82be5d725ebdff1eb422ec5133d597..08a0e412d8562779cb54574f94ddca932ff54777 100644
--- a/src/test/java/caosdb/server/jobs/extension/TestAWIBoxLoan.java
+++ b/src/test/java/caosdb/server/jobs/extension/TestAWIBoxLoan.java
@@ -271,7 +271,7 @@ public class TestAWIBoxLoan {
     assertEquals(EntityStatus.QUALIFIED, j.getContainer().getStatus());
 
     j.run();
-    assertEquals(1, j.getContainer().getMessages().size());
+    assertEquals(2, j.getContainer().getMessages().size());
     assertEquals(EntityStatus.UNQUALIFIED, j.getContainer().getStatus());
   }
 }