diff --git a/src/main/java/org/caosdb/server/database/backend/transaction/RetrieveFullEntityTransaction.java b/src/main/java/org/caosdb/server/database/backend/transaction/RetrieveFullEntityTransaction.java
index a45a86a15c4f1ce72482c57f1a30d5a70f2a6624..e4d198c2f03e546b0b86f4f08b513501e961fcb2 100644
--- a/src/main/java/org/caosdb/server/database/backend/transaction/RetrieveFullEntityTransaction.java
+++ b/src/main/java/org/caosdb/server/database/backend/transaction/RetrieveFullEntityTransaction.java
@@ -26,12 +26,11 @@ package org.caosdb.server.database.backend.transaction;
 
 import java.util.LinkedList;
 import java.util.List;
-import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
 import org.caosdb.server.database.BackendTransaction;
 import org.caosdb.server.database.exceptions.EntityDoesNotExistException;
 import org.caosdb.server.datatype.CollectionValue;
 import org.caosdb.server.datatype.IndexedSingleValue;
-import org.caosdb.server.accessControl.Principal;
 import org.caosdb.server.datatype.ReferenceValue;
 import org.caosdb.server.entity.EntityID;
 import org.caosdb.server.entity.EntityInterface;
@@ -61,17 +60,24 @@ import org.caosdb.server.utils.EntityStatus;
 public class RetrieveFullEntityTransaction extends BackendTransaction {
 
   private final Container<? extends EntityInterface> container;
-  private final Principal principal;
+  private final Subject subject;
 
   public RetrieveFullEntityTransaction(final EntityInterface entity) {
     final Container<EntityInterface> c = new Container<>();
     c.add(entity);
     this.container = c;
+    this.subject = null;
   }
 
-  public RetrieveFullEntityTransaction(final Container<? extends EntityInterface> container, final Principal principal) {
+  public RetrieveFullEntityTransaction(
+      final Container<? extends EntityInterface> container, final Subject subject) {
     this.container = container;
-    this.principal = principal;
+    this.subject = subject;
+  }
+
+  public RetrieveFullEntityTransaction(final Container<? extends EntityInterface> container) {
+    this.container = container;
+    this.subject = null;
   }
 
   public RetrieveFullEntityTransaction(final EntityID id) {
@@ -227,10 +233,12 @@ public class RetrieveFullEntityTransaction extends BackendTransaction {
       final ReferenceValue value, final List<Selection> selections, final String propertyName) {
     final RetrieveEntity ref = new RetrieveEntity(value.getId());
 
-    // check whether the referenced entity may be retrieved
-    final EntityACL entityACL = ref.getEntityACL();
-    if (!entityACL.isPermitted(this.principal, EntityPermission.RETRIEVE_ENTITY)) {
-      return;
+    if (this.subject != null) {
+      // check whether the referenced entity may be retrieved
+      final EntityACL entityACL = ref.getEntityACL();
+      if (!entityACL.isPermitted(this.subject, EntityPermission.RETRIEVE_ENTITY)) {
+        return;
+      }
     }
     // recursion! (Only for the matching selections)
     retrieveFullEntity(ref, getSubSelects(selections, propertyName));
diff --git a/src/main/java/org/caosdb/server/entity/RetrieveEntity.java b/src/main/java/org/caosdb/server/entity/RetrieveEntity.java
index 887e7d126b4b6da3983a276e3f40eb226e2b2b92..69df103a42c7d67889b47c8b303155f7b68571bd 100644
--- a/src/main/java/org/caosdb/server/entity/RetrieveEntity.java
+++ b/src/main/java/org/caosdb/server/entity/RetrieveEntity.java
@@ -24,7 +24,7 @@
  */
 package org.caosdb.server.entity;
 
-//TODO document the use of this class; it seems to exist of only constructors
+// TODO document the use of this class; it seems to exist of only constructors
 
 public class RetrieveEntity extends Entity {
 
diff --git a/src/main/java/org/caosdb/server/query/Query.java b/src/main/java/org/caosdb/server/query/Query.java
index 29361d3a5f09ffc53cae52b3a767f31a1816c0c2..507dc9d4c75643b7307cb5e43528e68056756555 100644
--- a/src/main/java/org/caosdb/server/query/Query.java
+++ b/src/main/java/org/caosdb/server/query/Query.java
@@ -77,7 +77,6 @@ import org.caosdb.server.transaction.WriteTransaction;
 import org.jdom2.Element;
 import org.slf4j.Logger;
 
-
 // TODO Document: The query is initialized with a RetrieveTransaction and its
 // Container. The container is filled by the Query with the resulting IDs. The
 // Retrieve transaction then handles the retrieve of all respective Entities.
diff --git a/src/main/java/org/caosdb/server/transaction/Retrieve.java b/src/main/java/org/caosdb/server/transaction/Retrieve.java
index 643c1201b530af9821c9a5c1a7b62f7c5d04cf52..54500c5932d7d8e4af41b5d88f79a2f5f914492f 100644
--- a/src/main/java/org/caosdb/server/transaction/Retrieve.java
+++ b/src/main/java/org/caosdb/server/transaction/Retrieve.java
@@ -114,7 +114,7 @@ public class Retrieve extends Transaction<RetrieveContainer> {
 
   private void retrieveFullEntities(final RetrieveContainer container, final Access access)
       throws Exception {
-    execute(new RetrieveFullEntityTransaction(container), access);
+    execute(new RetrieveFullEntityTransaction(container, getTransactor()), access);
   }
 
   @Override