diff --git a/authorization/src/main/java/de/hsadmin/login/Role.java b/authorization/src/main/java/de/hsadmin/login/Role.java
index 2fc089b..5fbb236 100644
--- a/authorization/src/main/java/de/hsadmin/login/Role.java
+++ b/authorization/src/main/java/de/hsadmin/login/Role.java
@@ -2,6 +2,6 @@ package de.hsadmin.login;
 
 public enum Role {
 	
-	SYSTEM, CUSTOMER, HIVE, PACKET, DOMAIN, USER, NONE, ANY
+	SYSTEM, CUSTOMER, PACKET, DOMAIN, USER, NONE, ANY
 
 }
diff --git a/services/src/main/java/de/hsadmin/service/pac/HiveService.java b/services/src/main/java/de/hsadmin/service/pac/HiveService.java
index a03eb16..b5334cb 100644
--- a/services/src/main/java/de/hsadmin/service/pac/HiveService.java
+++ b/services/src/main/java/de/hsadmin/service/pac/HiveService.java
@@ -51,7 +51,7 @@ public class HiveService extends AbstractModule<HiveVO> implements HiveServiceLo
 	}
 
 	@Override
-	@RequiredScope({@ScopePolicy(Role.SYSTEM), @ScopePolicy(value=Role.HIVE, property="name")})
+	@RequiredScope({@ScopePolicy(Role.SYSTEM)})
 	public List<HiveVO> read(final RequestContext requestContext, final HiveVO criteria) 
 			throws UserException, TechnicalException {
 		final List<HiveVO> emptyList = super.read(requestContext, criteria);
diff --git a/services/src/main/java/de/hsadmin/service/pac/PacService.java b/services/src/main/java/de/hsadmin/service/pac/PacService.java
index 7facc4f..d9994a5 100644
--- a/services/src/main/java/de/hsadmin/service/pac/PacService.java
+++ b/services/src/main/java/de/hsadmin/service/pac/PacService.java
@@ -39,7 +39,7 @@ public class PacService extends AbstractModule<PacVO> implements PacServiceLocal
 	}
 
 	@Override
-	@RequiredScope({@ScopePolicy(Role.SYSTEM)})
+	@RequiredScope({@ScopePolicy(Role.SYSTEM), @ScopePolicy(Role.CUSTOMER)})
 	public PacVO create(final RequestContext requestContext, final PacVO prototype)
 			throws UserException, TechnicalException {
 		final PacVO vo = super.create(requestContext, prototype);
@@ -59,6 +59,11 @@ public class PacService extends AbstractModule<PacVO> implements PacServiceLocal
 		bo.setBasePac(findBasePacByName(basePacProperty));
 		final String customerProperty = prototype.getCustomer();
 		assert customerProperty != null;
+		if (Role.CUSTOMER.equals(requestContext.getLoginRole())) {
+			if (!customerProperty.equals(requestContext.getLoginUser())) {
+				throw new UserException(new UserError(UserError.MSG_MISSING_AUTHORIZATION, "add"));
+			}
+		}
 		bo.setCustomer(findCustomerByName(customerProperty));
 		vo.copyPropertiesToPersistentObject(bo);
 		if (bo.getCreated() == null) {
@@ -73,7 +78,7 @@ public class PacService extends AbstractModule<PacVO> implements PacServiceLocal
 	}
 
 	@Override
-	@RequiredScope({@ScopePolicy(Role.SYSTEM), @ScopePolicy(value=Role.HIVE, property="name"), @ScopePolicy(value=Role.PACKET, property="name")})
+	@RequiredScope({@ScopePolicy(Role.SYSTEM), @ScopePolicy(Role.CUSTOMER), @ScopePolicy(value=Role.PACKET, property="name")})
 	public List<PacVO> read(final RequestContext requestContext, final PacVO criteria) 
 			throws UserException, TechnicalException {
 		final List<PacVO> emptyList = super.read(requestContext, criteria);
@@ -87,7 +92,7 @@ public class PacService extends AbstractModule<PacVO> implements PacServiceLocal
 	}
 
 	@Override
-	@RequiredScope({@ScopePolicy(Role.SYSTEM)})
+	@RequiredScope({@ScopePolicy(Role.SYSTEM), @ScopePolicy(Role.CUSTOMER)})
 	public List<PacVO> update(final RequestContext requestContext, final PacVO criteria, final PacVO prototype) 
 			throws UserException, TechnicalException {
 		final List<PacVO> pacsForUpdate = super.update(requestContext, criteria, prototype);
@@ -95,7 +100,7 @@ public class PacService extends AbstractModule<PacVO> implements PacServiceLocal
 			final Pac bo = findPacByName(vo.getName());
 			final String customerName = prototype.getCustomer();
 			if (customerName != null && !customerName.isEmpty()) {
-				Customer customer = findCustomerByName(customerName);
+				final Customer customer = findCustomerByName(customerName);
 				bo.setCustomer(customer);
 			}
 			prototype.copyPropertiesToPersistentObject(bo);
diff --git a/services/src/main/java/de/hsadmin/service/pac/PacVO.java b/services/src/main/java/de/hsadmin/service/pac/PacVO.java
index 3952700..030fe0a 100644
--- a/services/src/main/java/de/hsadmin/service/pac/PacVO.java
+++ b/services/src/main/java/de/hsadmin/service/pac/PacVO.java
@@ -71,7 +71,6 @@ public class PacVO extends AbstractVO implements ValueObject {
 	@Search(SearchPolicy.EQUALS)
 	private Boolean free;
 
-	@Required(true)
 	@ReadWrite(ReadWritePolicy.WRITEONCE)
 	@Mapping(
 			boMapping=ReferredStringPersistentObjectMapper.class,