diff --git a/src/main/resources/db/changelog/203-hs-office-contact-rbac.md b/src/main/resources/db/changelog/203-hs-office-contact-rbac.md
new file mode 100644
index 00000000..20331ece
--- /dev/null
+++ b/src/main/resources/db/changelog/203-hs-office-contact-rbac.md
@@ -0,0 +1,45 @@
+### rbac contact
+
+This code generated was by RbacViewMermaidFlowchartGenerator at  2024-03-14T09:00:15.762621659.
+
+```mermaid
+%%{init:{'flowchart':{'htmlLabels':false}}}%%
+flowchart TB
+
+subgraph contact["`**contact**`"]
+    direction TB
+    style contact fill:#dd4901,stroke:#274d6e,stroke-width:8px
+
+    subgraph contact:roles[ ]
+        style contact:roles fill:#dd4901,stroke:white
+
+        role:contact:owner[[contact:owner]]
+        role:contact:admin[[contact:admin]]
+        role:contact:referrer[[contact:referrer]]
+    end
+
+    subgraph contact:permissions[ ]
+        style contact:permissions fill:#dd4901,stroke:white
+
+        perm:contact:DELETE{{contact:DELETE}}
+        perm:contact:UPDATE{{contact:UPDATE}}
+        perm:contact:SELECT{{contact:SELECT}}
+        perm:contact:INSERT{{contact:INSERT}}
+    end
+end
+
+%% granting roles to users
+user:creator ==> role:contact:owner
+
+%% granting roles to roles
+role:global:admin ==> role:contact:owner
+role:contact:owner ==> role:contact:admin
+role:contact:admin ==> role:contact:referrer
+
+%% granting permissions to roles
+role:contact:owner ==> perm:contact:DELETE
+role:contact:admin ==> perm:contact:UPDATE
+role:contact:referrer ==> perm:contact:SELECT
+role:global:guest ==> perm:contact:INSERT
+
+```
diff --git a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepositoryIntegrationTest.java b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepositoryIntegrationTest.java
index 6acf12f6..259f88fe 100644
--- a/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepositoryIntegrationTest.java
+++ b/src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRepositoryIntegrationTest.java
@@ -111,7 +111,7 @@ class HsOfficeContactRepositoryIntegrationTest extends ContextBasedTestWithClean
                     initialGrantNames,
                     "{ grant role hs_office_contact#anothernewcontact.owner     to role global#global.admin                          by system and assume }",
                     "{ grant perm UPDATE on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.admin    by system and assume }",
-                    "{ grant role hs_office_contact#anothernewcontact.owner     to user selfregistered-user-drew@hostsharing.org     by system and assume }",
+                    "{ grant role hs_office_contact#anothernewcontact.owner     to user selfregistered-user-drew@hostsharing.org     by hs_office_contact#anothernewcontact.owner and assume }",
                     "{ grant perm DELETE on hs_office_contact#anothernewcontact to role hs_office_contact#anothernewcontact.owner    by system and assume }",
                     "{ grant role hs_office_contact#anothernewcontact.admin     to role hs_office_contact#anothernewcontact.owner    by system and assume }",