diff --git a/.run/30-run-all.sql.run.xml b/.run/30-run-all.sql.run.xml
deleted file mode 100644
index e17e8564..00000000
--- a/.run/30-run-all.sql.run.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<component name="ProjectRunConfigurationManager">
-  <configuration default="false" name="30-run-all.sql" type="DatabaseScript" editBeforeRun="true" nameIsGenerated="true">
-    <script-file value="$PROJECT_DIR$/sql/30-run-all.sql" />
-    <script-mode>FILE</script-mode>
-    <data-source id="58980aaf-09d7-4782-a6fa-859aa1fc3986" namespace="database/&quot;postgres&quot;/schema/&quot;public&quot;" />
-    <method v="2" />
-  </configuration>
-</component>
\ No newline at end of file
diff --git a/sql/10-rbac-base.sql b/sql/10-rbac-base.sql
index 68124563..06ba3442 100644
--- a/sql/10-rbac-base.sql
+++ b/sql/10-rbac-base.sql
@@ -670,6 +670,21 @@ BEGIN
         RETURN string_to_array(currentSubject, ';');
     END; $$;
 
+CREATE OR REPLACE FUNCTION findUuidByIdName(objectTable varchar, objectIdName varchar)
+    RETURNS uuid
+    RETURNS NULL ON NULL INPUT
+    LANGUAGE plpgsql AS $$
+DECLARE
+
+BEGIN
+    /*sql = 'E ' || baseTable || '_historicize' ||
+                       ' AFTER INSERT OR DELETE OR UPDATE ON ' || baseTable ||
+                       '   FOR EACH ROW EXECUTE PROCEDURE historicize()';
+    RAISE NOTICE 'sql: %', createTriggerSQL;
+    EXECUTE createTriggerSQ*/
+
+    RETURN customerUuidByIdName(objectIdName);
+END; $$;
 
 ROLLBACK;
 SET SESSION AUTHORIZATION DEFAULT;
@@ -702,6 +717,8 @@ BEGIN
         objectNameToAssume = split_part(roleName, '#', 2);
         roleTypeToAssume = split_part(roleName, '#', 3);
 
+        objectUuidToAssume = findUuidByIdName(objectTableToAssume, objectNameToAssume);
+
         -- TODO: either the result needs to be cached at least per transaction or we need to get rid of SELCT in a loop
         SELECT uuid AS roleuuidToAssume
           FROM RbacRole r
diff --git a/sql/21-hs-customer.sql b/sql/21-hs-customer.sql
index 3fcb2b1e..a386bc32 100644
--- a/sql/21-hs-customer.sql
+++ b/sql/21-hs-customer.sql
@@ -105,10 +105,25 @@ CREATE TRIGGER deleteRbacRulesForCustomer_Trigger
     BEFORE DELETE ON customer
     FOR EACH ROW EXECUTE PROCEDURE deleteRbacRulesForCustomer();
 
+-- create a restricted view to access the textual customer ids a idName
+SET SESSION SESSION AUTHORIZATION DEFAULT;
+-- ALTER TABLE customer ENABLE ROW LEVEL SECURITY;
+DROP VIEW IF EXISTS customer_iv;
+CREATE OR REPLACE VIEW customer_iv AS
+SELECT DISTINCT target.uuid, target.prefix as idName
+  FROM customer AS target;
+-- TODO: Is it ok that everybody has access to this information?
+GRANT ALL PRIVILEGES ON customer_iv TO restricted;
+
+CREATE OR REPLACE FUNCTION customerUuidByIdName(idName varchar)
+    RETURNS uuid
+    LANGUAGE sql STRICT AS $$
+        SELECT uuid FROM customer_iv iv WHERE iv.idName=customerUuidByIdName.idName;
+    $$;
 
 -- create RBAC restricted view
 SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE customer ENABLE ROW LEVEL SECURITY;
+-- ALTER TABLE customer ENABLE ROW LEVEL SECURITY;
 DROP VIEW IF EXISTS customer_rv;
 CREATE OR REPLACE VIEW customer_rv AS
     SELECT DISTINCT target.*
diff --git a/sql/22-hs-packages.sql b/sql/22-hs-packages.sql
index cd25bc53..65eed84a 100644
--- a/sql/22-hs-packages.sql
+++ b/sql/22-hs-packages.sql
@@ -105,7 +105,7 @@ CREATE TRIGGER deleteRbacRulesForPackage_Trigger
 
 -- create RBAC-restricted view
 SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE package ENABLE ROW LEVEL SECURITY;
+-- ALTER TABLE package ENABLE ROW LEVEL SECURITY;
 DROP VIEW IF EXISTS package_rv;
 CREATE OR REPLACE VIEW package_rv AS
     SELECT DISTINCT target.*
diff --git a/sql/23-hs-unixuser.sql b/sql/23-hs-unixuser.sql
index 52ac180c..00773135 100644
--- a/sql/23-hs-unixuser.sql
+++ b/sql/23-hs-unixuser.sql
@@ -107,7 +107,7 @@ CREATE TRIGGER createRbacRulesForUnixUser_Trigger
 
 -- create RBAC-restricted view
 SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE unixuser ENABLE ROW LEVEL SECURITY;
+-- ALTER TABLE unixuser ENABLE ROW LEVEL SECURITY;
 DROP VIEW IF EXISTS unixuser_rv;
 CREATE OR REPLACE VIEW unixuser_rv AS
     SELECT DISTINCT target.*
diff --git a/sql/24-hs-domain.sql b/sql/24-hs-domain.sql
index b8588913..5435b35b 100644
--- a/sql/24-hs-domain.sql
+++ b/sql/24-hs-domain.sql
@@ -92,7 +92,7 @@ CREATE TRIGGER createRbacRulesForDomain_Trigger
 
 -- create RBAC-restricted view
 SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE Domain ENABLE ROW LEVEL SECURITY;
+-- ALTER TABLE Domain ENABLE ROW LEVEL SECURITY;
 DROP VIEW IF EXISTS domain_rv;
 CREATE OR REPLACE VIEW domain_rv AS
     SELECT DISTINCT target.*
diff --git a/sql/25-hs-emailaddress.sql b/sql/25-hs-emailaddress.sql
index 12aba6ee..80cdb759 100644
--- a/sql/25-hs-emailaddress.sql
+++ b/sql/25-hs-emailaddress.sql
@@ -76,7 +76,7 @@ CREATE TRIGGER createRbacRulesForEMailAddress_Trigger
 
 -- create RBAC-restricted view
 SET SESSION SESSION AUTHORIZATION DEFAULT;
-ALTER TABLE EMailAddress ENABLE ROW LEVEL SECURITY;
+-- ALTER TABLE EMailAddress ENABLE ROW LEVEL SECURITY;
 DROP VIEW IF EXISTS EMailAddress_rv;
 CREATE OR REPLACE VIEW EMailAddress_rv AS
     SELECT DISTINCT target.*
diff --git a/sql/28--hs-tests.sql b/sql/28-hs-tests.sql
similarity index 98%
rename from sql/28--hs-tests.sql
rename to sql/28-hs-tests.sql
index e52a2ca3..216147ca 100644
--- a/sql/28--hs-tests.sql
+++ b/sql/28-hs-tests.sql
@@ -61,7 +61,7 @@ BEGIN
       FROM unixuser_rv uu
       JOIN package_rv p ON p.uuid = uu.packageuuid
       JOIN customer_rv c ON c.uuid = p.customeruuid;
-    call expectBetween(resultCount, 30, 50);
+    call expectBetween(resultCount, 40, 60);
 
     -- hostsharing admin assuming two customer admin roles and listing all accessible domains
     -- ABORT; START TRANSACTION;
@@ -74,7 +74,7 @@ BEGIN
        JOIN unixuser_rv uu ON uu.uuid = dom.unixuseruuid
        JOIN package_rv p ON p.uuid = uu.packageuuid
        JOIN customer_rv c ON c.uuid = p.customeruuid;
-    call expectBetween(resultCount, 30, 50);
+    call expectBetween(resultCount, 20, 40);
 
     -- hostsharing admin assuming two customer admin roles and listing all accessible email addresses
     -- ABORT; START TRANSACTION;
diff --git a/sql/examples.sql b/sql/examples.sql
index bcbfe2fc..13219654 100644
--- a/sql/examples.sql
+++ b/sql/examples.sql
@@ -46,15 +46,6 @@ SET LOCAL hsadminng.currentUser TO 'mih42_customer_aaa';
 SET LOCAL hsadminng.currentTask TO 'adding customer_aaa';
 INSERT INTO package (customer_id, name) VALUES (10000, 'aaa00');
 COMMIT;
-
-SET SESSION SESSION AUTHORIZATION DEFAULT;
-CREATE ROLE hs_sel_package_1000000;
-GRANT hs_sel_package_1000000 to hs_sel_customer_10000;
-
-SET SESSION SESSION AUTHORIZATION mih42_customer_aaa;
-SELECT pg_has_role('hs_sel_package_1000000', 'MEMBER');
-
-
 -- Usage:
 
 SET hsadminng.timestamp TO '2022-07-12 08:53:27.723315';
diff --git a/sql/19--rbac-tests.sql b/sql/rbac-tests.sql
similarity index 100%
rename from sql/19--rbac-tests.sql
rename to sql/rbac-tests.sql
diff --git a/sql/11--rbac-view-options.sql b/sql/rbac-view-option-experiments.sql
similarity index 100%
rename from sql/11--rbac-view-options.sql
rename to sql/rbac-view-option-experiments.sql