diff --git a/Jenkinsfile b/Jenkinsfile
index dc466d28..fc29e5c3 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -3,8 +3,9 @@ pipeline {
         dockerfile {
             filename 'etc/jenkinsAgent.Dockerfile'
             // additionalBuildArgs  ...
-            args '--network=bridge --user root -v $PWD:$PWD -v /var/run/docker.sock:/var/run/docker.sock --group-add 984'
-            reuseNode true
+            args '--network=bridge --user root -v $PWD:$PWD \
+                    -v /var/run/docker.sock:/var/run/docker.sock --group-add 984 \
+                    --memory=6g --cpus=3'
        }
     }
 
diff --git a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
index b8af04f4..547b0397 100644
--- a/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
+++ b/src/main/resources/db/changelog/1-rbac/1058-rbac-generators.sql
@@ -223,7 +223,7 @@ begin
             )
             select target.*
                 from %1$s as target
-                where target.uuid in (select * from accessible_uuids)
+                where rbac.hasGlobalAdminRole() or target.uuid in (select * from accessible_uuids)
                 order by %2$s;
 
         grant all privileges on %1$s_rv to ${HSADMINNG_POSTGRES_RESTRICTED_USERNAME};
diff --git a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
index 51cdb6c2..cf303db3 100644
--- a/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
+++ b/src/main/resources/db/changelog/1-rbac/1080-rbac-global.sql
@@ -35,6 +35,30 @@ end; $$;
 --//
 
 
+-- ============================================================================
+--changeset michael.hoennig:rbac-global-HAS-GLOBAL-ADMIN-ROLE endDelimiter:--//
+-- ----------------------------------------------------------------------------
+/*
+    Returns true if the current user is a global admin and has no assumed role.
+ */
+create or replace function rbac.hasGlobalAdminRole()
+    returns boolean
+    stable -- leakproof
+    language plpgsql as $$
+declare
+    currentSubjectOrAssumedRolesUuids text;
+begin
+    begin
+        currentSubjectOrAssumedRolesUuids := current_setting('hsadminng.currentSubjectOrAssumedRolesUuids');
+    exception
+        when others then
+            currentSubjectOrAssumedRolesUuids := null;
+    end;
+    return  currentSubjectOrAssumedRolesUuids is null or length(currentSubjectOrAssumedRolesUuids) = 0;
+end; $$;
+--//
+
+
 -- ============================================================================
 --changeset michael.hoennig:rbac-global-HAS-GLOBAL-PERMISSION endDelimiter:--//
 -- ------------------------------------------------------------------