diff --git a/hsarback/src/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java b/hsarback/src/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java
index ff8b392..29f916b 100644
--- a/hsarback/src/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java
@@ -3,11 +3,13 @@ package de.hsadmin.mods.db;
 import java.util.List;
 
 import javax.persistence.EntityManager;
+import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.HSAdminException;
+import de.hsadmin.mods.pac.Pac;
 import de.hsadmin.mods.user.UnixUser;
 
 public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
@@ -25,11 +27,15 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
 		MySqlDatabase database = (MySqlDatabase) newEntity;
 		String name = database.getName();
-		String pacname = database.getPac().getName();
-		if (!name.startsWith(pacname) || name.length() < 7) {
+		if (name.length() < 7 || name.charAt(5) != '_') {
 			throw new AuthorisationException(getLoginUser(), "add", newEntity);
 		}
-		if (name.charAt(5) != '_') {
+		EntityManager em = getTransaction().getEntityManager();
+		Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
+		qPac.setParameter("pacName", name.substring(0, 5));
+		Object singleResult = qPac.getSingleResult();
+		Pac pac = (Pac) singleResult;
+		if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
 			throw new AuthorisationException(getLoginUser(), "add", newEntity);
 		}
 		return super.add(newEntity);
diff --git a/hsarback/src/de/hsadmin/mods/db/MySqlUserModuleImpl.java b/hsarback/src/de/hsadmin/mods/db/MySqlUserModuleImpl.java
index ae7ade2..ae0cbbc 100644
--- a/hsarback/src/de/hsadmin/mods/db/MySqlUserModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/db/MySqlUserModuleImpl.java
@@ -2,10 +2,14 @@ package de.hsadmin.mods.db;
 
 import java.util.List;
 
+import javax.persistence.EntityManager;
+import javax.persistence.Query;
+
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.HSAdminException;
+import de.hsadmin.mods.pac.Pac;
 
 public class MySqlUserModuleImpl extends AbstractModuleImpl {
 
@@ -13,14 +17,18 @@ public class MySqlUserModuleImpl extends AbstractModuleImpl {
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
 		MySqlUser user = (MySqlUser) newEntity;
 		String name = user.getName();
+		if (name.length() < 7 || name.charAt(5) != '_') {
+			throw new AuthorisationException(getLoginUser(), "add", newEntity);
+		}
 		if (name.length() > 16) {
-			throw new AuthorisationException(getLoginUser(), "add", newEntity);
+			throw new HSAdminException("mysql database name max. length is 16 characters");
 		}
-		String pacname = user.getPac().getName();
-		if (!name.startsWith(pacname) || name.length() < 7) {
-			throw new AuthorisationException(getLoginUser(), "add", newEntity);
-		}
-		if (name.charAt(5) != '_') {
+		EntityManager em = getTransaction().getEntityManager();
+		Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
+		qPac.setParameter("pacName", name.substring(0, 5));
+		Object singleResult = qPac.getSingleResult();
+		Pac pac = (Pac) singleResult;
+		if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
 			throw new AuthorisationException(getLoginUser(), "add", newEntity);
 		}
 		return super.add(newEntity);
diff --git a/hsarback/src/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java b/hsarback/src/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java
index 236ab45..89e970e 100644
--- a/hsarback/src/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java
@@ -3,11 +3,13 @@ package de.hsadmin.mods.db;
 import java.util.List;
 
 import javax.persistence.EntityManager;
+import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.HSAdminException;
+import de.hsadmin.mods.pac.Pac;
 import de.hsadmin.mods.user.UnixUser;
 
 public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
@@ -24,11 +26,15 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
 		PgSqlDatabase database = (PgSqlDatabase) newEntity;
 		String name = database.getName();
-		String pacname = database.getPac().getName();
-		if (!name.startsWith(pacname) || name.length() < 7) {
+		if (name.length() < 7 || name.charAt(5) != '_') {
 			throw new AuthorisationException(getLoginUser(), "add", newEntity);
 		}
-		if (name.charAt(5) != '_') {
+		EntityManager em = getTransaction().getEntityManager();
+		Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
+		qPac.setParameter("pacName", name.substring(0, 5));
+		Object singleResult = qPac.getSingleResult();
+		Pac pac = (Pac) singleResult;
+		if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
 			throw new AuthorisationException(getLoginUser(), "add", newEntity);
 		}
 		return super.add(newEntity);
diff --git a/hsarback/src/de/hsadmin/mods/db/PgSqlUserModuleImpl.java b/hsarback/src/de/hsadmin/mods/db/PgSqlUserModuleImpl.java
index 5ced202..9e9fa31 100644
--- a/hsarback/src/de/hsadmin/mods/db/PgSqlUserModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/db/PgSqlUserModuleImpl.java
@@ -2,10 +2,14 @@ package de.hsadmin.mods.db;
 
 import java.util.List;
 
+import javax.persistence.EntityManager;
+import javax.persistence.Query;
+
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.HSAdminException;
+import de.hsadmin.mods.pac.Pac;
 
 public class PgSqlUserModuleImpl extends AbstractModuleImpl {
 
@@ -13,11 +17,15 @@ public class PgSqlUserModuleImpl extends AbstractModuleImpl {
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
 		PgSqlUser user = (PgSqlUser) newEntity;
 		String name = user.getName();
-		String pacname = user.getPac().getName();
-		if (!name.startsWith(pacname) || name.length() < 7) {
+		if (name.length() < 7 || name.charAt(5) != '_') {
 			throw new AuthorisationException(getLoginUser(), "add", newEntity);
 		}
-		if (name.charAt(5) != '_') {
+		EntityManager em = getTransaction().getEntityManager();
+		Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
+		qPac.setParameter("pacName", name.substring(0, 5));
+		Object singleResult = qPac.getSingleResult();
+		Pac pac = (Pac) singleResult;
+		if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
 			throw new AuthorisationException(getLoginUser(), "add", newEntity);
 		}
 		return super.add(newEntity);