diff --git a/hsarback/src/de/hsadmin/core/qserv/QueueTask.java b/hsarback/src/de/hsadmin/core/qserv/QueueTask.java
index da1c081..ff46f96 100644
--- a/hsarback/src/de/hsadmin/core/qserv/QueueTask.java
+++ b/hsarback/src/de/hsadmin/core/qserv/QueueTask.java
@@ -74,8 +74,9 @@ public class QueueTask extends AbstractEntity implements Serializable {
 	 */
 	@Override
 	public boolean isReadAllowedFor(UnixUser loginUser) {
-		return loginUser.hasPacAdminRoleFor(getUser().getPac())
-				|| loginUser.id() == getUser().id();
+		return loginUser.hasHostmasterRole()
+			|| loginUser.hasPacAdminRoleFor(getUser().getPac())
+			|| loginUser.id() == getUser().id();
 	}
 
 	/**
diff --git a/hsarback/src/de/hsadmin/mods/user/UnixUser.java b/hsarback/src/de/hsadmin/mods/user/UnixUser.java
index 4a85470..baf97a1 100644
--- a/hsarback/src/de/hsadmin/mods/user/UnixUser.java
+++ b/hsarback/src/de/hsadmin/mods/user/UnixUser.java
@@ -287,9 +287,9 @@ public class UnixUser extends AbstractEntity implements Serializable {
 	 * determines whether this user account has admin rights on the given pac
 	 */
 	public boolean hasPacAdminRoleFor(de.hsadmin.mods.pac.Pac pac) {
-		// TODO: hardcoded Hostsharing conventions
-		return pac.getName().equals(getName())
-				|| hasCustomerRoleFor(pac.getCustomer());
+		return pac != null && 
+			(pac.getName().equals(getName())
+				|| hasCustomerRoleFor(pac.getCustomer()) );
 	}
 
 	/**