diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java b/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
index ab0b43b..c39d721 100644
--- a/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
@@ -151,7 +151,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
 			throw new HSAdminException("domain admin required");
 		}
 		if (!admin.getName().equals(oldDom.getUser().getName())) {
-			throw new AuthorisationException(loginUser, "update", existingEntity);
+			throw new AuthorisationException(loginUser, "update", existingEntity, "user");
 		}
 		Query q = em.createQuery("SELECT opt FROM " + 
 				DomainOption.class.getAnnotation(javax.persistence.Entity.class).name() +
@@ -208,11 +208,14 @@ public class DomainModuleImpl extends AbstractModuleImpl {
 			String aLoginUserName = loginUser.getName();
 			UnixUser domUser = dom.getUser();
 			Pac domPac = domUser.getPac();
+			boolean isDomAdmin = aLoginUserName.equals(domUser.getName());
 			boolean isPacAdmin = loginUser.hasPacAdminRoleFor(domPac);
 			boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName());
 			boolean isHostmaster = loginUser.hasHostmasterRole();
 			if (!isPacAdmin && !isCustomer && !isHostmaster) {
-				throw new AuthorisationException(loginUser, method, dom);
+				if (!isDomAdmin && !"update".equals(method)) {
+					throw new AuthorisationException(loginUser, method, dom);
+				}
 			}
 			if (dom.isPacDomain() && !dom.getUser().getName().equals(domPac.getName())) {
 				throw new AuthorisationException(loginUser, method, dom);