diff --git a/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java b/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
index 4b88f7f..ae7c597 100644
--- a/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
+++ b/hsarback/src/de/hsadmin/mods/dom/DomainModuleImpl.java
@@ -94,18 +94,34 @@ public class DomainModuleImpl extends AbstractModuleImpl {
 		}
 		EntityManager em = getTransaction().getEntityManager();
 
-		// search for domains superior to dom
-		Query domainQuery = em.createQuery("SELECT d FROM Domains d WHERE d.name = :domainName");
-		String superior = dom.getName();
-		while (superior.contains(".")) {
-			superior = superior.substring(superior.indexOf('.') + 1);
-			domainQuery.setParameter("domainName", superior);
-			if (domainQuery.getResultList().size() > 0) {
-				DNSCheck dnsCheck = new DNSCheck(dom.getDnsMaster());
-				if (dnsCheck.checkDomain(dom.getName())) {
+		UnixUser loginUser = getLoginUser();
+		if (!loginUser.hasHostmasterRole()) {
+			// search for domains superior to dom
+			Query domainQuery = em.createQuery("SELECT d FROM Domains d WHERE d.name = :domainName");
+			String superior = dom.getName();
+			String prefix = null;
+			while (superior.contains(".")) {
+				prefix = superior.substring(0, superior.indexOf('.'));
+				superior = superior.substring(superior.indexOf('.') + 1);
+				if ("hostsharing.net".equals(superior) && admin.getName().equals(prefix)) {
 					break;
-				} else {
-					throw new HSAdminException("domain " + dom.getName() + " is not delegated to " + dom.getDnsMaster());
+				}
+				domainQuery.setParameter("domainName", superior);
+				List<?> resultList = domainQuery.getResultList();
+				if (resultList.size() > 0) {
+					Domain superDom = (Domain) resultList.get(0);
+					if (loginUser.hasPacAdminRoleFor(superDom.getUser().getPac())) {
+						break;	// same pac
+					}
+					if (loginUser.hasCustomerRoleFor(superDom.getUser().getPac().getCustomer())) {
+						break;	// same customer
+					}
+					DNSCheck dnsCheck = new DNSCheck(dom.getDnsMaster());
+					if (dnsCheck.checkDomain(dom.getName())) {
+						break;
+					} else {
+						throw new HSAdminException("domain " + dom.getName() + " is not delegated to " + dom.getDnsMaster());
+					}
 				}
 			}
 		}
@@ -179,17 +195,19 @@ public class DomainModuleImpl extends AbstractModuleImpl {
 	}
 
 	private void needsWriteAccessOn(AbstractEntity ent, String method) throws AuthorisationException {
+		UnixUser loginUser = getLoginUser();
 		if (ent instanceof Domain) {
 			Domain dom = (Domain) ent;
-			String aLoginUserName = getLoginUser().getName();
+			String aLoginUserName = loginUser.getName();
 			UnixUser domUser = dom.getUser();
 			Pac domPac = domUser.getPac();
-			boolean isPacAdmin = aLoginUserName.equals(domPac.getName());
+			boolean isPacAdmin = loginUser.hasPacAdminRoleFor(domPac);
 			boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName());
-			if (!isPacAdmin && !isCustomer)
-				throw new AuthorisationException(getLoginUser(), method, dom);
+			boolean isHostmaster = loginUser.hasHostmasterRole();
+			if (!isPacAdmin && !isCustomer && !isHostmaster)
+				throw new AuthorisationException(loginUser, method, dom);
 		} else {
-			throw new AuthorisationException(getLoginUser(), method, ent);
+			throw new AuthorisationException(loginUser, method, ent);
 		}
 	}