diff --git a/src/lib/server/database.ts b/src/lib/server/database.ts
index 716859c..0d50315 100644
--- a/src/lib/server/database.ts
+++ b/src/lib/server/database.ts
@@ -463,12 +463,13 @@ export function do_users_exist(): any {
 	return (answer as any)?.[USER_DATABASE_EMPTY.slice(7, -1)];
 }
 
-export function updateUser(data: {id: number, gender?: string, name?: string, address?: string, username?: string }) {
+export function updateUser(data: {id: number, gender?: string, name?: string, address?: string, username?: string, permissions?: number }) {
 	let changed: Array<string> = []
 	if (data.gender) changed.push("gender=$gender")
 	if (data.name) changed.push("name=$name")
 	if (data.address) changed.push("address=$address")
 	if (data.username) changed.push("username=$username")
+	if (data.permissions) changed.push("permissions=$permissions")
 	
 	const update_query = "UPDATE users SET " + changed.join(", ") + " WHERE id=$id;"
 
diff --git a/src/routes/user/+page.server.ts b/src/routes/user/+page.server.ts
index f16a713..dbc6f39 100644
--- a/src/routes/user/+page.server.ts
+++ b/src/routes/user/+page.server.ts
@@ -7,6 +7,7 @@ import { fail, redirect } from "@sveltejs/kit"
 import Permissions from "$lib/permissions"
 import { toInt } from "$lib/util"
 
+import Logs from "$lib/server/log"
 import SessionStore from "$lib/server/session_store"
 import { get_user_entry_by_id, updateUser } from "$lib/server/database"
 import { change_password } from "$lib/server/auth"
@@ -19,7 +20,7 @@ export const load: PageServerLoad = ({ locals, url }) => {
 
 	let user: UserEntry|null = locals.user.toUserEntry()
 
-	if (url.searchParams.has("user")) {
+	if (locals.user.id != (toInt(url.searchParams.get("user") ?? locals.user.id.toFixed(0)))) {
 		if (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.VIEW)) {
 			return fail(403, { message: "Insufficient Permissions" })
 		}
@@ -62,7 +63,9 @@ export const actions = {
 		const password1 = data.get("password1") as string|null
 		const password2 = data.get("password2") as string|null
 
-		if (isNaN(id) || name == null || gender == null || address == null || username == null) {
+		const ua_permissions = (data.getAll("USERADMIN") as string[]).map((value) => toInt(value))
+
+		if (isNaN(id) || name == null || gender == null || address == null || username == null || ua_permissions.some((permission) => isNaN(permission))) {
 			return fail(400, { message: "invalid request" })
 		}
 
@@ -81,8 +84,11 @@ export const actions = {
 				return fail(500, { message: "Database failure"})
 			}
 		}
+			
+		let permissions = null
+		permissions = ua_permissions.reduce((pv, cv) => pv | cv)
 
-		const updated_user = updateUser({id, name, gender, address, username})
+		const updated_user = updateUser({id, name, gender, address, username, permissions})
 		SessionStore.reload_user_data(updated_user ?? locals.user)
 
 		return { message: "Erfolgreich gespeichert" }