diff --git a/DLCM-Admin/src/main/java/ch/dlcm/controller/admin/OrganizationalUnitController.java b/DLCM-Admin/src/main/java/ch/dlcm/controller/admin/OrganizationalUnitController.java
index cd556b0475b5e7a6ce3211055f3f806fb6f3a1f5..8e85c66a3bd6189b181c0e08a9ce2c182bcc82db 100644
--- a/DLCM-Admin/src/main/java/ch/dlcm/controller/admin/OrganizationalUnitController.java
+++ b/DLCM-Admin/src/main/java/ch/dlcm/controller/admin/OrganizationalUnitController.java
@@ -53,6 +53,7 @@ import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody;
 
 import ch.unige.solidify.SolidifyConstants;
+import ch.unige.solidify.auth.service.ApplicationRoleListService;
 import ch.unige.solidify.controller.ResourceWithLogoController;
 import ch.unige.solidify.rest.ActionName;
 import ch.unige.solidify.rest.RestCollection;
@@ -76,7 +77,7 @@ import ch.dlcm.service.rest.propagate.PropagatePersonRemoteResourceService;
 @RestController
 @ConditionalOnBean(AdminController.class)
 @RequestMapping(UrlPath.ADMIN_ORG_UNIT)
-public class OrganizationalUnitController extends ResourceWithLogoController<OrganizationalUnit> {
+public class OrganizationalUnitController extends ResourceWithLogoController<OrganizationalUnit> implements ApplicationRoleListService {
 
   private static final Logger log = LoggerFactory.getLogger(OrganizationalUnitController.class);
 
@@ -103,7 +104,7 @@ public class OrganizationalUnitController extends ResourceWithLogoController<Org
     /**
      * Set the authenticated user as a manager on the new organizational unit
      */
-    if (httpResponse.getStatusCode() == HttpStatus.CREATED && organizationalUnit != null) {
+    if (httpResponse.getStatusCode() == HttpStatus.CREATED && organizationalUnit != null && this.isRootOrTrustedOrAdminRole()) {
 
       final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();