diff --git a/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/contentProviderAggregationServiceNoAuthorization.py b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/contentProviderAggregationServiceNoAuthorization.py
new file mode 100644
index 0000000000000000000000000000000000000000..d6e918a8a0cb65cae2f46c593f0d26091e67c86d
--- /dev/null
+++ b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/contentProviderAggregationServiceNoAuthorization.py
@@ -0,0 +1,7 @@
+def aggregate(parameters, tableBuilder):
+  dataSetCode = parameters.get('dataset-code')
+  content = contentProviderUnfiltered.getContent(dataSetCode)
+  
+  tableBuilder.addHeader("name")
+  row = tableBuilder.addRow()
+  row.setCell("name", content.rootNode.getName())
\ No newline at end of file
diff --git a/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/plugin.properties b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/plugin.properties
new file mode 100644
index 0000000000000000000000000000000000000000..6709a06b2f57db52d2d7dc2ce455881bd75b84f7
--- /dev/null
+++ b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service-no-authorization/plugin.properties
@@ -0,0 +1,3 @@
+label = Test Content Provider Aggregation Reporting
+class = ch.systemsx.cisd.openbis.dss.generic.server.plugins.jython.JythonAggregationService
+script-path = contentProviderAggregationServiceNoAuthorization.py
\ No newline at end of file
diff --git a/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/contentProviderAggregationService.py b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/contentProviderAggregationService.py
new file mode 100644
index 0000000000000000000000000000000000000000..cfe0e8e545998f62a193c13f4784c0d6da7292c9
--- /dev/null
+++ b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/contentProviderAggregationService.py
@@ -0,0 +1,8 @@
+def aggregate(parameters, tableBuilder):
+  dataSetCode = parameters.get('dataset-code')
+  content = contentProvider.getContent(dataSetCode)
+  
+  tableBuilder.addHeader("name")
+  
+  row = tableBuilder.addRow()
+  row.setCell("name", content.rootNode.getName())
\ No newline at end of file
diff --git a/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/plugin.properties b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/plugin.properties
new file mode 100644
index 0000000000000000000000000000000000000000..601b2bb18186d7c46fb71c2cfe60cead721b3660
--- /dev/null
+++ b/datastore_server/sourceTest/core-plugins/generic-test/1/dss/reporting-plugins/content-provider-aggregation-service/plugin.properties
@@ -0,0 +1,3 @@
+label = Test Content Provider Aggregation Reporting
+class = ch.systemsx.cisd.openbis.dss.generic.server.plugins.jython.JythonAggregationService
+script-path = contentProviderAggregationService.py
\ No newline at end of file
diff --git a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/datastoreserver/systemtests/QueryFacadeTest.java b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/datastoreserver/systemtests/QueryFacadeTest.java
index f099c192e89d5a0202ff9e30247af659b1a5278b..43244dc80d7f25f2b73e63e57b164c9dded0249c 100644
--- a/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/datastoreserver/systemtests/QueryFacadeTest.java
+++ b/datastore_server/sourceTest/java/ch/systemsx/cisd/openbis/datastoreserver/systemtests/QueryFacadeTest.java
@@ -46,10 +46,13 @@ public class QueryFacadeTest extends SystemTestCase
 
     private IQueryApiFacade queryFacade;
 
+    private IQueryApiFacade observerFacade;
+
     @BeforeMethod
     public void beforeMethod()
     {
         queryFacade = createServiceFacade("test");
+        observerFacade = createServiceFacade("observer");
     }
 
     @Test
@@ -170,6 +173,69 @@ public class QueryFacadeTest extends SystemTestCase
         assertTrue("Did not find a sample called [JYTHON-TEST]", foundSample);
     }
 
+    /**
+     * The observer trying to access the forbidden dataset via the authorized content provider.
+     */
+    @Test(expectedExceptions = Exception.class)
+    public void testJythonAggregationServiceWithContentProviderAuthentication() throws Exception
+    {
+        AggregationServiceDescription service =
+                getAggregationServiceDescription("content-provider-aggregation-service");
+        HashMap<String, Object> parameters = new HashMap<String, Object>();
+        parameters.put("dataset-code", "20081105092159111-1");
+
+        File content = new File(new File(new File(store, "42"), "a"), "1");
+        content.mkdirs();
+
+        observerFacade.createReportFromAggregationService(service, parameters);
+    }
+
+    /**
+     * The testcase, where the observer tries to acces the dataset that he cannot see, but through
+     * the non-authorized content provider.
+     */
+    @Test
+    public void testJythonAggregationServiceWithoutContentProviderAuthentication() throws Exception
+    {
+        AggregationServiceDescription service =
+                getAggregationServiceDescription("content-provider-aggregation-service-no-authorization");
+        HashMap<String, Object> parameters = new HashMap<String, Object>();
+        parameters.put("dataset-code", "20081105092159111-1");
+
+        File content = new File(new File(new File(store, "42"), "a"), "1");
+        content.mkdirs();
+
+        QueryTableModel table =
+                observerFacade.createReportFromAggregationService(service, parameters);
+
+        assertEquals("[name]", getHeaders(table).toString());
+        assertEquals("[1]", Arrays.asList(table.getRows().get(0)).toString());
+        assertEquals(1, table.getRows().size());
+    }
+
+    /**
+     * The authorized user tries to access the dataset via the authorized content provider.
+     */
+    @Test
+    public void testJythonAggregationServiceWithContentProviderAuthenticationAndAuthorizedUser()
+            throws Exception
+    {
+        AggregationServiceDescription service =
+                getAggregationServiceDescription("content-provider-aggregation-service");
+        HashMap<String, Object> parameters = new HashMap<String, Object>();
+        parameters.put("dataset-code", "20081105092159111-1");
+
+        File content = new File(new File(new File(store, "42"), "a"), "1");
+        content.mkdirs();
+
+        QueryTableModel table =
+ queryFacade.createReportFromAggregationService(service, parameters);
+
+        assertEquals("[name]", getHeaders(table).toString());
+        assertEquals("[1]", Arrays.asList(table.getRows().get(0)).toString());
+        assertEquals(1, table.getRows().size());
+    }
+
     private IQueryApiFacade createServiceFacade(String userName)
     {
         return FacadeFactory.create(OPENBIS_URL, userName, "a");