diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServer.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServer.java
index 40690a7c761f74ad1599ef33d8d9f2ad2810cee7..c3fca1bbb412bfaf65c07f9f34c9f763756783bc 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServer.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/CommonServer.java
@@ -674,6 +674,7 @@ public final class CommonServer extends AbstractCommonServer<ICommonServerForInt
 
     @Override
     @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+    @ReturnValueFilter(validatorClass = ExternalDataValidator.class)
     public List<ExternalData> listSampleExternalData(final String sessionToken,
             @AuthorizationGuard(guardClass = SampleTechIdPredicate.class)
             final TechId sampleId, final boolean showOnlyDirectlyConnected)
@@ -688,6 +689,7 @@ public final class CommonServer extends AbstractCommonServer<ICommonServerForInt
 
     @Override
     @RolesAllowed(RoleWithHierarchy.SPACE_OBSERVER)
+    @ReturnValueFilter(validatorClass = ExternalDataValidator.class)
     public List<ExternalData> listExperimentExternalData(final String sessionToken,
             @AuthorizationGuard(guardClass = ExperimentTechIdPredicate.class)
             final TechId experimentId, boolean showOnlyDirectlyConnected)
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/ExternalDataValidator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/ExternalDataValidator.java
index c247fe9c12d630c1c73e9963948f188149ab8c60..a31db3db6f12427d30f105a0188f2ae5399e9eff 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/ExternalDataValidator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/ExternalDataValidator.java
@@ -29,9 +29,13 @@ public final class ExternalDataValidator extends AbstractValidator<ExternalData>
 {
     private final IValidator<Space> groupValidator;
 
+    private final IValidator<ExternalData> storageConfirmedValidator;
+
     public ExternalDataValidator()
     {
         groupValidator = new SpaceValidator();
+
+        storageConfirmedValidator = new StorageConfirmedForAdminValidator();
     }
 
     //
@@ -42,6 +46,7 @@ public final class ExternalDataValidator extends AbstractValidator<ExternalData>
     public final boolean doValidation(final PersonPE person, final ExternalData value)
     {
         final Space space = value.getExperiment().getProject().getSpace();
-        return groupValidator.isValid(person, space);
+        return groupValidator.isValid(person, space)
+                && storageConfirmedValidator.isValid(person, value);
     }
 }
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/StorageConfirmedForAdminValidator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/StorageConfirmedForAdminValidator.java
new file mode 100644
index 0000000000000000000000000000000000000000..52a86b7f003819d9bd155bc4721a76ba44175e4f
--- /dev/null
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/authorization/validator/StorageConfirmedForAdminValidator.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2011 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.openbis.generic.server.authorization.validator;
+
+import ch.systemsx.cisd.openbis.generic.shared.basic.dto.RoleWithHierarchy.RoleCode;
+import ch.systemsx.cisd.openbis.generic.shared.dto.PersonPE;
+import ch.systemsx.cisd.openbis.generic.shared.dto.RoleAssignmentPE;
+
+/**
+ * @author Franz-Josef Elmer
+ */
+public class StorageConfirmedForAdminValidator extends
+        AbstractValidator<ch.systemsx.cisd.openbis.generic.shared.basic.dto.ExternalData>
+{
+
+    private boolean isPersonAllowedForNotConfirmed(PersonPE person)
+    {
+        for (RoleAssignmentPE role : person.getAllPersonRoles())
+        {
+            if (role.getRole() == RoleCode.ADMIN || role.getRole() == RoleCode.ETL_SERVER)
+            {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    @Override
+    public boolean doValidation(PersonPE person,
+            ch.systemsx.cisd.openbis.generic.shared.basic.dto.ExternalData value)
+    {
+        return value.isStorageConfirmation() || isPersonAllowedForNotConfirmed(person);
+    }
+}