diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/RoleCodeTranslator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/RoleCodeTranslator.java
index 5c14f20e72f910c8d0517c9af1c9c900cd0a769b..286004542d10515e483a71eb16da7ec4e7064261 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/RoleCodeTranslator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/client/web/server/translator/RoleCodeTranslator.java
@@ -37,14 +37,13 @@ public final class RoleCodeTranslator
switch (code)
{
case GROUP_ADMIN:
- return RoleCode.ADMIN;
- case GROUP_ETL_SERVER:
- return RoleCode.ETL_SERVER;
case INSTANCE_ADMIN:
return RoleCode.ADMIN;
+ case GROUP_ETL_SERVER:
case INSTANCE_ETL_SERVER:
return RoleCode.ETL_SERVER;
case OBSERVER:
+ case INSTANCE_ADMIN_OBSERVER:
return RoleCode.OBSERVER;
case POWER_USER:
return RoleCode.POWER_USER;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RoleSet.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RoleSet.java
index 2c25e3cb137b6a3052a749aa0e8c3d0def2852c6..5cb50272a5a9a674148543e5693f9ed5ae1bb08c 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RoleSet.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/authorization/annotation/RoleSet.java
@@ -35,14 +35,16 @@ public enum RoleSet
NONE(),
INSTANCE_ADMIN(instanceRole(RoleCode.ADMIN)),
-
+
GROUP_ADMIN(INSTANCE_ADMIN, groupRole(RoleCode.ADMIN)),
POWER_USER(GROUP_ADMIN, groupRole(RoleCode.POWER_USER)),
USER(POWER_USER, groupRole(RoleCode.USER)),
- OBSERVER(USER, groupRole(RoleCode.OBSERVER)),
+ INSTANCE_ADMIN_OBSERVER(USER, instanceRole(RoleCode.OBSERVER)),
+
+ OBSERVER(INSTANCE_ADMIN_OBSERVER, groupRole(RoleCode.OBSERVER)),
ETL_SERVER(INSTANCE_ADMIN, groupRole(RoleCode.ETL_SERVER), instanceRole(RoleCode.ETL_SERVER));
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleSetCode.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleSetCode.java
index b5ff2559b81cbf6f07604ea8545f294b2bacb1b8..c227b17121dbf5bce058df4332f96b5cfe87fe77 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleSetCode.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/basic/dto/RoleSetCode.java
@@ -24,7 +24,7 @@ import com.google.gwt.user.client.rpc.IsSerializable;
public enum RoleSetCode implements IsSerializable
{
OBSERVER(true), USER(true), POWER_USER(true), GROUP_ETL_SERVER(true), GROUP_ADMIN(true),
- INSTANCE_ETL_SERVER(false), INSTANCE_ADMIN(false);
+ INSTANCE_ETL_SERVER(false), INSTANCE_ADMIN(false), INSTANCE_ADMIN_OBSERVER(false);
private final boolean groupLevel;
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java
index 8e00d170318d943b863a6be4593d4e49b72f3a63..d8e27b0043ac679fbdf55e19f72e23a05b20a162 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/translator/RoleAssignmentTranslator.java
@@ -76,7 +76,13 @@ public final class RoleAssignmentTranslator
}
break;
case OBSERVER:
- code = RoleSetCode.OBSERVER;
+ if (role.getGroup() == null)
+ {
+ code = RoleSetCode.INSTANCE_ADMIN_OBSERVER;
+ } else
+ {
+ code = RoleSetCode.OBSERVER;
+ }
break;
case USER:
code = RoleSetCode.USER;