diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/Privilege.java b/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/Privilege.java
index f46fdaa3..2b8668f5 100644
--- a/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/Privilege.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/Privilege.java
@@ -17,7 +17,6 @@ import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
 import ch.ethz.seb.sebserver.gbl.Constants;
-import ch.ethz.seb.sebserver.gbl.api.EntityType;
 import ch.ethz.seb.sebserver.gbl.model.user.UserAccount;
 import ch.ethz.seb.sebserver.gbl.model.user.UserInfo;
 import ch.ethz.seb.sebserver.gbl.model.user.UserRole;
@@ -110,13 +109,21 @@ public final class Privilege {
             final Long institutionId,
             final String ownerId) {
 
-        return this.hasBasePrivilege(privilegeType)
-                || ((institutionId != null) &&
-                        (this.hasInstitutionalPrivilege(privilegeType)
-                                && userInstitutionId.longValue() == institutionId
-                                        .longValue())
-                        || (this.hasOwnershipPrivilege(privilegeType)
-                                && isOwner(ownerId, userId)));
+        // Has base privilege?
+        if (this.hasBasePrivilege(privilegeType)) {
+            return true;
+        }
+
+        // has institutional privilege?
+        if ((institutionId != null)
+                && (this.hasInstitutionalPrivilege(privilegeType)
+                && userInstitutionId.longValue() == institutionId.longValue())) {
+            return true;
+        }
+
+        // has owner privilege?
+        return this.hasOwnershipPrivilege(privilegeType) && isOwner(ownerId, userId);
+
     }
 
     private boolean isOwner(final String ownerId, final String userId) {
@@ -135,54 +142,6 @@ public final class Privilege {
                 + ", ownershipPrivilege=" + this.ownershipPrivilege + "]";
     }
 
-    /** A key that combines UserRole EntityType identity */
-    public static final class RoleTypeKey {
-
-        @JsonProperty("entityType")
-        public final EntityType entityType;
-        @JsonProperty("userRole")
-        public final UserRole userRole;
-
-        @JsonCreator
-        public RoleTypeKey(
-                @JsonProperty("entityType") final EntityType type,
-                @JsonProperty("userRole") final UserRole role) {
-
-            this.entityType = type;
-            this.userRole = role;
-        }
-
-        @Override
-        public int hashCode() {
-            final int prime = 31;
-            int result = 1;
-            result = prime * result + ((this.userRole == null) ? 0 : this.userRole.hashCode());
-            result = prime * result + ((this.entityType == null) ? 0 : this.entityType.hashCode());
-            return result;
-        }
-
-        @Override
-        public boolean equals(final Object obj) {
-            if (this == obj)
-                return true;
-            if (obj == null)
-                return false;
-            if (getClass() != obj.getClass())
-                return false;
-            final RoleTypeKey other = (RoleTypeKey) obj;
-            if (this.userRole != other.userRole)
-                return false;
-            if (this.entityType != other.entityType)
-                return false;
-            return true;
-        }
-
-        @Override
-        public String toString() {
-            return "RoleTypeKey [entityType=" + this.entityType + ", userRole=" + this.userRole + "]";
-        }
-    }
-
     /** Checks if the current user has role based edit access to a specified user account.
      * <p>
      * If user account has UserRole.SEB_SERVER_ADMIN this always gives true
diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/RoleTypeKey.java b/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/RoleTypeKey.java
new file mode 100644
index 00000000..fbc49c85
--- /dev/null
+++ b/src/main/java/ch/ethz/seb/sebserver/gbl/api/authorization/RoleTypeKey.java
@@ -0,0 +1,56 @@
+package ch.ethz.seb.sebserver.gbl.api.authorization;
+
+import ch.ethz.seb.sebserver.gbl.api.EntityType;
+import ch.ethz.seb.sebserver.gbl.model.user.UserRole;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+/**
+ * A key that combines UserRole EntityType identity
+ */
+public final class RoleTypeKey {
+
+    @JsonProperty("entityType")
+    public final EntityType entityType;
+    @JsonProperty("userRole")
+    public final UserRole userRole;
+
+    @JsonCreator
+    public RoleTypeKey(
+            @JsonProperty("entityType") final EntityType type,
+            @JsonProperty("userRole") final UserRole role) {
+
+        this.entityType = type;
+        this.userRole = role;
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 31;
+        int result = 1;
+        result = prime * result + ((this.userRole == null) ? 0 : this.userRole.hashCode());
+        result = prime * result + ((this.entityType == null) ? 0 : this.entityType.hashCode());
+        return result;
+    }
+
+    @Override
+    public boolean equals(final Object obj) {
+        if (this == obj)
+            return true;
+        if (obj == null)
+            return false;
+        if (getClass() != obj.getClass())
+            return false;
+        final RoleTypeKey other = (RoleTypeKey) obj;
+        if (this.userRole != other.userRole)
+            return false;
+        if (this.entityType != other.entityType)
+            return false;
+        return true;
+    }
+
+    @Override
+    public String toString() {
+        return "RoleTypeKey [entityType=" + this.entityType + ", userRole=" + this.userRole + "]";
+    }
+}
diff --git a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java
index 264c4822..c8bef2dc 100644
--- a/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gbl/model/user/UserInfo.java
@@ -10,6 +10,7 @@ package ch.ethz.seb.sebserver.gbl.model.user;
 
 import java.io.Serializable;
 import java.util.*;
+import java.util.function.Function;
 import java.util.stream.Collectors;
 
 import javax.validation.constraints.Email;
@@ -17,6 +18,7 @@ import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
 
+import ch.ethz.seb.sebserver.gbl.api.authorization.RoleTypeKey;
 import com.fasterxml.jackson.annotation.*;
 import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -111,6 +113,9 @@ public final class UserInfo implements UserAccount, Serializable {
     @JsonProperty(ATTR_ENTITY_PRIVILEGES)
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     public final Collection<EntityPrivilege> entityPrivileges;
+    @JsonIgnore
+    public final Map<EntityKey, EntityPrivilege> entityPrivilegeMap;
+
     @JsonProperty(ATTR_FEATURE_PRIVILEGES)
     @JsonInclude(JsonInclude.Include.NON_EMPTY)
     public final Collection<FeaturePrivilege> featurePrivileges;
@@ -143,6 +148,10 @@ public final class UserInfo implements UserAccount, Serializable {
         this.timeZone = timeZone;
         this.roles = Utils.immutableSetOf(roles);
         this.entityPrivileges = Utils.immutableCollectionOf(entityPrivileges);
+        this.entityPrivilegeMap = Utils.immutableMapOf(
+                this.entityPrivileges.stream().collect(Collectors.toMap(
+                    e -> new EntityKey(e.entityId, e.entityType),
+                    Function.identity())));
         this.featurePrivileges = Utils.immutableCollectionOf(featurePrivileges);
     }
 
diff --git a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/CurrentUser.java b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/CurrentUser.java
index cb0d8dc3..51b3f9d2 100644
--- a/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/CurrentUser.java
+++ b/src/main/java/ch/ethz/seb/sebserver/gui/service/remote/webservice/auth/CurrentUser.java
@@ -28,7 +28,7 @@ import ch.ethz.seb.sebserver.gbl.Constants;
 import ch.ethz.seb.sebserver.gbl.api.API;
 import ch.ethz.seb.sebserver.gbl.api.EntityType;
 import ch.ethz.seb.sebserver.gbl.api.authorization.Privilege;
-import ch.ethz.seb.sebserver.gbl.api.authorization.Privilege.RoleTypeKey;
+import ch.ethz.seb.sebserver.gbl.api.authorization.RoleTypeKey;
 import ch.ethz.seb.sebserver.gbl.api.authorization.PrivilegeType;
 import ch.ethz.seb.sebserver.gbl.model.GrantEntity;
 import ch.ethz.seb.sebserver.gbl.model.user.UserInfo;
diff --git a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/impl/AuthorizationServiceImpl.java b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/impl/AuthorizationServiceImpl.java
index dc4fef82..849837be 100644
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/impl/AuthorizationServiceImpl.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/authorization/impl/AuthorizationServiceImpl.java
@@ -21,7 +21,7 @@ import org.springframework.stereotype.Service;
 
 import ch.ethz.seb.sebserver.gbl.api.EntityType;
 import ch.ethz.seb.sebserver.gbl.api.authorization.Privilege;
-import ch.ethz.seb.sebserver.gbl.api.authorization.Privilege.RoleTypeKey;
+import ch.ethz.seb.sebserver.gbl.api.authorization.RoleTypeKey;
 import ch.ethz.seb.sebserver.gbl.api.authorization.PrivilegeType;
 import ch.ethz.seb.sebserver.gbl.model.user.UserRole;
 import ch.ethz.seb.sebserver.gbl.profile.WebServiceProfile;
@@ -36,7 +36,7 @@ public class AuthorizationServiceImpl implements AuthorizationService {
     private final UserService userService;
 
     /** Map of role based grants for specified entity types. */
-    private final Map<Privilege.RoleTypeKey, Privilege> privileges = new HashMap<>();
+    private final Map<RoleTypeKey, Privilege> privileges = new HashMap<>();
 
     public AuthorizationServiceImpl(final UserService userService) {
         this.userService = userService;