diff --git a/scm-it/src/test/java/sonia/scm/it/AnonymousAccessITCase.java b/scm-it/src/test/java/sonia/scm/it/AnonymousAccessITCase.java
index 6765f0e2d7..1b48da792b 100644
--- a/scm-it/src/test/java/sonia/scm/it/AnonymousAccessITCase.java
+++ b/scm-it/src/test/java/sonia/scm/it/AnonymousAccessITCase.java
@@ -53,7 +53,6 @@ class AnonymousAccessITCase {
 
   @Test
   void shouldRejectRepositoryResourceWithoutAuthentication() {
-    setAnonymousAccess(false);
     assertEquals(401, RestAssured.given()
       .when()
       .get(RestUtil.REST_BASE_URL.resolve("repositories/"))
diff --git a/scm-webapp/src/main/java/sonia/scm/update/repository/PublicFlagUpdateStep.java b/scm-webapp/src/main/java/sonia/scm/update/repository/PublicFlagUpdateStep.java
index 5eedce12d0..24bcbc363e 100644
--- a/scm-webapp/src/main/java/sonia/scm/update/repository/PublicFlagUpdateStep.java
+++ b/scm-webapp/src/main/java/sonia/scm/update/repository/PublicFlagUpdateStep.java
@@ -38,12 +38,13 @@ public class PublicFlagUpdateStep implements UpdateStep {
 
   @Override
   public void doUpdate() throws JAXBException {
-    createNewAnonymousUserIfNotExists();
-    deleteOldAnonymousUserIfAvailable();
-
     LOG.info("Migrating public flags of repositories as RepositoryRolePermission 'READ' for user '_anonymous'");
     V1RepositoryHelper.readV1Database(contextProvider, V1_REPOSITORY_BACKUP_FILENAME).ifPresent(
-      this::addRepositoryReadPermissionForAnonymousUser
+      v1RepositoryDatabase -> {
+        createNewAnonymousUserIfNotExists();
+        deleteOldAnonymousUserIfAvailable();
+        addRepositoryReadPermissionForAnonymousUser(v1RepositoryDatabase);
+      }
     );
   }