diff --git a/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java b/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java
index f033f934a8..30c03bc951 100644
--- a/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java
+++ b/scm-core/src/main/java/sonia/scm/util/SecurityUtil.java
@@ -54,7 +54,8 @@ public class SecurityUtil
    *
    * @param contextProvider
    */
-  public static void assertIsAdmin(Provider<SecurityContext> contextProvider)
+  public static void assertIsAdmin(
+          Provider<? extends SecurityContext> contextProvider)
   {
     assertIsAdmin(contextProvider.get());
   }
@@ -92,7 +93,8 @@ public class SecurityUtil
    *
    * @return
    */
-  public static User getCurrentUser(Provider<SecurityContext> contextProvider)
+  public static User getCurrentUser(
+          Provider<? extends SecurityContext> contextProvider)
   {
     AssertUtil.assertIsNotNull(contextProvider);
 
diff --git a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ConfigurationResource.java b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ConfigurationResource.java
index d3186ba1c4..08faeab28a 100644
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ConfigurationResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ConfigurationResource.java
@@ -36,11 +36,14 @@ package sonia.scm.api.rest.resources;
 //~--- non-JDK imports --------------------------------------------------------
 
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import com.google.inject.Singleton;
 
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
 import sonia.scm.util.IOUtil;
+import sonia.scm.util.SecurityUtil;
+import sonia.scm.web.security.WebSecurityContext;
 
 //~--- JDK imports ------------------------------------------------------------
 
@@ -72,11 +75,15 @@ public class ConfigurationResource
    *
    *
    * @param configuration
+   * @param securityContextProvider
    */
   @Inject
-  public ConfigurationResource(ScmConfiguration configuration)
+  public ConfigurationResource(
+          ScmConfiguration configuration,
+          Provider<WebSecurityContext> securityContextProvider)
   {
     this.configuration = configuration;
+    this.securityContextProvider = securityContextProvider;
   }
 
   //~--- get methods ----------------------------------------------------------
@@ -110,6 +117,7 @@ public class ConfigurationResource
   public Response setConfig(@Context UriInfo uriInfo,
                             ScmConfiguration newConfig)
   {
+    SecurityUtil.assertIsAdmin(securityContextProvider);
     configuration.load(newConfig);
 
     synchronized (ScmConfiguration.class)
@@ -132,4 +140,7 @@ public class ConfigurationResource
 
   /** Field description */
   public ScmConfiguration configuration;
+
+  /** Field description */
+  private Provider<WebSecurityContext> securityContextProvider;
 }