diff --git a/scm-core/src/main/java/sonia/scm/security/RepositoryPermission.java b/scm-core/src/main/java/sonia/scm/security/RepositoryPermission.java
index 5000172536..aad7a4f126 100644
--- a/scm-core/src/main/java/sonia/scm/security/RepositoryPermission.java
+++ b/scm-core/src/main/java/sonia/scm/security/RepositoryPermission.java
@@ -53,6 +53,9 @@ import java.io.Serializable;
 public class RepositoryPermission implements Permission, Serializable
 {
 
+  /** Field description */
+  public static final String WILDCARD = "*";
+
   /** Field description */
   private static final long serialVersionUID = 3832804235417228043L;
 
@@ -144,7 +147,7 @@ public class RepositoryPermission implements Permission, Serializable
       RepositoryPermission rp = (RepositoryPermission) p;
 
       //J-
-      result = (repositoryId.equals("*") || repositoryId.equals(rp.repositoryId)) 
+      result = (repositoryId.equals(WILDCARD) || repositoryId.equals(rp.repositoryId)) 
                 && (permissionType.getValue() >= rp.permissionType.getValue());
       //J+
     }
diff --git a/scm-core/src/main/java/sonia/scm/security/Role.java b/scm-core/src/main/java/sonia/scm/security/Role.java
new file mode 100644
index 0000000000..a4e51624b9
--- /dev/null
+++ b/scm-core/src/main/java/sonia/scm/security/Role.java
@@ -0,0 +1,47 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.security;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ * @since 1.21
+ */
+public final class Role
+{
+
+  /** Field description */
+  public static final String ADMIN = "admin";
+
+  /** Field description */
+  public static final String USER = "user";
+}
diff --git a/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java b/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java
index 7ad34a9873..4b6e336fdc 100644
--- a/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java
@@ -100,12 +100,6 @@ public class ScmRealm extends AuthorizingRealm
   /** Field description */
   private static final String NAME = "scm";
 
-  /** Field description */
-  private static final String ROLE_ADMIN = "admin";
-
-  /** Field description */
-  private static final String ROLE_USER = "user";
-
   /** Field description */
   private static final String SCM_CREDENTIALS = "SCM_CREDENTIALS";
 
@@ -566,7 +560,7 @@ public class ScmRealm extends AuthorizingRealm
     Set<String> roles = Sets.newHashSet();
     List<org.apache.shiro.authz.Permission> permissions = null;
 
-    roles.add(ROLE_USER);
+    roles.add(Role.USER);
 
     if (user.isAdmin())
     {
@@ -575,9 +569,10 @@ public class ScmRealm extends AuthorizingRealm
         logger.debug("grant admin role for user {}", user.getName());
       }
 
-      roles.add(ROLE_ADMIN);
+      roles.add(Role.ADMIN);
       permissions = Lists.newArrayList();
-      permissions.add(new RepositoryPermission("*", PermissionType.OWNER));
+      permissions.add(new RepositoryPermission(RepositoryPermission.WILDCARD,
+        PermissionType.OWNER));
     }
     else
     {