diff --git a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
index 91d707c67..e05bdb7f1 100644
--- a/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
+++ b/hawkbit-autoconfigure/src/main/java/org/eclipse/hawkbit/autoconfigure/security/SecurityManagedConfiguration.java
@@ -321,7 +321,7 @@ public class SecurityManagedConfiguration {
                     userAuthenticationFilter.destroy();
                 }
             }, RequestHeaderAuthenticationFilter.class)
-                    .addFilterAfter(new AuthenticationSuccessTenantMetadataCreationFilter(tenantAware, systemManagement,
+                    .addFilterAfter(new AuthenticationSuccessTenantMetadataCreationFilter(systemManagement,
                             systemSecurityContext), SessionManagementFilter.class)
                     .authorizeRequests().anyRequest().authenticated()
                     .antMatchers(MgmtRestConstants.BASE_SYSTEM_MAPPING + "/admin/**")
@@ -531,8 +531,8 @@ class TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler extends
     public void onAuthenticationSuccess(final Authentication authentication) throws Exception {
 
         if (authentication.getClass().equals(TenantUserPasswordAuthenticationToken.class)) {
-            systemManagement
-                    .getTenantMetadata(((TenantUserPasswordAuthenticationToken) authentication).getTenant().toString());
+            systemSecurityContext.runAsSystemAsTenant(() -> systemManagement.getTenantMetadata(),
+                    ((TenantUserPasswordAuthenticationToken) authentication).getTenant().toString());
         } else if (authentication.getClass().equals(UsernamePasswordAuthenticationToken.class)) {
             // TODO: vaadin4spring-ext-security does not give us the
             // fullyAuthenticatedToken
@@ -542,8 +542,7 @@ class TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler extends
             // vaadin4spring 0.0.7 because it
             // has been fixed.
             final String defaultTenant = "DEFAULT";
-            systemSecurityContext.runAsSystemAsTenant(() -> systemManagement.getTenantMetadata(defaultTenant),
-                    defaultTenant);
+            systemSecurityContext.runAsSystemAsTenant(() -> systemManagement.getTenantMetadata(), defaultTenant);
         }
 
         super.onAuthenticationSuccess(authentication);
@@ -555,13 +554,11 @@ class TenantMetadataSavedRequestAwareVaadinAuthenticationSuccessHandler extends
  */
 class AuthenticationSuccessTenantMetadataCreationFilter implements Filter {
 
-    private final TenantAware tenantAware;
     private final SystemManagement systemManagement;
     private final SystemSecurityContext systemSecurityContext;
 
-    AuthenticationSuccessTenantMetadataCreationFilter(final TenantAware tenantAware,
-            final SystemManagement systemManagement, final SystemSecurityContext systemSecurityContext) {
-        this.tenantAware = tenantAware;
+    AuthenticationSuccessTenantMetadataCreationFilter(final SystemManagement systemManagement,
+            final SystemSecurityContext systemSecurityContext) {
         this.systemManagement = systemManagement;
         this.systemSecurityContext = systemSecurityContext;
     }
@@ -575,14 +572,10 @@ class AuthenticationSuccessTenantMetadataCreationFilter implements Filter {
     public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain)
             throws IOException, ServletException {
 
-        final String currentTenant = tenantAware.getCurrentTenant();
-        if (currentTenant != null) {
-            // lazy initialize tenant meta data after successful authentication
-            systemSecurityContext.runAsSystemAsTenant(() -> systemManagement.getTenantMetadata(currentTenant),
-                    currentTenant);
-        }
-
+        // lazy initialize tenant meta data after successful authentication
+        systemSecurityContext.runAsSystem(() -> systemManagement.getTenantMetadata());
         chain.doFilter(request, response);
+
     }
 
     @Override
diff --git a/hawkbit-mgmt-resource/src/main/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetResource.java b/hawkbit-mgmt-resource/src/main/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetResource.java
index e872e0221..721995d88 100644
--- a/hawkbit-mgmt-resource/src/main/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetResource.java
+++ b/hawkbit-mgmt-resource/src/main/java/org/eclipse/hawkbit/mgmt/rest/resource/MgmtDistributionSetResource.java
@@ -40,7 +40,6 @@ import org.eclipse.hawkbit.repository.model.SoftwareModule;
 import org.eclipse.hawkbit.repository.model.Target;
 import org.eclipse.hawkbit.repository.model.TargetWithActionType;
 import org.eclipse.hawkbit.security.SystemSecurityContext;
-import org.eclipse.hawkbit.tenancy.TenantAware;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -73,9 +72,6 @@ public class MgmtDistributionSetResource implements MgmtDistributionSetRestApi {
     @Autowired
     private SystemManagement systemManagement;
 
-    @Autowired
-    private TenantAware currentTenant;
-
     @Autowired
     private EntityFactory entityFactory;
 
@@ -123,8 +119,8 @@ public class MgmtDistributionSetResource implements MgmtDistributionSetRestApi {
 
         LOG.debug("creating {} distribution sets", sets.size());
         // set default Ds type if ds type is null
-        final String defaultDsKey = systemSecurityContext.runAsSystem(() -> this.systemManagement
-                .getTenantMetadata(this.currentTenant.getCurrentTenant()).getDefaultDsType().getKey());
+        final String defaultDsKey = systemSecurityContext
+                .runAsSystem(() -> this.systemManagement.getTenantMetadata().getDefaultDsType().getKey());
         sets.stream().filter(ds -> ds.getType() == null).forEach(ds -> ds.setType(defaultDsKey));
 
         final Iterable<DistributionSet> createdDSets = this.distributionSetManagement
diff --git a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/AbstractIntegrationTest.java b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/AbstractIntegrationTest.java
index 3d09fabc3..c12a3b0b3 100644
--- a/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/AbstractIntegrationTest.java
+++ b/hawkbit-repository/hawkbit-repository-test/src/main/java/org/eclipse/hawkbit/repository/test/util/AbstractIntegrationTest.java
@@ -8,6 +8,9 @@
  */
 package org.eclipse.hawkbit.repository.test.util;
 
+import static org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions.CONTROLLER_ROLE;
+import static org.eclipse.hawkbit.im.authentication.SpPermission.SpringEvalExpressions.SYSTEM_ROLE;
+
 import org.eclipse.hawkbit.ExcludePathAwareShallowETagFilter;
 import org.eclipse.hawkbit.repository.ArtifactManagement;
 import org.eclipse.hawkbit.repository.ControllerManagement;
@@ -58,7 +61,7 @@ import org.springframework.web.context.WebApplicationContext;
 @RunWith(SpringJUnit4ClassRunner.class)
 @WebAppConfiguration
 @ActiveProfiles({ "test" })
-@WithUser(principal = "bumlux", allSpPermissions = true, authorities = "ROLE_CONTROLLER")
+@WithUser(principal = "bumlux", allSpPermissions = true, authorities = { CONTROLLER_ROLE, SYSTEM_ROLE })
 @SpringApplicationConfiguration(classes = { TestConfiguration.class })
 // destroy the context after each test class because otherwise we get problem
 // when context is