diff --git a/app/assets/javascripts/app/controllers/_profile/notification.coffee b/app/assets/javascripts/app/controllers/_profile/notification.coffee
index 4ecedc83d..e3ed09310 100644
--- a/app/assets/javascripts/app/controllers/_profile/notification.coffee
+++ b/app/assets/javascripts/app/controllers/_profile/notification.coffee
@@ -73,7 +73,7 @@ class Index extends App.ControllerSubContent
       user_group_config = false
 
     groups = []
-    group_ids = App.User.find(@Session.get('id')).all_group_ids()
+    group_ids = App.User.find(@Session.get('id')).allGroupIds()
     if group_ids
       for group_id in group_ids
         group = App.Group.find(group_id)
diff --git a/app/assets/javascripts/app/controllers/ticket_overview.coffee b/app/assets/javascripts/app/controllers/ticket_overview.coffee
index 1cd9cf4a0..bfe22a051 100644
--- a/app/assets/javascripts/app/controllers/ticket_overview.coffee
+++ b/app/assets/javascripts/app/controllers/ticket_overview.coffee
@@ -1222,9 +1222,9 @@ class Table extends App.Controller
     ticket_ids        = _.map(items, (el) -> $(el).val() )
     ticket_group_ids  = _.map(App.Ticket.findAll(ticket_ids), (ticket) -> ticket.group_id)
     ticket_group_ids  = _.uniq(ticket_group_ids)
-    user_permissions  = App.Session.get('group_ids')
-    group_permissions = ticket_group_ids.map (id) -> user_permissions[id]
-    _.every(group_permissions, (list) -> 'full' in list || 'change' in list)
+    allowed_group_ids = App.User.find(@Session.get('id')).allGroupIds('change')
+    allowed_group_ids = _.map(allowed_group_ids, (id_string) -> parseInt(id_string, 10) )
+    _.every(ticket_group_ids, (id) -> id in allowed_group_ids)
 
   viewmode: (e) =>
     e.preventDefault()
diff --git a/app/assets/javascripts/app/models/ticket.coffee b/app/assets/javascripts/app/models/ticket.coffee
index 3e979d694..9c2f924e9 100644
--- a/app/assets/javascripts/app/models/ticket.coffee
+++ b/app/assets/javascripts/app/models/ticket.coffee
@@ -249,7 +249,7 @@ class App.Ticket extends App.Model
     user_id = App.Session.get('id')
     return true if user_id is @customer_id
     return false if !App.User.exists(user_id)
-    group_ids = App.User.find(user_id).all_group_ids(permission)
+    group_ids = App.User.find(user_id).allGroupIds(permission)
     for local_group_id in group_ids
       if local_group_id.toString() is @group_id.toString()
         return true
diff --git a/app/assets/javascripts/app/models/user.coffee b/app/assets/javascripts/app/models/user.coffee
index 9ee5ac0b5..4ae576bc3 100644
--- a/app/assets/javascripts/app/models/user.coffee
+++ b/app/assets/javascripts/app/models/user.coffee
@@ -254,7 +254,19 @@ class App.User extends App.Model
       return access if access
     false
 
-  all_group_ids: (permission = 'full') ->
+  ###
+
+    Returns a list of all groups for which the user is permitted to perform the given permission key
+
+    user = App.User.find(3)
+    result = user.allGroupIds('change') # access to a given permission key
+
+  returns
+
+    ["1", "2"]
+
+  ###
+  allGroupIds: (permission = 'full') ->
     group_ids = []
     user_group_ids = App.Session.get('group_ids')
     if user_group_ids
diff --git a/test/browser/agent_ticket_overview_level0_test.rb b/test/browser/agent_ticket_overview_level0_test.rb
index 214fee70f..455c62b2f 100644
--- a/test/browser/agent_ticket_overview_level0_test.rb
+++ b/test/browser/agent_ticket_overview_level0_test.rb
@@ -485,11 +485,12 @@ class AgentTicketOverviewLevel0Test < TestCase
       },
     )
 
-    click(
-      css: 'a[href="#manage"]',
-    )
-    click(
-      css: '.content.active a[href="#manage/groups"]',
+    role_edit(
+      data: {
+        name:                'Agent',
+        group_permissions: { 2 => ['full'],
+                             3 => ['full'], }
+      },
     )
 
     user_edit(
@@ -508,9 +509,7 @@ class AgentTicketOverviewLevel0Test < TestCase
         email:       'agent2@example.com',
         password:    'test',
         role:        'Agent',
-        permissions: { 1 => %w[read create overview],
-                       2 => ['full'],
-                       3 => ['full'], }
+        permissions: { 1 => %w[read create overview] }
       },
     )
 
diff --git a/test/browser_test_helper.rb b/test/browser_test_helper.rb
index dce8627ca..f6cf66dec 100644
--- a/test/browser_test_helper.rb
+++ b/test/browser_test_helper.rb
@@ -3816,6 +3816,17 @@ wait untill text in selector disabppears
       end
     end
 
+    if data.key?(:group_permissions)
+      data[:group_permissions].each do |key, value|
+        value.each do |permission|
+          check(
+            browser: instance,
+            css:     ".modal input[name=\"group_ids::#{key}\"][value=\"#{permission}\"]",
+          )
+        end
+      end
+    end
+
     if data.key?(:active)
       element = instance.find_elements(css: '.modal select[name="active"]')[0]
       dropdown = Selenium::WebDriver::Support::Select.new(element)