diff --git a/components/ILIAS/soap/classes/class.ilSoapObjectAdministration.php b/components/ILIAS/soap/classes/class.ilSoapObjectAdministration.php
index 17d44587d4e5..6ca6cb56e500 100755
--- a/components/ILIAS/soap/classes/class.ilSoapObjectAdministration.php
+++ b/components/ILIAS/soap/classes/class.ilSoapObjectAdministration.php
@@ -16,8 +16,6 @@
  *
  *********************************************************************/
 
-declare(strict_types=1);
-
 /**
  * Soap object administration methods
  * @author  Stefan Meyer <meyer@leifos.com>
diff --git a/components/ILIAS/soap/classes/class.ilSoapTestAdministration.php b/components/ILIAS/soap/classes/class.ilSoapTestAdministration.php
index 4152d2f16cdd..0111b76bf4c1 100755
--- a/components/ILIAS/soap/classes/class.ilSoapTestAdministration.php
+++ b/components/ILIAS/soap/classes/class.ilSoapTestAdministration.php
@@ -76,6 +76,16 @@ public function isAllowedCall(string $sid, int $active_id, bool $saveaction = tr
         }
 
         if ($saveaction) {
+            $owner_result = $ilDB->queryF(
+                "SELECT user_fi FROM tst_active WHERE active_id = %s",
+                array('integer'),
+                array($active_id)
+            );
+            $owner_row = $ilDB->fetchAssoc($owner_result);
+            if (!is_array($owner_row) || (int) $owner_row['user_fi'] !== $ilUser->getId()) {
+                return false;
+            }
+
             $result = $ilDB->queryF(
                 "SELECT * FROM tst_times WHERE active_fi = %s ORDER BY started DESC",
                 array('integer'),
diff --git a/components/ILIAS/soap/classes/class.ilSoapUserAdministration.php b/components/ILIAS/soap/classes/class.ilSoapUserAdministration.php
index b4d96a5d2a82..b8e3e3dfbe49 100755
--- a/components/ILIAS/soap/classes/class.ilSoapUserAdministration.php
+++ b/components/ILIAS/soap/classes/class.ilSoapUserAdministration.php
@@ -518,15 +518,21 @@ public function getUserForRole(string $sid, int $role_id, bool $attachRoles, int
         $tree = $DIC->repositoryTree();
         $ilUser = $DIC->user();
         $access = $DIC->access();
+        $rbacsystem = $DIC->rbac()->system();
 
         $global_roles = $rbacreview->getGlobalRoles();
 
         if (in_array($role_id, $global_roles, true)) {
-            // global roles
-            if ($role_id === SYSTEM_ROLE_ID &&
-                !in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true)) {
+            $actor_has_system_role = in_array(SYSTEM_ROLE_ID, $rbacreview->assignedRoles($ilUser->getId()), true);
+
+            if ($role_id === SYSTEM_ROLE_ID && !$actor_has_system_role) {
                 return $this->raiseError("Role access not permitted. ($role_id)", "Server");
             }
+
+            if (!$actor_has_system_role &&
+                !$rbacsystem->checkAccessOfUser($ilUser->getId(), 'edit_userassignment', ROLE_FOLDER_ID)) {
+                return $this->raiseError('Role access not permitted. ' . '(' . $role_id . ')', 'Server');
+            }
         } else {
             // local roles
             $rolfs = $rbacreview->getFoldersAssignedToRole($role_id, true);