diff --git a/src/controllers/user-management/permission.controller.ts b/src/controllers/user-management/permission.controller.ts
index 959936a5..3225dd12 100644
--- a/src/controllers/user-management/permission.controller.ts
+++ b/src/controllers/user-management/permission.controller.ts
@@ -222,15 +222,14 @@ export class PermissionController {
         @Req() req: AuthenticatedRequest,
         @Query() query?: ListAllPermissionsDto
     ): Promise<ListAllPermissionsResponseDto> {
-        if (req.user.permissions.isGlobalAdmin) {
-            return this.permissionService.getAllPermissions(query);
-        } else {
+        if (!req.user.permissions.isGlobalAdmin && query.organisationId === undefined) {
             const allowedOrganizations = req.user.permissions.getAllOrganizationsWithUserAdmin();
             return this.permissionService.getAllPermissionsInOrganizations(
                 allowedOrganizations,
                 query
             );
         }
+        return this.permissionService.getAllPermissions(query);
     }
 
     @Get(":id")
diff --git a/src/entities/dto/list-all-permissions.dto.ts b/src/entities/dto/list-all-permissions.dto.ts
index 4e78edf0..47b77ff9 100644
--- a/src/entities/dto/list-all-permissions.dto.ts
+++ b/src/entities/dto/list-all-permissions.dto.ts
@@ -6,5 +6,5 @@ export class ListAllPermissionsDto extends ListAllEntitiesDto {
     organisationId?: number;
 
     @ApiProperty({ type: String, required: false })
-    userId?: number;
+    userId?: string;
 }
diff --git a/src/services/device-management/application.service.ts b/src/services/device-management/application.service.ts
index 72585893..9823b107 100644
--- a/src/services/device-management/application.service.ts
+++ b/src/services/device-management/application.service.ts
@@ -171,6 +171,7 @@ export class ApplicationService {
                 "belongsTo",
                 nameof<Application>("controlledProperties"),
                 nameof<Application>("deviceTypes"),
+                "permissions",
             ],
             loadRelationIds: {
                 relations: ["createdBy", "updatedBy"],
diff --git a/src/services/user-management/permission.service.ts b/src/services/user-management/permission.service.ts
index d743f0bd..dc3cbc82 100644
--- a/src/services/user-management/permission.service.ts
+++ b/src/services/user-management/permission.service.ts
@@ -275,12 +275,13 @@ export class PermissionService {
             .skip(query?.offset ? +query.offset : 0)
             .orderBy(orderBy, order);
 
-        if (query?.userId) {
-            qb = qb.where("user.id = :userId", { userId: +query.userId });
-        } else if (orgs) {
-            qb.where({ organization: In(orgs) });
+        if (query?.userId !== undefined && query.userId !== "undefined") {
+            qb = qb.andWhere("user.id = :userId", { userId: +query.userId });
+        }
+        if (orgs) {
+            qb = qb.andWhere({ organization: In(orgs) });
         } else if (query?.organisationId) {
-            qb = qb.where("org.id = :orgId", { orgId: +query.organisationId });
+            qb = qb.andWhere("org.id = :orgId", { orgId: +query.organisationId });
         }
 
         const [data, count] = await qb.getManyAndCount();