diff --git a/src/main/html/webapp/components/admin/app/list/list.js b/src/main/html/webapp/components/admin/app/list/list.js
index 10d1de76..d3ea3ffe 100644
--- a/src/main/html/webapp/components/admin/app/list/list.js
+++ b/src/main/html/webapp/components/admin/app/list/list.js
@@ -192,48 +192,57 @@ export default Control.extend({
 
   },
 
-  '.edit-permission-btn click': function (el, ev) {
+  '.edit-permission-btn click': function(el, ev) {
 
     var card = $(el).closest('.card');
     var application = domData.get.call(card[0], 'application');
 
     Group.findAll({},
-      function (groups) {
-        var selection = new canMap();
-        selection.attr('group', application.attr('permission'));
-        selection.attr('name', '');
-
-        bootbox.confirm(templatePermission({
-          selection: selection,
-          application: application,
-          groups: groups
-        }),
-          function (result) {
+      function(groups) {
+
+        var roles = application.attr('permission').split(',');
+
+        var options = '';
+        groups.forEach(function(group, index) {
+          if ($.inArray(group.attr('name'), roles) >= 0) {
+            options = options + '<label class="checkbox"><input type="checkbox" name="role-select" value="' + group.attr('name') + '" checked />';
+            //options = options + '<option selected>' + group.attr('name') + '</option>';
+          } else {
+            //options = options + '<option>' + group.attr('name') + '</option>';
+            options = options + '<label class="checkbox"><input type="checkbox" name="role-select" value="' + group.attr('name') + '" />';
+          }
+          options = options + ' <b>' + group.attr('name') + '</b></label><br>';
+        });
+
+        bootbox.confirm(
+          '<h4>Edit permission of ' + application.attr('name') + '</h4><hr><form id="role-form">' + options + '</form>',
+          function(result) {
             if (result) {
-              var group = selection.attr('group');
-              if (group !== '') {
-                application.attr('permission', group);
-                application.save(function (data) { },
-                  function (response) {
-                    showErrorDialog("Operation failed", response);
-                  });
-              } else {
-                var name = selection.attr('name');
-                if (name !== '') {
-                  application.attr('permission', name);
-                  application.save(function (data) { },
-                    function (response) {
-                      showErrorDialog("Operation failed", response);
-                    });
-
-                } else {
-                  bootbox.alert("Error: Please enter a name for the new group.")
+
+              var boxes = $('#role-form input:checkbox');
+              var checked = [];
+              for (var i = 0; boxes[i]; ++i) {
+                if (boxes[i].checked) {
+                  checked.push(boxes[i].value);
                 }
               }
 
+              var text = checked.join(',');
+              application.attr('permission', text);
+              application.save(function(data) {},
+                function(response) {
+                  showErrorDialog("Operation failed", response);
+                });
+
             }
-          });
+          }
+        );
+
+      },
+      function(response) {
+        new ErrorPage(element, response);
       });
 
   }
+
 });
diff --git a/src/main/html/webapp/components/core/user/signup/signup.stache b/src/main/html/webapp/components/core/user/signup/signup.stache
index 091bf7e0..bd80479b 100644
--- a/src/main/html/webapp/components/core/user/signup/signup.stache
+++ b/src/main/html/webapp/components/core/user/signup/signup.stache
@@ -39,7 +39,7 @@
    <input type="radio" id="anonymous1" name="anonymous" value="0" checked> <label for="anonymous1" class="control-label">E-Mail Address</label>
     <div class="form-group" style="margin-left: 30px;">
       <p>
-     {{userEmailDescription}}
+     {{{userEmailDescription}}}
       </p>
       <label for="mail" class="control-label">E-Mail:</label>
       <input id="mail" name="mail" type="text" class="form-control col-sm-3" autocomplete="off">
@@ -48,7 +48,7 @@
    <input type="radio" id="anonymous2" name="anonymous" value="1"> <label for="anonymous2" class="control-label">I don't want to provide my email address</label>
    <div class="form-group" style="margin-left: 30px;">
      <p>
-      {{userWithoutEmailDescription}}
+      {{{userWithoutEmailDescription}}}
      </p>
     </div>
    </div>
diff --git a/src/main/java/cloudgene/mapred/apps/Application.java b/src/main/java/cloudgene/mapred/apps/Application.java
index fb7d3346..cd7788a4 100644
--- a/src/main/java/cloudgene/mapred/apps/Application.java
+++ b/src/main/java/cloudgene/mapred/apps/Application.java
@@ -48,6 +48,20 @@ public String getPermission() {
 		return permission;
 	}
 
+	public String[] getPermissions() {
+		return permission.split(",");
+	}
+
+	public boolean hasPermission(String group) {
+		String[] permissions = getPermissions();
+		for (String permission : permissions) {
+			if (permission.toLowerCase().equals(group.toLowerCase())) {
+				return true;
+			}
+		}
+		return false;
+	}
+
 	public void setPermission(String permission) {
 		this.permission = permission;
 	}
diff --git a/src/main/java/cloudgene/mapred/apps/ApplicationRepository.java b/src/main/java/cloudgene/mapred/apps/ApplicationRepository.java
index 2f979201..6b9ea8b2 100644
--- a/src/main/java/cloudgene/mapred/apps/ApplicationRepository.java
+++ b/src/main/java/cloudgene/mapred/apps/ApplicationRepository.java
@@ -574,7 +574,7 @@ public boolean hasAccess(User user, Application application) {
 		if (application == null || user == null) {
 			return false;
 		}
-		return user.isAdmin() || user.hasRole(application.getPermission());
+		return user.isAdmin() || user.hasRole(application.getPermissions());
 	}
 
 	public boolean isActivated(Application application) {
diff --git a/src/main/java/cloudgene/mapred/core/User.java b/src/main/java/cloudgene/mapred/core/User.java
index 1b8f7ad8..d974d814 100644
--- a/src/main/java/cloudgene/mapred/core/User.java
+++ b/src/main/java/cloudgene/mapred/core/User.java
@@ -99,6 +99,18 @@ public boolean hasRole(String role) {
 		return false;
 	}
 
+	public boolean hasRole(String[] roles) {
+		if (this.roles == null || roles == null) {
+			return false;
+		}
+		for (int i = 0; i < roles.length; i++) {
+			if (hasRole(roles[i])) {
+				return true;
+			}
+		}
+		return false;
+	}
+
 	public void replaceRole(String oldRole, String newRole) {
 		for (int i = 0; i < roles.length; i++) {
 			if (roles[i].equalsIgnoreCase(oldRole)) {
diff --git a/src/main/java/cloudgene/mapred/server/services/GroupService.java b/src/main/java/cloudgene/mapred/server/services/GroupService.java
index 20fd4901..e2725372 100644
--- a/src/main/java/cloudgene/mapred/server/services/GroupService.java
+++ b/src/main/java/cloudgene/mapred/server/services/GroupService.java
@@ -20,19 +20,21 @@ public List<Group> getAll() {
 		List<Group> groups = new Vector<Group>();
 		groups.add(new Group(User.ROLE_ADMIN));
 		groups.add(new Group(User.ROLE_USER));
-		application.getSettings();
-		
+		groups.add(new Group(UserService.DEFAULT_ANONYMOUS_ROLE.toLowerCase()));
+
 		ApplicationRepository repository = application.getSettings().getApplicationRepository();
 
 		for (Application application : repository.getAll()) {
-			Group group = new Group(application.getPermission());
-			if (!groups.contains(group)) {
-				group.addApp(application.getId());
-				groups.add(group);
-			} else {
-				int index = groups.indexOf(group);
-				group = groups.get(index);
-				group.addApp(application.getId());
+			for (String permission: application.getPermissions()) {
+				Group group = new Group(permission);
+				if (!groups.contains(group)) {
+					group.addApp(application.getId());
+					groups.add(group);
+				} else {
+					int index = groups.indexOf(group);
+					group = groups.get(index);
+					group.addApp(application.getId());
+				}
 			}
 		}