diff --git a/src/components/admin/Permission.vue b/src/components/admin/Permission.vue
index 9be7f19..7da9b9d 100644
--- a/src/components/admin/Permission.vue
+++ b/src/components/admin/Permission.vue
@@ -18,22 +18,22 @@
         <div class="flex flex-row border border-white rounded-md overflow-hidden">
           <EyeIcon
             class="w-5 h-5 p-1 box-content cursor-pointer"
-            :class="_can(permissionUpdate, 'read', section) ? 'bg-success' : ''"
+            :class="_canSection(permissionUpdate, 'read', section) ? 'bg-success' : ''"
             @click="togglePermission('read', section)"
           />
           <PlusIcon
             class="w-5 h-5 p-1 box-content cursor-pointer"
-            :class="_can(permissionUpdate, 'create', section) ? 'bg-success' : ''"
+            :class="_canSection(permissionUpdate, 'create', section) ? 'bg-success' : ''"
             @click="togglePermission('create', section)"
           />
           <PencilIcon
             class="w-5 h-5 p-1 box-content cursor-pointer"
-            :class="_can(permissionUpdate, 'update', section) ? 'bg-success' : ''"
+            :class="_canSection(permissionUpdate, 'update', section) ? 'bg-success' : ''"
             @click="togglePermission('update', section)"
           />
           <TrashIcon
             class="w-5 h-5 p-1 box-content cursor-pointer"
-            :class="_can(permissionUpdate, 'delete', section) ? 'bg-success' : ''"
+            :class="_canSection(permissionUpdate, 'delete', section) ? 'bg-success' : ''"
             @click="togglePermission('delete', section)"
           />
         </div>
@@ -132,7 +132,7 @@ export default defineComponent({
     };
   },
   computed: {
-    ...mapState(useAbilityStore, ["_can"]),
+    ...mapState(useAbilityStore, ["_can", "_canSection"]),
     canSaveOrReset(): boolean {
       return isEqual(this.permissions, this.permissionUpdate);
     },
diff --git a/src/stores/ability.ts b/src/stores/ability.ts
index d5190af..f65f6fe 100644
--- a/src/stores/ability.ts
+++ b/src/stores/ability.ts
@@ -11,21 +11,18 @@ export const useAbilityStore = defineStore("ability", {
   getters: {
     can:
       (state) =>
-      (type: PermissionType | "admin", section: PermissionSection, module?: PermissionModule): boolean => {
+      (type: PermissionType | "admin", section: PermissionSection, module: PermissionModule): boolean => {
         const permissions = state.permissions;
         if (state.isOwner) return true;
-        if (type == "admin") return permissions?.admin ?? false;
-        if (permissions?.admin) return true;
+        if (type == "admin") return permissions?.admin ?? permissions?.adminByOwner ?? false;
+        if (permissions?.admin || permissions?.adminByOwner) return true;
         if (
-          (!module &&
-            permissions[section] != undefined &&
-            (permissions[section]?.all == "*" || permissions[section]?.all?.includes(type))) ||
           permissions[section]?.all == "*" ||
-          permissions[section]?.all?.includes(type)
+          permissions[section]?.all?.includes(type) ||
+          permissions[section]?.[module] == "*" ||
+          permissions[section]?.[module]?.includes(type)
         )
           return true;
-        if (module && (permissions[section]?.[module] == "*" || permissions[section]?.[module]?.includes(type)))
-          return true;
         return false;
       },
     canSection:
@@ -33,8 +30,8 @@ export const useAbilityStore = defineStore("ability", {
       (type: PermissionType | "admin", section: PermissionSection): boolean => {
         const permissions = state.permissions;
         if (state.isOwner) return true;
-        if (type == "admin") return permissions?.admin ?? false;
-        if (permissions?.admin) return true;
+        if (type == "admin") return permissions?.admin ?? permissions?.adminByOwner ?? false;
+        if (permissions?.admin || permissions?.adminByOwner) return true;
         if (
           permissions[section]?.all == "*" ||
           permissions[section]?.all?.includes(type) ||
@@ -54,20 +51,31 @@ export const useAbilityStore = defineStore("ability", {
         permissions: PermissionObject,
         type: PermissionType | "admin",
         section: PermissionSection,
-        module?: PermissionModule
+        module: PermissionModule
       ): boolean => {
         // ignores ownership
-        if (type == "admin") return permissions?.admin ?? false;
-        if (permissions?.admin) return true;
+        if (type == "admin") return permissions?.admin ?? permissions?.adminByOwner ?? false;
+        if (permissions?.admin || permissions?.adminByOwner) return true;
         if (
-          (!module &&
-            permissions[section] != undefined &&
-            (permissions[section]?.all == "*" || permissions[section]?.all?.includes(type))) ||
           permissions[section]?.all == "*" ||
-          permissions[section]?.all?.includes(type)
+          permissions[section]?.all?.includes(type) ||
+          permissions[section]?.[module] == "*" ||
+          permissions[section]?.[module]?.includes(type)
         )
           return true;
-        if (module && (permissions[section]?.[module] == "*" || permissions[section]?.[module]?.includes(type)))
+        return false;
+      },
+    _canSection:
+      () =>
+      (permissions: PermissionObject, type: PermissionType | "admin", section: PermissionSection): boolean => {
+        // ignores ownership
+        if (type == "admin") return permissions?.admin ?? permissions?.adminByOwner ?? false;
+        if (permissions?.admin || permissions?.adminByOwner) return true;
+        if (
+          permissions[section]?.all == "*" ||
+          permissions[section]?.all?.includes(type) ||
+          permissions[section] != undefined
+        )
           return true;
         return false;
       },
diff --git a/src/types/permissionTypes.ts b/src/types/permissionTypes.ts
index 72f15c7..eff7fd1 100644
--- a/src/types/permissionTypes.ts
+++ b/src/types/permissionTypes.ts
@@ -31,6 +31,7 @@ export type PermissionString =
   | `${PermissionSection}.${PermissionModule}.*` // für alle Berechtigungen in einem Modul
   | `${PermissionSection}.${PermissionType}` // für spezifische Berechtigungen in einem Abschnitt
   | `${PermissionSection}.*` // für alle Berechtigungen in einem Abschnitt
+  | `additional.${string}.${string}` // additional
   | "*"; // für Admin
 
 export type PermissionObject = {
@@ -39,10 +40,20 @@ export type PermissionObject = {
   } & { all?: Array<PermissionType> | "*" };
 } & {
   admin?: boolean;
+  adminByOwner?: boolean;
+} & {
+  additional?: { [key: string]: string };
 };
 
 export type SectionsAndModulesObject = {
   [section in PermissionSection]: Array<PermissionModule>;
+} & {
+  additional?: Array<{
+    key: string;
+    name: string;
+    type: "number" | "string";
+    emptyIfAdmin: boolean;
+  }>;
 };
 
 export const permissionSections: Array<PermissionSection> = ["club", "configuration", "management"];
@@ -87,4 +98,7 @@ export const sectionsAndModules: SectionsAndModulesObject = {
     "newsletter_config",
   ],
   management: ["user", "role", "webapi", "backup", "setting"],
+  additional: [
+    //{ key: "val", name: "name", type: "number", emptyIfAdmin: true },
+  ],
 };