diff --git a/application/controllers/ConfigController.php b/application/controllers/ConfigController.php
index dc7afd8872..9bc26f726c 100644
--- a/application/controllers/ConfigController.php
+++ b/application/controllers/ConfigController.php
@@ -61,7 +61,7 @@ public function init()
             ));
             $allowedActions[] = 'resource';
         }
-        if ($auth->hasPermission('system/config/roles')) {
+        if ($auth->hasPermission('config/application/roles')) {
             $tabs->add('roles', array(
                 'title' => $this->translate(
                     'Configure roles to permit or restrict users and groups accessing Icinga Web 2'
diff --git a/application/controllers/RolesController.php b/application/controllers/RolesController.php
index e14426bd71..68d23d84f6 100644
--- a/application/controllers/RolesController.php
+++ b/application/controllers/RolesController.php
@@ -20,7 +20,7 @@ class RolesController extends ActionController
      */
     public function init()
     {
-        $this->assertPermission('system/config/roles');
+        $this->assertPermission('config/application/roles');
         $tabs = $this->getTabs();
         $auth = $this->Auth();
         if ($auth->hasPermission('config/application/general')) {
diff --git a/application/forms/Security/RoleForm.php b/application/forms/Security/RoleForm.php
index bc93c39d40..9f951deb22 100644
--- a/application/forms/Security/RoleForm.php
+++ b/application/forms/Security/RoleForm.php
@@ -27,7 +27,7 @@ class RoleForm extends ConfigForm
         'config/application/authentication' => 'config/application/authentication',
         'system/config/modules'             => 'system/config/modules',
         'config/application/resources'      => 'config/application/resources',
-        'system/config/roles'               => 'system/config/roles'
+        'config/application/roles'          => 'config/application/roles'
     );
 
     /**