diff --git a/packages/server/src/api/controllers/user.js b/packages/server/src/api/controllers/user.js
index 3b6373146e..ace77a1ea5 100644
--- a/packages/server/src/api/controllers/user.js
+++ b/packages/server/src/api/controllers/user.js
@@ -5,7 +5,7 @@ const {
   getGlobalIDFromUserMetadataID,
 } = require("../../db/utils")
 const { InternalTables } = require("../../db/utils")
-const { getRole } = require("../../utilities/security/roles")
+const { getRole, BUILTIN_ROLE_IDS } = require("../../utilities/security/roles")
 const {
   getGlobalUsers,
   saveGlobalUser,
@@ -73,6 +73,9 @@ exports.createMetadata = async function (ctx) {
 exports.updateSelfMetadata = async function (ctx) {
   // overwrite the ID with current users
   ctx.request.body._id = ctx.user._id
+  if (ctx.user.builder && ctx.user.builder.global) {
+    ctx.request.body.roleId = BUILTIN_ROLE_IDS.ADMIN
+  }
   // make sure no stale rev
   delete ctx.request.body._rev
   await exports.updateMetadata(ctx)
diff --git a/packages/server/src/middleware/currentapp.js b/packages/server/src/middleware/currentapp.js
index 0828c809c7..adf976e611 100644
--- a/packages/server/src/middleware/currentapp.js
+++ b/packages/server/src/middleware/currentapp.js
@@ -31,9 +31,8 @@ module.exports = async (ctx, next) => {
     const globalUser = await getGlobalUsers(ctx, requestAppId, ctx.user._id)
     updateCookie = true
     appId = requestAppId
-    if (globalUser.roles && globalUser.roles[requestAppId]) {
-      roleId = globalUser.roles[requestAppId]
-    }
+    // retrieving global user gets the right role
+    roleId = globalUser.roleId
   } else if (appCookie != null) {
     appId = appCookie.appId
     roleId = appCookie.roleId || BUILTIN_ROLE_IDS.PUBLIC