diff --git a/library/Icinga/User.php b/library/Icinga/User.php
index f9df0d664..c322a04d0 100644
--- a/library/Icinga/User.php
+++ b/library/Icinga/User.php
@@ -426,7 +426,7 @@ class User
         // matches
         $any = strpos($requiredPermission, '*');
         foreach ($this->permissions as $grantedPermission) {
-            if ($any !== false && strpos($grantedPermission, '*') === false) {
+            if ($any !== false) {
                 $wildcard = $any;
             } else {
                 // If the permit contains a wildcard, grant the permission if it's related to the permit
diff --git a/test/php/library/Icinga/UserTest.php b/test/php/library/Icinga/UserTest.php
index dc55dc62d..97cf412c0 100644
--- a/test/php/library/Icinga/UserTest.php
+++ b/test/php/library/Icinga/UserTest.php
@@ -67,13 +67,15 @@ class UserTest extends BaseTestCase
             'test',
             'test/some/specific',
             'test/more/*',
-            'test/wildcard-with-wildcard/*'
+            'test/wildcard-with-wildcard/*',
+            'test/even-more/specific-with-wildcard/*'
         ));
         $this->assertTrue($user->can('test'));
         $this->assertTrue($user->can('test/some/specific'));
         $this->assertTrue($user->can('test/more/everything'));
         $this->assertTrue($user->can('test/wildcard-with-wildcard/*'));
         $this->assertTrue($user->can('test/wildcard-with-wildcard/sub/sub'));
+        $this->assertTrue($user->can('test/even-more/*'));
         $this->assertFalse($user->can('not/test'));
         $this->assertFalse($user->can('test/some/not/so/specific'));
         $this->assertFalse($user->can('test/wildcard2/*'));