Index: lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java
===================================================================
diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -rd16b5e9f75760819f274ee3be3beddae67f93af7
--- lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java	(.../ImportService.java)	(revision 5b9f590b301c276f8df06b30c26981b0eb634e69)
+++ lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java	(.../ImportService.java)	(revision d16b5e9f75760819f274ee3be3beddae67f93af7)
@@ -415,7 +415,9 @@
     private boolean isAppadmin(String sessionId) {
 	UserDTO userDTO = (UserDTO) SessionManager.getSession(sessionId).getAttribute(AttributeNames.USER);
 	return service.isUserInRole(userDTO.getUserID(), service.getRootOrganisation().getOrganisationId(),
-		Role.APPADMIN);
+		Role.APPADMIN)
+		|| service.isUserInRole(userDTO.getUserID(), service.getRootOrganisation().getOrganisationId(),
+			Role.SYSADMIN);
     }
 
     /*
Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java
===================================================================
diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -rd16b5e9f75760819f274ee3be3beddae67f93af7
--- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	(.../UniversalLoginModule.java)	(revision 5b9f590b301c276f8df06b30c26981b0eb634e69)
+++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	(.../UniversalLoginModule.java)	(revision d16b5e9f75760819f274ee3be3beddae67f93af7)
@@ -102,7 +102,7 @@
      */
     @Override
     public boolean commit() throws LoginException {
-	if (loginOK == false) {
+	if (!loginOK) {
 	    return false;
 	}
 
@@ -439,7 +439,7 @@
 	    ps = conn.prepareStatement(UniversalLoginModule.ROLES_QUERY);
 	    ps.setString(1, userName);
 	    rs = ps.executeQuery();
-	    if (rs.next() == false) {
+	    if (!rs.next()) {
 		throw new FailedLoginException("No matching user name found in roles: " + userName);
 	    }
 
@@ -469,7 +469,13 @@
 			group.addMember(p);
 			groupMembers.add(name);
 		    }
-		    if (name.equals(Role.APPADMIN)) {
+		    // sysadmin is always app admin
+		    if (name.equals(Role.SYSADMIN) && !groupMembers.contains(Role.APPADMIN)) {
+			UniversalLoginModule.log.info("Assign user: " + userName + " to role " + Role.APPADMIN);
+			group.addMember(p);
+			groupMembers.add(Role.APPADMIN);
+		    }
+		    if (name.equals(Role.APPADMIN) || name.equals(Role.SYSADMIN)) {
 			p = new SimplePrincipal(Role.AUTHOR);
 			UniversalLoginModule.log.info("Found role " + name);
 			if (!groupMembers.contains(Role.AUTHOR)) {
Index: lams_common/src/java/org/lamsfoundation/lams/security/SecurityService.java
===================================================================
diff -u -rdd60c645ebe32ff15180cff47caa583cb41b7ee1 -rd16b5e9f75760819f274ee3be3beddae67f93af7
--- lams_common/src/java/org/lamsfoundation/lams/security/SecurityService.java	(.../SecurityService.java)	(revision dd60c645ebe32ff15180cff47caa583cb41b7ee1)
+++ lams_common/src/java/org/lamsfoundation/lams/security/SecurityService.java	(.../SecurityService.java)	(revision d16b5e9f75760819f274ee3be3beddae67f93af7)
@@ -294,7 +294,7 @@
 	    throw new SecurityException(error);
 	}
 
-	if (!securityDAO.isAppadmin(userId)) {
+	if (!securityDAO.isSysadmin(userId) || !securityDAO.isAppadmin(userId)) {
 	    String error = "User " + userId + " is not appadmin and can not \"" + action + "\"";
 	    SecurityService.log.debug(error);
 	    logEventService.logEvent(LogEvent.TYPE_ROLE_FAILURE, userId, userId, null, null, error);