diff --git a/base/rbac/rbac.go b/base/rbac/rbac.go
index 86ccea1a8..2f571fb38 100644
--- a/base/rbac/rbac.go
+++ b/base/rbac/rbac.go
@@ -1,5 +1,10 @@
 package rbac
 
+import (
+	"encoding/json"
+	"strings"
+)
+
 type AccessPagination struct {
 	Data []Access `json:"data"`
 }
@@ -13,9 +18,11 @@ type ResourceDefinition struct {
 	AttributeFilter AttributeFilter `json:"attributeFilter,omitempty"`
 }
 
+type AttributeFilterValue []*string
+
 type AttributeFilter struct {
-	Key   string    `json:"key"`
-	Value []*string `json:"value"`
+	Key   string               `json:"key"`
+	Value AttributeFilterValue `json:"value"`
 }
 
 type inventoryGroup struct {
@@ -24,3 +31,36 @@ type inventoryGroup struct {
 }
 
 type InventoryGroup []inventoryGroup
+
+func (a *AttributeFilterValue) UnmarshalJSON(data []byte) error {
+	var (
+		array []*string
+		value *string
+		err   error
+	)
+
+	if err = json.Unmarshal(data, &array); err != nil {
+		// parsing of AttributeFilter Value into []*string failed
+		// try to parse it as *string
+		if err = json.Unmarshal(data, &value); err != nil {
+			// fail, the value is neither []*string nor *string
+			return err
+		}
+		if value != nil {
+			for _, v := range strings.Split(*value, ",") {
+				// split values by `,` in case it is comma separated string
+				// and not just a single value in string
+				v := v
+				array = append(array, &v)
+			}
+		}
+	}
+	if array == nil && value == nil {
+		// in this case we got `"value": null`
+		// we should apply the permission to systems with no inventory groups
+		array = append(array, value)
+	}
+
+	*a = array
+	return nil
+}