diff --git a/backend/src/test/java/org/cryptomator/hub/api/VaultResourceIT.java b/backend/src/test/java/org/cryptomator/hub/api/VaultResourceIT.java
index d2511338..24f6d86c 100644
--- a/backend/src/test/java/org/cryptomator/hub/api/VaultResourceIT.java
+++ b/backend/src/test/java/org/cryptomator/hub/api/VaultResourceIT.java
@@ -241,22 +241,10 @@ public void testUnlock() {
 			when().get("/vaults/{vaultId}/access-token", "7E57C0DE-0000-4000-8000-000100001111")
 					.then().statusCode(449);
 		}
-	}
-
-	@Nested
-	@DisplayName("As vault admin user1")
-	@TestSecurity(user = "User Name 1", roles = {"create-vaults"})
-	@OidcSecurity(claims = {
-			@Claim(key = "sub", value = "user1")
-	})
-	@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
-	public class CreateVaults {
 
 		@Test
-		@Order(1)
-		@TestSecurity(user = "User Name 1", roles = {"user"})
 		@DisplayName("PUT /vaults/7E57C0DE-0000-4000-8000-000100003333 returns 403 for missing role")
-		public void testCreteVaultWithMissingRole() {
+		public void testCreateVaultWithMissingRole() {
 			var uuid = UUID.fromString("7E57C0DE-0000-4000-8000-000100003333");
 			var vaultDto = new VaultResource.VaultDto(uuid, "My Vault", "Test vault 3", false, Instant.parse("2112-12-21T21:12:21Z"), "masterkey3", 42, "NaCl", "authPubKey3", "authPrvKey3");
 
@@ -265,6 +253,17 @@ public void testCreteVaultWithMissingRole() {
 					.then().statusCode(403);
 		}
 
+	}
+
+	@Nested
+	@DisplayName("As vault admin user1")
+	@TestSecurity(user = "User Name 1", roles = {"user", "create-vaults"})
+	@OidcSecurity(claims = {
+			@Claim(key = "sub", value = "user1")
+	})
+	@TestMethodOrder(MethodOrderer.OrderAnnotation.class)
+	public class CreateVaults {
+
 		@Test
 		@Order(1)
 		@DisplayName("PUT /vaults/7E57C0DE-0000-4000-8000-000100003333 returns 201")
@@ -845,7 +844,7 @@ public void reset() throws SQLException {
 
 	@Nested
 	@DisplayName("Claim Ownership")
-	@TestSecurity(user = "User Name 1", roles = {"create-vaults"})
+	@TestSecurity(user = "User Name 1", roles = {"user"})
 	@OidcSecurity(claims = {
 			@Claim(key = "sub", value = "user1")
 	})
@@ -1007,23 +1006,6 @@ public void testClaimOwnershipNoSuchVault() {
 					.then().statusCode(404);
 		}
 
-		@Test
-		@Order(1)
-		@TestSecurity(user = "User Name 1", roles = {"user"})
-		@DisplayName("POST /vaults/7E57C0DE-0000-4000-8000-000100009999/claim-ownership returns 403 for missing role")
-		public void testClaimOwnershipWithMissingRole() {
-			var proof = JWT.create()
-					.withNotBefore(Instant.now().minusSeconds(10))
-					.withExpiresAt(Instant.now().plusSeconds(10))
-					.withSubject("user1")
-					.withClaim("vaultId", "7E57C0DE-0000-4000-8000-000100009999".toLowerCase())
-					.sign(JWT_ALG);
-
-			given().param("proof", proof)
-					.when().post("/vaults/{vaultId}/claim-ownership", "7E57C0DE-0000-4000-8000-000100009999")
-					.then().statusCode(403);
-		}
-
 		@Test
 		@Order(2)
 		@DisplayName("POST /vaults/7E57C0DE-0000-4000-8000-000100009999/claim-ownership returns 200")