diff -r f3b16563ee5e src/org/openbravo/dal/security/SecurityChecker.java
--- a/src/org/openbravo/dal/security/SecurityChecker.java	Thu Jun 13 15:43:27 2013 +0200
+++ b/src/org/openbravo/dal/security/SecurityChecker.java	Thu Jun 13 16:46:39 2013 +0200
@@ -175,12 +175,19 @@
       // actually changed...
       obContext.getEntityAccessChecker().checkWritable(entity);
 
+      Boolean needToCheck = true;
+      if (entity.getTableName().equals("AD_Role_OrgAccess")
+          && OBContext.getOBContext().getRole().isClientAdmin()
+          && OBContext.getOBContext().getRole().getClient().getId().equals(clientId)) {
+        needToCheck = false;
+      }
+
       if (obj instanceof OrganizationEnabled && orgId != null && orgId.length() > 0) {
         // todo as only the id is required this can be made much more
         // efficient
         // by
         // not loading the hibernate proxy
-        if (!obContext.getWritableOrganizations().contains(orgId)) {
+        if (needToCheck && !obContext.getWritableOrganizations().contains(orgId)) {
           // TODO: maybe move rollback to exception throwing
           SessionHandler.getInstance().setDoRollback(true);
           throw new OBSecurityException("Organization " + orgId + " of object (" + obj