diff --git a/include/RequestManagerDelete.h b/include/RequestManagerDelete.h
index b398ed286f..9162c26a30 100644
--- a/include/RequestManagerDelete.h
+++ b/include/RequestManagerDelete.h
@@ -131,6 +131,7 @@ public:
         Nebula& nd  = Nebula::instance();
         pool        = nd.get_hpool();
         auth_object = PoolObjectSQL::HOST;
+        auth_op     = AuthRequest::ADMIN;
     };
 
     ~HostDelete(){};
@@ -149,6 +150,7 @@ public:
         Nebula& nd = Nebula::instance();
         pool       = nd.get_gpool();
         auth_object = PoolObjectSQL::GROUP;
+        auth_op     = AuthRequest::ADMIN;
     };
 
     ~GroupDelete(){};
@@ -166,6 +168,7 @@ public:
         Nebula& nd  = Nebula::instance();
         pool        = nd.get_upool();
         auth_object = PoolObjectSQL::USER;
+        auth_op     = AuthRequest::ADMIN;
     };
 
     ~UserDelete(){};
diff --git a/install.sh b/install.sh
index f68ed130e8..fb6452dba2 100755
--- a/install.sh
+++ b/install.sh
@@ -816,7 +816,7 @@ ONEDB_MIGRATOR_FILES="src/onedb/2.0_to_2.9.80.rb \
                       src/onedb/2.9.90_to_3.0.0.rb \
                       src/onedb/3.0.0_to_3.1.0.rb \
                       src/onedb/3.1.0_to_3.1.80.rb \
-                      src/onedb/3.1.80_to_3.1.85.rb \
+                      src/onedb/3.1.80_to_3.2.0.rb \
                       src/onedb/onedb.rb \
                       src/onedb/onedb_backend.rb"
 
diff --git a/src/onedb/3.1.80_to_3.1.85.rb b/src/onedb/3.1.80_to_3.2.0.rb
similarity index 93%
rename from src/onedb/3.1.80_to_3.1.85.rb
rename to src/onedb/3.1.80_to_3.2.0.rb
index 3e766e2701..1693b4a44b 100644
--- a/src/onedb/3.1.80_to_3.1.85.rb
+++ b/src/onedb/3.1.80_to_3.2.0.rb
@@ -18,11 +18,11 @@ include REXML
 
 module Migrator
     def db_version
-        "3.1.85"
+        "3.2.0"
     end
 
     def one_version
-        "OpenNebula 3.1.85"
+        "OpenNebula 3.2.0"
     end
 
     HOST_RIGHTS =
@@ -40,6 +40,21 @@ module Migrator
 #       0x400                 "CHAUTH"
     }
 
+    USER_GROUP_RIGHTS =
+    {
+        0x1      => 0x8,    # "CREATE"        => "CREATE"
+        0x2      => 0x4,    # "DELETE"        => "ADMIN"
+        0x4      => 0x1,    # "USE"           => "USE"
+        0x8      => 0x2,    # "MANAGE"        => "MANAGE"
+        0x10     => 0x1,    # "INFO"          => "USE"
+#       0x20                  "INFO_POOL"
+#       0x40                  "INFO_POOL_MINE"
+        0x80     => 0x1,    # "INSTANTIATE"   => "USE"
+        0x100    => 0x2,    # "CHOWN"         => "MANAGE"
+        0x200    => 0x4,    # "DEPLOY"        => "ADMIN"
+        0x400    => 0x4     # "CHAUTH"        => "ADMIN"
+    }
+
     RIGHTS =
     {
         0x1      => 0x8,    # "CREATE"        => "CREATE"
@@ -74,6 +89,8 @@ module Migrator
 
             if ( row[:resource] & 0x2000000000 != 0 ) # Resource contains HOST
                 rights_hash = HOST_RIGHTS
+            elsif ( row[:resource] & 0x0000050000000000 != 0 ) # Resource contains USER or GROUP
+                rights_hash = USER_GROUP_RIGHTS
             else
                 rights_hash = RIGHTS
             end
diff --git a/src/rm/RequestManagerDelete.cc b/src/rm/RequestManagerDelete.cc
index d3ca1e3d00..be06c4f929 100644
--- a/src/rm/RequestManagerDelete.cc
+++ b/src/rm/RequestManagerDelete.cc
@@ -48,9 +48,7 @@ bool RequestManagerDelete::delete_authorization(int                oid,
 
     AuthRequest ar(att.uid, att.gid);
 
-    ar.add_create_auth(auth_object, "");
-
-    ar.add_auth(auth_op, perms);
+    ar.add_auth(auth_op, perms);    // <MANAGE|ADMIN> OBJECT
 
     if (UserPool::authorize(ar) == -1)
     {