diff --git a/__tests__/manualREST/ollama.rest b/__tests__/manualREST/ollama.rest
index 3e91442ea516461c06d0c68be9f355d1e02fac9b..f6f4df78d68906e013584fb29bf4363bfabfcc66 100644
--- a/__tests__/manualREST/ollama.rest
+++ b/__tests__/manualREST/ollama.rest
@@ -125,7 +125,7 @@ Accept: application/json
 Content-Type: application/json
 
 {
-  "input": "John has five apples. He eats one of them himself. How many apples does John have now?",
+  "input": "Was muss getan werden um mit den Druckern aus der GUI zu drucken?",
   "model": "llama3"
 }
 
diff --git a/__tests__/manualREST/rag.rest b/__tests__/manualREST/rag.rest
index 10f3384b4cbbd4965a2eec455b35204c0fc87b9d..e636245e7a6dc14a0879f7970aed381af4fd93f2 100644
--- a/__tests__/manualREST/rag.rest
+++ b/__tests__/manualREST/rag.rest
@@ -7,37 +7,17 @@
 #################
 # SET VARS
 #################
-@host = https://localhost:8080
-
-#user
-@email = embruch@zbh.uni-hamburg.de
-@password = 8z44tcZa!
-# admin
-@email_admin = ge@reigncode.de
-@password_admin = A9z44tcZa!
-# JWT
-@token = {{login.response.body.token}}
-
+# in VSCode press ctrl+alt+e to switch between admin and user
+# vars are stored in /.vscode/settings.json
+@token = {{login.response.body.accessToken}}
 
 #################
 # HANDLE LOGIN
 #################
 
-### admin login
-# @name adminLogin
-POST {{host}}/users/adminlogin
-Accept: application/json
-Content-Type: application/json
-
-{
-  "password": "{{password_admin}}",
-  "email": "{{email_admin}}"
-}
-
-
 ### login
 # @name login
-POST {{host}}/users/login
+POST {{host}}/auth/login
 Accept: application/json
 Content-Type: application/json
 
diff --git a/__tests__/manualREST/users.rest b/__tests__/manualREST/users.rest
index 8dee343bbc7445e33a6c28ec26477d302edbd192..fb4e4121872e753f7de3648cc799be00adcbc692 100644
--- a/__tests__/manualREST/users.rest
+++ b/__tests__/manualREST/users.rest
@@ -10,23 +10,10 @@
 #################
 # SET VARS
 #################
-@host = https://localhost:8080
-# user
-@name = Carl Benz
-@username = cbenz
-@password = 8z55tcZa!
-@email = embruch@zbh.uni-hamburg.de
-@newEmail = gerd.embruch@uni-hamburg.de
-
-# admin
-@email_admin = ge@reigncode.de
-@password_admin = A9z44tcZa!
-
-# token
-@confirmToken = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjY2YTE1NGQ2MDVhMDBkNzFlODAwYTVhNSIsImVtYWlsIjoiZW1icnVjaEB6YmgudW5pLWhhbWJ1cmcuZGUiLCJpYXQiOjE3MjE4ODkxMjUsImV4cCI6MTcyMTg5MjcyNX0.6sus-EudvmU_h5hlz0I74XyjJf7_xe9_VztUqgV1Zpw
-@token = {{login.response.body.token}}
-@token = {{adminLogin.response.body.token}}
-@token = {{refreshJWT.response.body.token}}
+# in VSCode press ctrl+alt+e to switch between admin and user
+# vars are stored in /.vscode/settings.json
+@token = {{login.response.body.accessToken}}
+@token = {{refreshJWT.response.body.accessToken}}
 
 #################
 # HANDLE SIGNUP
@@ -81,17 +68,6 @@ Content-Type: application/json
   "email": "{{email}}"
 }
 
-### admin login
-# @name adminLogin
-POST {{host}}/auth/login
-Accept: application/json
-Content-Type: application/json
-
-{
-  "password": "{{password_admin}}",
-  "email": "{{email_admin}}"
-}
-
 ### refresh jwt
 # @name refreshJWT
 GET {{host}}/auth
diff --git a/controllers/Auth.js b/controllers/Auth.js
index fa21b32cb35cf6b42308404ad69488c761d6aedf..3462bd36e8b467bc901ffe3d7df93e1646151e7b 100644
--- a/controllers/Auth.js
+++ b/controllers/Auth.js
@@ -182,7 +182,28 @@ export const passwordReset = async (req, res, next) => {
   } catch (error) {
     next(error);
   }
-}
+};
+
 
 
+/**
+ * VERIFY ACCESS RIGHTS
+ * check if user is alllowed to access route
+ */
+export const gateKeeper = async (req, res, next) => {
+  // admins are allowed to access anything
+  if (global.currentUserRole >= 4) return next();
+
+  // FEATURE 
+  // - check for custom field role (which has to be created via settings before)
+  // - create a access config, which exports an array of allowed roles for each route
+  // - fetch array of called route an compare 
+  // const allowed = [];
+  // if (allowed.includes(pb.authStore.model.role)) {
+  //   return next();
+  // }
+
+  // deny access for others
+  return res.status(403).json({ message: 'Access Forbidden' });
+};
 
diff --git a/controllers/Embeddings.js b/controllers/Embeddings.js
index 02d9eb451a8ad2a97e676fc09b40b085fb903e87..cf485a073840f4d300fe1b1022f7821b67d801bb 100644
--- a/controllers/Embeddings.js
+++ b/controllers/Embeddings.js
@@ -99,9 +99,9 @@ export const getStatus = async (req, res) => {
   }
   // get collection count
   const itemCount = await collection.count();
-  const items = await collection.get();
+  // const items = await collection.get();
   // return status
-  return res.json({ vectorDBrunning, collection, itemCount, items });
+  return res.json({ vectorDBrunning, collection, itemCount });
 };
 
 /** *******************************************************
diff --git a/routes/ai.js b/routes/ai.js
index fbb15ad6b12b54d9537776b13ed2c91cc9bb7bcb..28e901c4912f0b65b484969634a26008d190c0de 100644
--- a/routes/ai.js
+++ b/routes/ai.js
@@ -1,9 +1,10 @@
 import { Router } from "express";
 import { getStatus, getModel, getModels, deleteModel, installModel, checkRequestedModel, getChat, getChats } from "../controllers/AI.js";
 import { chat } from "../utils/handleAI.js";
-import { pbVerifyAccessToken, gateKeeper } from "../utils/pocketbase/handlePocketBase.js";
+import { pbVerifyAccessToken } from "../utils/pocketbase/handlePocketBase.js";
 import { chatSchema, deleteModelSchema, getModelSchema, getModelsSchema, installModelSchema } from "../validationSchemes/AI.js";
 import { validate } from "../utils/handleValidations.js";
+import { gateKeeper } from "../controllers/Auth.js";
 
 const router = Router();
 
diff --git a/routes/embeddings.js b/routes/embeddings.js
index 7d17e57c13105e0e18157cfbc725e72b59529242..11db9c7e3af1373504a1c200e370fbf84d10d843 100644
--- a/routes/embeddings.js
+++ b/routes/embeddings.js
@@ -1,22 +1,24 @@
 import { Router } from "express";
 import { removeVectorDb, getStatus, createEmbeddings, updateEmbeddings } from "../controllers/Embeddings.js";
-import { gateKeeper, pbVerifyAccessToken } from "../utils/pocketbase/handlePocketBase.js";
+import { pbVerifyAccessToken } from "../utils/pocketbase/handlePocketBase.js";
+import { verifyAccessToken } from "../utils/handleTokens.js";
+import { gateKeeper } from "../controllers/Auth.js";
 
 const router = Router();
 
 // remove Vector DB
-router.delete('/', pbVerifyAccessToken, gateKeeper, removeVectorDb);
+// router.delete('/', verifyAccessToken, gateKeeper, removeVectorDb);
 
 // Vector DB status
-router.get('/', getStatus);
+router.get('/', verifyAccessToken, gateKeeper, getStatus);
 
 // createEmbeddings
-router.put('/', pbVerifyAccessToken, gateKeeper, createEmbeddings);
+// router.put('/', pbVerifyAccessToken, gateKeeper, createEmbeddings);
 
 // update embeddings
 // TODO test update & delete https://python.langchain.com/v0.1/docs/integrations/vectorstores/chroma/#update-and-delete
 // https://js.langchain.com/v0.1/docs/integrations/vectorstores/chroma/#usage-delete-docs
-router.patch('/', pbVerifyAccessToken, gateKeeper, updateEmbeddings);
+// router.patch('/', pbVerifyAccessToken, gateKeeper, updateEmbeddings);
 
 
 
diff --git a/utils/handleDB.js b/utils/handleDB.js
index 7ba45ed57cbd2519b733b77e5fc46dd1fa4983e5..cb127a40cc7e2dfb279b3e933bca70d53003da5e 100644
--- a/utils/handleDB.js
+++ b/utils/handleDB.js
@@ -19,7 +19,7 @@ export const dbConnection = async () => {
       console.log(chalk.green('DB connected successfully'));
     });
 
-    dbConnection.on("error", (err) => {
+    dbConnection.on("error", (error) => {
       console.error(chalk.red(error));
     });
     return dbConnection;
diff --git a/utils/handleTokens.js b/utils/handleTokens.js
index 81807fd326e2771f4220ee78bd464526961b877c..3df4129c7ca8a00c36de2fdb12f425c441867ed8 100644
--- a/utils/handleTokens.js
+++ b/utils/handleTokens.js
@@ -45,6 +45,7 @@ export const verifyVerificationToken = async (req, res, next) => {
  * @return  {token}
  */
 export const createAccessToken = (payload) => {
+  console.log('create JWT payload', payload);
   return jwt.sign(payload, process.env.JWT_SECRET_KEY, { expiresIn: process.env.JWT_TTL });
 };
 
@@ -139,7 +140,7 @@ export const verifyAccessToken = async (req, res, next) => {
     if (error) return res.status(403).json({ message: 'Access token is no longer valid. Access denied.' });
     // if valid: remember current user id & role and go on
     global.currentUserId = payload.id;
-    global.currentUserRole = payload.role;;
+    global.currentUserRole = payload.role;
     next();
   });
 };
diff --git a/utils/pocketbase/handlePocketBase.js b/utils/pocketbase/handlePocketBase.js
index 15439c2840cc764584381ca1fed315d88505d99c..e7c5ce2190e1c4eecf1b7baf801da2f577d272b0 100644
--- a/utils/pocketbase/handlePocketBase.js
+++ b/utils/pocketbase/handlePocketBase.js
@@ -225,33 +225,6 @@ export const pbVerifyAccessToken = async (req, res, next) => {
   next();
 };
 
-/**
- * VERIFY ACCESS RIGHTS
- * check if user is alllowed to access route
- * if allowed = [] only admins are allowed
- * 
- * This setup is called "configurable middleware"
- * https://expressjs.com/en/guide/writing-middleware.html
- */
-export const gateKeeper = async (req, res, next) => {
-  // admins are allowed to access anything
-  if (pb.authStore.model.isAdmin) return next();
-
-  // FEATURE 
-  // - check for custom field role (which has to be created via settings before)
-  // - create a access config, which exports an array of allowed roles for each route
-  // - fetch array of called route an compare 
-  // const allowed = [];
-  // if (allowed.includes(pb.authStore.model.role)) {
-  //   return next();
-  // }
-
-  // deny access for others
-  return res.status(403).json({ message: 'Access Forbidden' });
-
-};
-
-
 
 /**
  * CREATE RECORD IN PB