diff --git a/app/controllers/api/automation_requests_controller.rb b/app/controllers/api/automation_requests_controller.rb
index 15139f0369..bbec917377 100644
--- a/app/controllers/api/automation_requests_controller.rb
+++ b/app/controllers/api/automation_requests_controller.rb
@@ -43,12 +43,12 @@ def deny_resource(type, id, data)
 
     def find_automation_requests(id)
       klass = collection_class(:requests)
-      return klass.find(id) if User.current_user.admin_user?
+      return klass.find(id) if User.current_user.miq_user_role.request_admin_user?
       klass.find_by!(:requester => User.current_user, :id => id)
     end
 
     def automation_requests_search_conditions
-      return {} if User.current_user.admin_user?
+      return {} if User.current_user.miq_user_role.request_admin_user?
       {:requester => User.current_user}
     end
   end
diff --git a/app/controllers/api/provision_requests_controller.rb b/app/controllers/api/provision_requests_controller.rb
index c55b0bc29d..3366585ab6 100644
--- a/app/controllers/api/provision_requests_controller.rb
+++ b/app/controllers/api/provision_requests_controller.rb
@@ -46,12 +46,12 @@ def approve_resource(type, id, data)
 
     def find_provision_requests(id)
       klass = collection_class(:requests)
-      return klass.find(id) if User.current_user.admin_user?
+      return klass.find(id) if User.current_user.miq_user_role.request_admin_user?
       klass.find_by!(:requester => User.current_user, :id => id)
     end
 
     def provision_requests_search_conditions
-      return {} if User.current_user.admin_user?
+      return {} if User.current_user.miq_user_role.request_admin_user?
       {:requester => User.current_user}
     end
   end
diff --git a/app/controllers/api/requests_controller.rb b/app/controllers/api/requests_controller.rb
index ac5d7e0e66..28819c7d7e 100644
--- a/app/controllers/api/requests_controller.rb
+++ b/app/controllers/api/requests_controller.rb
@@ -57,12 +57,12 @@ def deny_resource(type, id, data)
 
     def find_requests(id)
       klass = collection_class(:requests)
-      return klass.find(id) if User.current_user.admin_user?
+      return klass.find(id) if User.current_user.miq_user_role.request_admin_user?
       klass.find_by!(:requester => User.current_user, :id => id)
     end
 
     def requests_search_conditions
-      return {} if User.current_user.admin_user?
+      return {} if User.current_user.miq_user_role.request_admin_user?
       {:requester => User.current_user}
     end
 
diff --git a/app/controllers/api/service_requests_controller.rb b/app/controllers/api/service_requests_controller.rb
index d8711be09b..db5b060673 100644
--- a/app/controllers/api/service_requests_controller.rb
+++ b/app/controllers/api/service_requests_controller.rb
@@ -35,12 +35,12 @@ def edit_resource(type, id, data)
 
     def find_service_requests(id)
       klass = collection_class(:service_requests)
-      return klass.find(id) if User.current_user.admin_user?
+      return klass.find(id) if User.current_user.miq_user_role.request_admin_user?
       klass.find_by!(:requester => User.current_user, :id => id)
     end
 
     def service_requests_search_conditions
-      return {} if User.current_user.admin_user?
+      return {} if User.current_user.miq_user_role.request_admin_user?
       {:requester => User.current_user}
     end
 
diff --git a/spec/requests/automation_requests_spec.rb b/spec/requests/automation_requests_spec.rb
index fa88967a94..bcee73a594 100644
--- a/spec/requests/automation_requests_spec.rb
+++ b/spec/requests/automation_requests_spec.rb
@@ -46,7 +46,7 @@
     end
 
     it "lists all the automation requests if you are admin" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :role => "administrator")
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
       other_user = FactoryGirl.create(:user)
       automation_request1 = FactoryGirl.create(:automation_request, :requester => other_user)
       automation_request2 = FactoryGirl.create(:automation_request, :requester => @user)
@@ -77,7 +77,7 @@
     end
 
     it "an admin can see another user's request" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :role => "administrator")
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
       other_user = FactoryGirl.create(:user)
       automation_request = FactoryGirl.create(:automation_request, :requester => other_user)
       api_basic_authorize action_identifier(:automation_requests, :read, :resource_actions, :get)
diff --git a/spec/requests/provision_requests_spec.rb b/spec/requests/provision_requests_spec.rb
index cefa9ed149..6237af28fb 100644
--- a/spec/requests/provision_requests_spec.rb
+++ b/spec/requests/provision_requests_spec.rb
@@ -222,7 +222,7 @@
     end
 
     it "lists all the provision requests if you are admin" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :role => "administrator")
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
       other_user = FactoryGirl.create(:user)
       provision_request1 = FactoryGirl.create(:miq_provision_request, :requester => other_user)
       provision_request2 = FactoryGirl.create(:miq_provision_request, :requester => @user)
@@ -253,7 +253,7 @@
     end
 
     it "an admin can see another user's request" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :role => "administrator")
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
       other_user = FactoryGirl.create(:user)
       provision_request = FactoryGirl.create(:miq_provision_request, :requester => other_user)
       api_basic_authorize action_identifier(:provision_requests, :read, :resource_actions, :get)
@@ -383,7 +383,7 @@
     let(:provreq2_url)  { api_provision_request_url(nil, provreq2) }
 
     before do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :role => "administrator")
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
     end
 
     it "supports approving a request" do
diff --git a/spec/requests/requests_spec.rb b/spec/requests/requests_spec.rb
index a840076714..95bdd9be99 100644
--- a/spec/requests/requests_spec.rb
+++ b/spec/requests/requests_spec.rb
@@ -71,7 +71,7 @@
     end
 
     it "lists all the service requests if you are admin" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :role => "administrator")
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
       other_user = FactoryGirl.create(:user)
       service_request_1 = FactoryGirl.create(:service_template_provision_request,
                                              :requester   => other_user,
@@ -98,7 +98,7 @@
     end
 
     it "an admin can see another user's request" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :role => "administrator")
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
       other_user = FactoryGirl.create(:user)
       service_request = FactoryGirl.create(:service_template_provision_request,
                                            :requester   => other_user,
diff --git a/spec/requests/service_requests_spec.rb b/spec/requests/service_requests_spec.rb
index f59ee97bb9..01f129f377 100644
--- a/spec/requests/service_requests_spec.rb
+++ b/spec/requests/service_requests_spec.rb
@@ -233,7 +233,7 @@ def expect_result_to_have_user_email(email)
     end
 
     it "lists all the service requests if you are admin" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :role => "administrator")
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
       other_user = FactoryGirl.create(:user)
       service_request_1 = FactoryGirl.create(:service_template_provision_request,
                                              :requester   => other_user,
@@ -260,7 +260,7 @@ def expect_result_to_have_user_email(email)
     end
 
     it "an admin can see another user's request" do
-      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :role => "administrator")
+      @group.miq_user_role = @role = FactoryGirl.create(:miq_user_role, :features => %w(miq_request_superadmin))
       other_user = FactoryGirl.create(:user)
       service_request = FactoryGirl.create(:service_template_provision_request,
                                            :requester   => other_user,
diff --git a/spec/support/api/helpers.rb b/spec/support/api/helpers.rb
index 6d6a41f631..dfc3842066 100644
--- a/spec/support/api/helpers.rb
+++ b/spec/support/api/helpers.rb
@@ -21,10 +21,10 @@ def init_api_spec_env
 
         def api_basic_authorize(*identifiers, user: @user.userid, password: @user.password)
           if identifiers.present?
-            product_features = identifiers.flatten.collect do |identifier|
-              MiqProductFeature.find_or_create_by(:identifier => identifier)
+            identifiers.flatten.collect do |identifier|
+              @role.miq_product_features << MiqProductFeature.find_or_create_by(:identifier => identifier)
             end
-            @role.update_attributes!(:miq_product_features => product_features)
+            @role.save
           end
 
           request_headers["HTTP_AUTHORIZATION"] = ActionController::HttpAuthentication::Basic.encode_credentials(user, password)