diff --git a/src/main/java/de/bps/olat/repository/controllers/RepositorySearchMultiSelectController.java b/src/main/java/de/bps/olat/repository/controllers/RepositorySearchMultiSelectController.java
index fd3f05e6fbba81afceb89b4905e1a4136336a972..31f90a4bedd2e2ac67b63b78507eea2c603b7b0a 100644
--- a/src/main/java/de/bps/olat/repository/controllers/RepositorySearchMultiSelectController.java
+++ b/src/main/java/de/bps/olat/repository/controllers/RepositorySearchMultiSelectController.java
@@ -36,6 +36,7 @@ import org.olat.repository.RepositoryEntry;
 import org.olat.repository.RepositoryManager;
 import org.olat.repository.RepositoryTableModel;
 import org.olat.repository.SearchForm;
+import org.olat.repository.SearchRepositoryEntryParameters;
 import org.olat.repository.controllers.RepositorySearchController;
 
 /**
@@ -128,8 +129,7 @@ public class RepositorySearchMultiSelectController extends RepositorySearchContr
 	 * @return
 	 */
 	public RepositoryEntry getValueAt(int row) {
-		RepositoryEntry repoEntry = (RepositoryEntry)repoTableModel.getObject(row);
-		return repoEntry;
+		return repoTableModel.getObject(row);
 	}
 	
 	/**
@@ -141,7 +141,9 @@ public class RepositorySearchMultiSelectController extends RepositorySearchContr
 		//Set s = searchForm.getRestrictedTypes();
 		//List restrictedTypes = (s == null) ? null : new ArrayList(s);
 		//fxdiff VCRP-1,2: access control of resources
-		List entries = rm.genericANDQueryWithRolesRestriction(null, null, null, null, ureq.getIdentity(), ureq.getUserSession().getRoles(), ureq.getIdentity().getUser().getProperty("institutionalName", null));
+		SearchRepositoryEntryParameters params = new SearchRepositoryEntryParameters(null, null, null, null,
+				ureq.getIdentity(), ureq.getUserSession().getRoles(), ureq.getIdentity().getUser().getProperty("institutionalName", null));
+		List<RepositoryEntry> entries = rm.genericANDQueryWithRolesRestriction(params, 0, -1, true);
 		repoTableModel.setObjects(entries);
 		tableCtr.modelChanged();
 		displaySearchResults(ureq);
diff --git a/src/main/java/org/olat/repository/RepositoryManager.java b/src/main/java/org/olat/repository/RepositoryManager.java
index ba8cd71d7bc109a5dd6d055685b78126ddb4471d..7d145be6732c58adbb9130f80810f9bd5234346a 100644
--- a/src/main/java/org/olat/repository/RepositoryManager.java
+++ b/src/main/java/org/olat/repository/RepositoryManager.java
@@ -89,7 +89,6 @@ import org.olat.repository.handlers.RepositoryHandlerFactory;
 import org.olat.repository.model.RepositoryEntryMembership;
 import org.olat.repository.model.RepositoryEntryPermissionChangeEvent;
 import org.olat.repository.model.RepositoryEntryShortImpl;
-import org.olat.repository.model.RepositoryEntryStrictMember;
 import org.olat.resource.OLATResource;
 import org.olat.resource.OLATResourceImpl;
 import org.olat.resource.OLATResourceManager;
@@ -1339,7 +1338,15 @@ public class RepositoryManager extends BasicManager {
 		logInfo("Repo-Perf: runGenericANDQueryWithRolesRestriction#1 takes " + timeQuery1);
 		return result;
 	}
-	//fxdiff VCRP-1,2: access control of resources
+	
+	/**
+	 * This query need the repository entry as v, v.olatResource as res,
+	 * v.ownerGroup as ownerGroup, v.tutorGroup as tutorGroup, v.participantGroup as participantGroup
+	 * @param sb
+	 * @param identity
+	 * @param roles
+	 * @return
+	 */
 	private boolean appendAccessSubSelects(StringBuilder sb, Identity identity, Roles roles) {
 		sb.append("(v.access >= ");
 		if (roles.isAuthor()) {
@@ -1356,12 +1363,25 @@ public class RepositoryManager extends BasicManager {
 			setIdentity = true;
 			//sub select are very quick
 			sb.append(" or (")
-				.append("   v.access=").append(RepositoryEntry.ACC_OWNERS).append(" and v.membersOnly=true")
-				.append("   and v.key in (")
-		    .append("     select vmember.key from ").append(RepositoryEntryStrictMember.class.getName()).append(" vmember")
-			  .append("     where (vmember.repoParticipantKey=:identityKey or vmember.repoTutorKey=:identityKey or vmember.repoOwnerKey=:identityKey")
-			  .append("         or vmember.groupParticipantKey=:identityKey or vmember.groupOwnerKey=:identityKey)")
-				.append(" ))");
+				.append("  v.access=").append(RepositoryEntry.ACC_OWNERS).append(" and v.membersOnly=true")
+			  .append("  and (exists (from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as vmember ")
+			  .append("     where vmember.identity.key=:identityKey and vmember.securityGroup=participantGroup")
+			  .append("  ) or exists (from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as vmember ")
+			  .append("     where vmember.identity.key=:identityKey and vmember.securityGroup=tutorGroup")
+			  .append("  ) or exists (from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as vmember ")
+			  .append("     where vmember.identity.key=:identityKey and vmember.securityGroup=ownerGroup")
+			  .append("  ) or exists (from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as vmember, ")
+			  .append("      ").append(BGResourceRelation.class.getName()).append(" as bresource, ")
+			  .append("      ").append(BusinessGroupImpl.class.getName()).append(" as bgroup")
+			  .append("      where bgroup.partipiciantGroup=vmember.securityGroup and res=bresource.resource ")
+			  .append("        and bgroup=bresource.group and vmember.identity.key=:identityKey")
+			  .append("  ) or exists (from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as vmember, ")
+			  .append("      ").append(BGResourceRelation.class.getName()).append(" as bresource, ")
+			  .append("      ").append(BusinessGroupImpl.class.getName()).append(" as bgroup")
+			  .append("      where bgroup.ownerGroup=vmember.securityGroup and res=bresource.resource ")
+			  .append("        and bgroup=bresource.group and vmember.identity.key=:identityKey")
+			  .append("  )")
+			  .append(" ))");
 		}
 		sb.append(")");
 		return setIdentity;
@@ -1372,11 +1392,24 @@ public class RepositoryManager extends BasicManager {
 		  .append(" v.access>=").append(RepositoryEntry.ACC_USERS)
 		  .append(" or (")
 		  .append("   v.access=").append(RepositoryEntry.ACC_OWNERS).append(" and v.membersOnly=true")
-		  .append("   and v.key in (")
-		  .append("     select vmember.key from ").append(RepositoryEntryStrictMember.class.getName()).append(" vmember")
-			.append("     where (vmember.repoParticipantKey=:identityKey or vmember.repoTutorKey=:identityKey or vmember.repoOwnerKey=:identityKey")
-			.append("       or vmember.groupParticipantKey=:identityKey or vmember.groupOwnerKey=:identityKey)")
-		  .append(" )))");
+			.append("  and (exists (from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as vmember ")
+			.append("     where vmember.identity.key=:identityKey and vmember.securityGroup=participantGroup")
+			.append("  ) or exists (from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as vmember ")
+			.append("     where vmember.identity.key=:identityKey and vmember.securityGroup=tutorGroup")
+			.append("  ) or exists (from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as vmember ")
+			.append("     where vmember.identity.key=:identityKey and vmember.securityGroup=ownerGroup")
+			.append("  ) or exists (from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as vmember, ")
+			.append("      ").append(BGResourceRelation.class.getName()).append(" as bresource, ")
+			.append("      ").append(BusinessGroupImpl.class.getName()).append(" as bgroup")
+			.append("      where bgroup.partipiciantGroup=vmember.securityGroup and res=bresource.resource ")
+			.append("        and bgroup=bresource.group and vmember.identity.key=:identityKey")
+			.append("  ) or exists (from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as vmember, ")
+			.append("      ").append(BGResourceRelation.class.getName()).append(" as bresource, ")
+			.append("      ").append(BusinessGroupImpl.class.getName()).append(" as bgroup")
+			.append("      where bgroup.ownerGroup=vmember.securityGroup and res=bresource.resource ")
+			.append("        and bgroup=bresource.group and vmember.identity.key=:identityKey")
+			.append("  ))")
+		  .append(" ))");
 		return true;
 	}
 	
@@ -1415,8 +1448,8 @@ public class RepositoryManager extends BasicManager {
 	}
 	
 	/**
-	 * Query repository
-	 * 
+	 * <b>!!! Don't use this query (NEVER). Only for history purpose!!!!</b><br>
+	 * Query repository:<br>
 	 * If any input data contains "*", then it replaced by "%" (search me*er -> sql: me%er).
 	 * 
 	 * @deprecated Use genericANDQueryWithRolesRestriction with paging instead
diff --git a/src/main/java/org/olat/repository/model/RepositoryEntryViews.hbm.xml b/src/main/java/org/olat/repository/model/RepositoryEntryViews.hbm.xml
index ac973b44b63f2d21b9a4cb6c254b792fab044637..05695171b50c7250480c28eccb75fbf4d52fa348 100644
--- a/src/main/java/org/olat/repository/model/RepositoryEntryViews.hbm.xml
+++ b/src/main/java/org/olat/repository/model/RepositoryEntryViews.hbm.xml
@@ -1,18 +1,7 @@
 <?xml version="1.0"?>
 <!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD//EN" "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd">
 <hibernate-mapping default-lazy="false">
-	
-	<class name="org.olat.repository.model.RepositoryEntryStrictMember" table="o_re_strict_member_v" mutable="false">
-		<composite-id>
-			<key-property name="key" column="re_id" type="long" />
-			<key-property name="repoOwnerKey" column="re_owner_member_id" type="long" />
-			<key-property name="repoTutorKey" column="re_tutor_member_id" type="long" />
-			<key-property name="repoParticipantKey" column="re_part_member_id" type="long" />
-			<key-property name="groupOwnerKey" column="bg_owner_member_id" type="long" />
-			<key-property name="groupParticipantKey" column="bg_part_member_id" type="long" />
-		</composite-id>
-	</class>
-	
+
 	<class name="org.olat.repository.model.RepositoryEntryMembership" table="o_re_membership_v" mutable="false">
 		<id name="key" 
 			type="long"