diff --git a/devops-service/app/api2/parsers/user.rb b/devops-service/app/api2/parsers/user.rb
index 33266fb..0102fc1 100644
--- a/devops-service/app/api2/parsers/user.rb
+++ b/devops-service/app/api2/parsers/user.rb
@@ -21,12 +21,14 @@ module Devops
         end
 
         def change_password
+          user = @request.path_info.match(/(?<=^\/user\/)\w+/)[0]
           raise InvalidPrivileges.new("Access denied for '#{current_user}'") if user == Devops::Model::User::ROOT_USER_NAME and current_user != Devops::Model::User::ROOT_USER_NAME
           body = create_object_from_json_body
           check_string(body["password"], "Parameter 'password' must be a not empty string")
         end
 
         def change_email
+          user = @request.path_info.match(/(?<=^\/user\/)\w+/)[0]
           raise InvalidPrivileges.new("Access denied for '#{current_user}'") if user == Devops::Model::User::ROOT_USER_NAME and current_user != Devops::Model::User::ROOT_USER_NAME
           body = create_object_from_json_body
           check_string(body["email"], "Parameter 'email' must be a not empty string")
diff --git a/devops-service/app/api2/routes/user.rb b/devops-service/app/api2/routes/user.rb
index e9ec0eb..393193e 100644
--- a/devops-service/app/api2/routes/user.rb
+++ b/devops-service/app/api2/routes/user.rb
@@ -112,7 +112,7 @@ module Devops
           #
           # * *Returns* :
           #   200 - Updated
-          app.put_with_headers %r{\A/user/#{DevopsConfig::OBJECT_NAME}/email\z}, :headers => [:accept, :content_type] do |user|
+          app.put_with_headers %r{\A/user/(#{DevopsConfig::OBJECT_NAME})/email\z}, :headers => [:accept, :content_type] do |user|
             check_privileges("user", "w") unless request.env['REMOTE_USER'] == user
             Devops::API2_0::Handler::User.new(request).change_email(user)
             create_response("Updated")
@@ -132,7 +132,7 @@ module Devops
           #
           # * *Returns* :
           #   200 - Updated
-          app.put_with_headers %r{\A/user/#{DevopsConfig::OBJECT_NAME}/password\z}, :headers => [:accept, :content_type] do |user|
+          app.put_with_headers %r{\A/user/(#{DevopsConfig::OBJECT_NAME})/password\z}, :headers => [:accept, :content_type] do |user|
             check_privileges("user", "w") unless request.env['REMOTE_USER'] == user
             Devops::API2_0::Handler::User.new(request).change_password(user)
             create_response("Updated")