diff --git a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java
index 2a4f31c..f44846b 100644
--- a/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java
+++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/controller/external/UserController.java
@@ -1,5 +1,6 @@
 package com.knecon.fforesight.tenantusermanagement.controller.external;
 
+import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.DELETE_TENANT;
 import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.READ_ALL_USERS;
 import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.READ_USERS;
 import static com.knecon.fforesight.tenantusermanagement.permissions.UserManagementPermissions.UPDATE_MY_PROFILE;
@@ -62,7 +63,21 @@ public class UserController implements UserResource, PublicResource {
             userService.evictUserCache();
         }
 
-        return userService.getAllUsers();
+        var kneconAdminRole = "KNECON_ADMIN";
+
+        return userService.getAllUsers().stream().filter(user -> {
+            if(user.getRoles().contains(kneconAdminRole))
+            {
+                //user should be filtered out because he has only role knecon_admin
+                if(user.getRoles().size() == 1) {
+                    return false;
+                }
+                //remove knecon_admin role
+                user.getRoles().remove(kneconAdminRole);
+                return true;
+            }
+            return true;
+        }).toList();
     }
 
 
@@ -113,7 +128,15 @@ public class UserController implements UserResource, PublicResource {
         if (StringUtils.isEmpty(userId)) {
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "The userId should not be empty.");
         }
-        return userService.getUserById(userId).orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found"));
+        var kneconAdminRole = "KNECON_ADMIN";
+        var user = userService.getUserById(userId).orElseThrow(() -> new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found"));
+        if (user.getRoles().contains(kneconAdminRole)) {
+            if(user.getRoles().size() == 1) {
+                throw new ResponseStatusException(HttpStatus.NOT_FOUND, "User not found");
+            }
+            user.getRoles().remove(kneconAdminRole);
+        }
+        return user;
     }