diff --git a/components/server/src/workspace/gitpod-server-impl.ts b/components/server/src/workspace/gitpod-server-impl.ts
index 84d31f00c9636a..63a711d5863d3d 100644
--- a/components/server/src/workspace/gitpod-server-impl.ts
+++ b/components/server/src/workspace/gitpod-server-impl.ts
@@ -169,6 +169,7 @@ import {
     suggestionFromUserRepo,
 } from "./suggested-repos-sorter";
 import { runWithSubjectId } from "../util/request-context";
+import { SubjectId } from "../auth/subject-id";
 
 // shortcut
 export const traceWI = (ctx: TraceContext, wi: Omit<LogContext, "userId">) => TraceContext.setOWI(ctx, wi); // userId is already taken care of in WebsocketConnectionManager
@@ -303,17 +304,20 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
     }
 
     private async getAccessibleProjects() {
-        if (!this.userID) {
+        const userId = this.userID;
+        if (!userId) {
             return [];
         }
 
         // update all project this user has access to
-        const allProjects: Project[] = [];
-        const teams = await this.organizationService.listOrganizationsByMember(this.userID, this.userID);
-        for (const team of teams) {
-            allProjects.push(...(await this.projectsService.getProjects(this.userID, team.id)));
-        }
-        return allProjects;
+        return runWithSubjectId(SubjectId.fromUserId(userId), async () => {
+            const allProjects: Project[] = [];
+            const teams = await this.organizationService.listOrganizationsByMember(userId, userId);
+            for (const team of teams) {
+                allProjects.push(...(await this.projectsService.getProjects(userId, team.id)));
+            }
+            return allProjects;
+        });
     }
 
     private async findPrebuiltWorkspace(
@@ -397,9 +401,11 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
 
     private forwardInstanceUpdateToClient(ctx: TraceContext, instance: WorkspaceInstance) {
         // gpl: We decided against tracing updates here, because it create far too much noise (cmp. history)
-        if (this.userID) {
-            this.workspaceService
-                .getWorkspace(this.userID, instance.workspaceId)
+        const userId = this.userID;
+        if (userId) {
+            runWithSubjectId(SubjectId.fromUserId(userId), () =>
+                this.workspaceService.getWorkspace(userId, instance.workspaceId),
+            )
                 .then((ws) => {
                     this.client?.onInstanceUpdate(this.censorInstance(instance));
                 })