diff --git a/src/account_manager/main_views.py b/src/account_manager/main_views.py
index d7ab989..6e49d18 100644
--- a/src/account_manager/main_views.py
+++ b/src/account_manager/main_views.py
@@ -39,15 +39,15 @@ def realm_list(request):
     else:
         realms = Realm.objects.filter(admin_group__user__username__contains=user.username).order_by('name').order_by(
             'name')
-
-    if len(realms) == 0 and not user.is_superuser:
+    show_user = request.GET.get('show_user', False)
+    if show_user or (len(realms) == 0 and not user.is_superuser):
         try:
             LdapUser.base_dn = LdapUser.ROOT_DN
             user = LdapUser.objects.get(username=user.username)
             realm_base_dn = re.compile('(uid=[a-zA-Z0-9_]*),(ou=[a-zA-Z_]*),(.*)').match(user.dn).group(3)
             realm = Realm.objects.get(ldap_base_dn=realm_base_dn)
 
-            return redirect('user-detail', user.dn, realm.id )
+            return redirect('user-detail', user.dn, realm.id)
         except ObjectDoesNotExist as err:
             logger.info('Anmeldung fehlgeschlagen', err)
             return HttpResponse("Invalid login. Please try again.")
diff --git a/src/account_manager/views/user_views.py b/src/account_manager/views/user_views.py
index 30dc9cc..5c1c0e3 100644
--- a/src/account_manager/views/user_views.py
+++ b/src/account_manager/views/user_views.py
@@ -276,6 +276,7 @@ def user_delete(request, realm_id, user_dn):
 
 @login_required
 @is_realm_admin
+@protect_cross_realm_user_access
 def realm_user_group_update(request, realm_id, user_dn, error=None):
     realm = Realm.objects.get(id=realm_id)
     ldap_user, realm_groups_available, user_groups = get_available_given_groups(realm, user_dn)
@@ -300,6 +301,7 @@ def get_available_given_groups(realm, user_dn):
 
 @login_required
 @is_realm_admin
+@protect_cross_realm_user_access
 def realm_user_group_update_add(request, realm_id, user_dn):
     realm = Realm.objects.get(id=realm_id)
     LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
@@ -318,6 +320,7 @@ def realm_user_group_update_add(request, realm_id, user_dn):
 
 @login_required
 @is_realm_admin
+@protect_cross_realm_user_access
 def realm_user_group_update_delete(request, realm_id, user_dn):
     realm = Realm.objects.get(id=realm_id)
     LdapUser.base_dn = f'ou=people,{realm.ldap_base_dn}'
diff --git a/src/templates/base.jinja2 b/src/templates/base.jinja2
index c9d957d..6a88eb5 100644
--- a/src/templates/base.jinja2
+++ b/src/templates/base.jinja2
@@ -38,7 +38,7 @@
 
     {% if request.user.is_authenticated %}
         <span class="navbar-text">
-        Hi {{ request.user.username }}!
+        Hi <a href="{{ url('realm-home') }}?show_user=True">{{ request.user.username }}</a>!
         <a href="{{ url('logout') }}?next=/">Logout <i class="fas fa-sign-out-alt"></i></a>
     {% else %}
         <a href="{{ url('login') }}"><i class="fas fa-sign-in-alt"></i> Login</a>