diff --git a/config/inc_user2roles.php b/config/inc_user2roles.php
index 19e2b5621bbcc7d0234e861b9c581c494f1b185f..bba2fe5e5138e695fc503e0d5bc89d49c1861f59 100644
--- a/config/inc_user2roles.php
+++ b/config/inc_user2roles.php
@@ -11,6 +11,7 @@ return array(
     // "developer" => array(),
     // "projectmanager" => array(),
     "admin" => array(
+        "cliadmin", // generic cli user from user class
         "hahn",
         "dschueler",
     ),
diff --git a/public_html/deployment/classes/user.class.php b/public_html/deployment/classes/user.class.php
index 6536ee9628603335e2a3c6531dfd386d940b2855..7df8085a191d32f2cd4e65945f63b92ee9b6a5a3 100644
--- a/public_html/deployment/classes/user.class.php
+++ b/public_html/deployment/classes/user.class.php
@@ -64,6 +64,9 @@ class user {
         if (!$sUser && is_array($_SERVER) && array_key_exists("PHP_AUTH_USER", $_SERVER)){
             $sUser=$_SERVER["PHP_AUTH_USER"];
         }
+        if (php_sapi_name() == "cli") {
+            $sUser="cliadmin";
+        }
         return $sUser;
     }
 
@@ -190,7 +193,7 @@ class user {
      * @return type
      */
     public function showDenied(){
-        return '<div class="alert alert-danger" role="alert">'
+        return 'USER: ' . $this->_sUsername . ' - groups ' . print_r($this->getUserGroups(),1) . '<div class="alert alert-danger" role="alert">'
         . t("class-user-error-deny-no-role").'<br>('.$this->_sLastCheckedPermission.')</div><br>'
         . '<a href="/deployment/all/login/" class="btn btn-primary">'.t('menu-login').'</a>'
         ;