diff --git a/src/libs/permissions.ts b/src/libs/permissions.ts
index e14dbb5..02342d9 100644
--- a/src/libs/permissions.ts
+++ b/src/libs/permissions.ts
@@ -69,7 +69,11 @@ export async function hasPermissionByToken(permissionList: string[], token: stri
   // Fine, we'll look up for global tokens...
   // FIXME: Could this be more efficient? IDs are sequential in SQL I think
   if (userID == -1) {
-    const allUsers = await prisma.user.findMany();
+    const allUsers = await prisma.user.findMany({
+      where: {
+        isRootServiceAccount: true
+      }
+    });
   
     for (const user of allUsers) {
       if (user.rootToken == token) userID = user.id;
diff --git a/src/routes/user/create.ts b/src/routes/user/create.ts
index 6f80e80..221c254 100644
--- a/src/routes/user/create.ts
+++ b/src/routes/user/create.ts
@@ -76,7 +76,9 @@ export function route(fastify: FastifyInstance, prisma: PrismaClient, tokens: Re
 
     if (options.allowUnsafeGlobalTokens) {
       // @ts-ignore
-      userData.rootToken = generateToken() as unknown as null;
+      userData.rootToken = generateToken();
+      // @ts-ignore
+      userData.isRootServiceAccount = true;
     }
 
     const userCreateResults = await prisma.user.create({