diff --git a/src/jrd/scl.epp b/src/jrd/scl.epp
index 50c7da24ac..5b6c15c384 100644
--- a/src/jrd/scl.epp
+++ b/src/jrd/scl.epp
@@ -1282,19 +1282,11 @@ SecurityClass::flags_t SCL_get_object_mask(const int object_type)
 	thread_db* tdbb = JRD_get_thread_data();
 	Database* dbb = tdbb->getDatabase();
 
-	UserId* user = tdbb->getAttachment()->att_user;
-
-	/***
-	if (object_type == obj_roles)
-	{
-		if (user->isSecAdmin())
-			return -1 & ~SCL_corrupt;
-	}
-	***/
-
 	const TEXT* object_name = get_object_name(object_type);
-	const Jrd::SecurityClass* s_class = SCL_recompute_class(tdbb, object_name);
+	if (!*object_name)
+		return 0;
 
+	const Jrd::SecurityClass* s_class = SCL_recompute_class(tdbb, object_name);
 	if (s_class)
 		return s_class->scl_flags;
 
diff --git a/src/jrd/scl.h b/src/jrd/scl.h
index ba9e639ece..09ab660904 100644
--- a/src/jrd/scl.h
+++ b/src/jrd/scl.h
@@ -159,7 +159,6 @@ public:
 
 // These numbers are arbitrary and only used at run-time. Can be changed if necessary at any moment.
 // We need to include here the new objects that accept ACLs.
-const SLONG SCL_object_column		= 1;
 const SLONG SCL_object_database		= obj_database;
 const SLONG SCL_object_table		= obj_relations;
 const SLONG SCL_object_package		= obj_packages;
@@ -173,6 +172,9 @@ const SLONG SCL_object_domain		= obj_domains;
 const SLONG SCL_object_view			= obj_views;
 const SLONG SCL_object_role			= obj_roles;
 const SLONG SCL_object_filter		= obj_filters;
+// Please keep it with code more than other objects
+// - relations and procedures should be sorted before columns.
+const SLONG SCL_object_column		= obj_type_MAX + 1;
 
 } //namespace Jrd