diff --git a/src/main/java/info/bukova/isspst/Constants.java b/src/main/java/info/bukova/isspst/Constants.java
index 31ba1fd9..e7b6107d 100644
--- a/src/main/java/info/bukova/isspst/Constants.java
+++ b/src/main/java/info/bukova/isspst/Constants.java
@@ -87,6 +87,7 @@ public class Constants {
 	public final static String PERM_SHOW_CENTRE_REQ = "PERM_SHOW_CENTRE_REQ";
 	public final static String PERM_SHOW_ALL_REQ = "PERM_SHOW_ALL_REQ";
 	public final static String PERM_EDIT_NEW = "PERM_EDIT_NEW";
+	public final static String PERM_EDIT_OWN = "PERM_EDIT_OWN";
 	
 	public final static Permission SPECIAL_PERMISSIONS[] = {
 		new Permission(PERM_EDIT_NEW, "Upravit neschválené", MOD_REQUIREMENTS, PermissionType.GLOBAL),
diff --git a/src/main/java/info/bukova/isspst/data/User.java b/src/main/java/info/bukova/isspst/data/User.java
index 934c9bba..a8422b52 100644
--- a/src/main/java/info/bukova/isspst/data/User.java
+++ b/src/main/java/info/bukova/isspst/data/User.java
@@ -41,6 +41,8 @@ public class User extends Member implements UserDetails, DataModel {
 	@ManyToMany(fetch=FetchType.EAGER) 
 	@JoinTable(name="USER_ROLE", joinColumns={@JoinColumn(name="USER_ID")}, inverseJoinColumns={@JoinColumn(name="ROLE_ID")})
 	private List<Role> authorities;
+	@Column(name="SETTINGS", length=1048576)
+	private String settings;
 		
 	public User() {
 		authorities = new ArrayList<Role>();
@@ -197,4 +199,12 @@ public class User extends Member implements UserDetails, DataModel {
 		return true;
 	}
 
+	public String getSettings() {
+		return settings;
+	}
+
+	public void setSettings(String settings) {
+		this.settings = settings;
+	}
+
 }
diff --git a/src/main/java/info/bukova/isspst/data/UserSettingsData.java b/src/main/java/info/bukova/isspst/data/UserSettingsData.java
new file mode 100644
index 00000000..e06f0761
--- /dev/null
+++ b/src/main/java/info/bukova/isspst/data/UserSettingsData.java
@@ -0,0 +1,15 @@
+package info.bukova.isspst.data;
+
+public class UserSettingsData {
+	
+	private String signatureFile;
+
+	public String getSignatureFile() {
+		return signatureFile;
+	}
+
+	public void setSignatureFile(String signaturePath) {
+		this.signatureFile = signaturePath;
+	}
+
+}
diff --git a/src/main/java/info/bukova/isspst/security/IsPermissionEvaluator.java b/src/main/java/info/bukova/isspst/security/IsPermissionEvaluator.java
index 15c1ee80..a70a9eb7 100644
--- a/src/main/java/info/bukova/isspst/security/IsPermissionEvaluator.java
+++ b/src/main/java/info/bukova/isspst/security/IsPermissionEvaluator.java
@@ -31,7 +31,7 @@ public class IsPermissionEvaluator implements PermissionEvaluator {
 		}
 
 		if (((String)permission).isEmpty()) {
-			return true;
+			return false;
 		}
 		
 		Evaluator eval = evalHolder.getForObject(targetDomainObject, appPermission != null && appPermission.getType() != PermissionType.GLOBAL);
diff --git a/src/main/java/info/bukova/isspst/security/LoginSuccessHandler.java b/src/main/java/info/bukova/isspst/security/LoginSuccessHandler.java
index 3e0c0927..d237ad96 100644
--- a/src/main/java/info/bukova/isspst/security/LoginSuccessHandler.java
+++ b/src/main/java/info/bukova/isspst/security/LoginSuccessHandler.java
@@ -3,6 +3,7 @@ package info.bukova.isspst.security;
 import info.bukova.isspst.SessionData;
 import info.bukova.isspst.data.Role;
 import info.bukova.isspst.data.User;
+import info.bukova.isspst.data.UserSettingsData;
 import info.bukova.isspst.data.Workgroup;
 import info.bukova.isspst.services.users.UserService;
 import info.bukova.isspst.services.workgroups.WorkgroupService;
@@ -53,6 +54,13 @@ public class LoginSuccessHandler implements AuthenticationSuccessHandler {
 		}
 		sessionData.setWorkgroupRoles(wgRoles);
 		
+		UserSettingsData userSettings = userService.getUserSettings();
+		if (userSettings == null) {
+			userSettings = new UserSettingsData();
+			userService.setUserSettings(userSettings);
+			userService.update(u);
+		}
+		
 		response.sendRedirect("app/");
 	}
 
diff --git a/src/main/java/info/bukova/isspst/security/UserEvaluator.java b/src/main/java/info/bukova/isspst/security/UserEvaluator.java
new file mode 100644
index 00000000..c90e88d5
--- /dev/null
+++ b/src/main/java/info/bukova/isspst/security/UserEvaluator.java
@@ -0,0 +1,22 @@
+package info.bukova.isspst.security;
+
+import info.bukova.isspst.Constants;
+import info.bukova.isspst.data.User;
+
+import org.springframework.security.core.Authentication;
+
+public class UserEvaluator implements Evaluator {
+
+	@Override
+	public boolean evaluate(Authentication authentication,
+			Object targetDomainObject, String permission) {
+		if (!(targetDomainObject instanceof User)) {
+			return false;
+		}
+		
+		User object = (User)targetDomainObject;
+		
+		return permission.equals(Constants.PERM_EDIT_OWN) && object.equals(authentication.getPrincipal());
+	}
+
+}
diff --git a/src/main/java/info/bukova/isspst/services/StringXmlMarshaller.java b/src/main/java/info/bukova/isspst/services/StringXmlMarshaller.java
new file mode 100644
index 00000000..38480d3c
--- /dev/null
+++ b/src/main/java/info/bukova/isspst/services/StringXmlMarshaller.java
@@ -0,0 +1,71 @@
+package info.bukova.isspst.services;
+
+import info.bukova.isspst.services.settings.GlobalSettingsService;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import org.exolab.castor.xml.MarshalException;
+import org.exolab.castor.xml.Marshaller;
+import org.exolab.castor.xml.Unmarshaller;
+import org.exolab.castor.xml.ValidationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.core.GenericTypeResolver;
+
+public class StringXmlMarshaller<T> {
+	
+	private final static Logger log = LoggerFactory.getLogger(GlobalSettingsService.class);
+	private final static String MARSHAL_ERROR = "Cannot marshal settings data: ";
+	private final static String UNMARSHAL_ERROR = "Cannot unmarshal settings data: ";
+
+	private Marshaller marshaller;
+	private Unmarshaller unmarshaller;
+	
+	public StringXmlMarshaller(Marshaller marshaller, Unmarshaller unmarshaller) {
+		this.marshaller = marshaller;
+		this.unmarshaller = unmarshaller;
+	}
+	
+	public String marshalData(T data) {
+		if (data == null) {
+			return null;
+		}
+		
+		StringWriter wr = new StringWriter();
+		try {
+			marshaller.setWriter(wr);
+			marshaller. marshal(data);
+		} catch (MarshalException e) {
+			log.error(MARSHAL_ERROR + e.getMessage());
+		} catch (ValidationException e) {
+			log.error(MARSHAL_ERROR + e.getMessage());
+		} catch (IOException e) {
+			log.error(MARSHAL_ERROR + e.getMessage());
+		}
+		
+		return wr.toString();
+		
+	}
+	
+	@SuppressWarnings("unchecked")
+	public T unmarshalData(String data) {
+		if (data == null) {
+			return null;
+		}
+		
+		StringReader sr = new StringReader(data);
+		try {
+			unmarshaller.setClass(GenericTypeResolver.resolveTypeArgument(getClass(), StringXmlMarshaller.class));
+			return (T) unmarshaller.unmarshal(sr);
+		} catch (MarshalException e) {
+			log.error(UNMARSHAL_ERROR + e.getMessage());
+		} catch (ValidationException e) {
+			log.error(UNMARSHAL_ERROR + e.getMessage());
+		}
+		
+		return null;
+	}
+
+}
diff --git a/src/main/java/info/bukova/isspst/services/settings/GlobalSettingServiceImpl.java b/src/main/java/info/bukova/isspst/services/settings/GlobalSettingServiceImpl.java
index 7a746092..6827ccbe 100644
--- a/src/main/java/info/bukova/isspst/services/settings/GlobalSettingServiceImpl.java
+++ b/src/main/java/info/bukova/isspst/services/settings/GlobalSettingServiceImpl.java
@@ -1,38 +1,25 @@
 package info.bukova.isspst.services.settings;
 
-import java.io.IOException;
-import java.io.StringReader;
-import java.io.StringWriter;
-
-import org.exolab.castor.xml.MarshalException;
-import org.exolab.castor.xml.Marshaller;
-import org.exolab.castor.xml.Unmarshaller;
-import org.exolab.castor.xml.ValidationException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.transaction.annotation.Transactional;
-
 import info.bukova.isspst.data.Address;
 import info.bukova.isspst.data.GlobalSettings;
 import info.bukova.isspst.data.SettingsData;
 import info.bukova.isspst.services.AbstractOwnedService;
 import info.bukova.isspst.services.IsspstException;
+import info.bukova.isspst.services.StringXmlMarshaller;
+
+import org.exolab.castor.xml.Marshaller;
+import org.exolab.castor.xml.Unmarshaller;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.transaction.annotation.Transactional;
 
 public class GlobalSettingServiceImpl extends AbstractOwnedService<GlobalSettings> implements
 		GlobalSettingsService {
 	
-	private final static Logger log = LoggerFactory.getLogger(GlobalSettingsService.class);
-	private final static String MARSHAL_ERROR = "Cannot marshal settings data: ";
-	private final static String UNMARSHAL_ERROR = "Cannot unmarshal settings data: ";
-
-	private Marshaller marshaller;
-	private Unmarshaller unmarshaller;
+	private StringXmlMarshaller<SettingsData> marshaller;
 	private SettingsData settings;
 	
 	public GlobalSettingServiceImpl(Marshaller marshaller, Unmarshaller unmarshaller) {
-		this.marshaller = marshaller;
-		this.unmarshaller = unmarshaller;
+		this.marshaller = new StringXmlMarshaller<SettingsData>(marshaller, unmarshaller);
 	}
 
 	@Override
@@ -45,49 +32,18 @@ public class GlobalSettingServiceImpl extends AbstractOwnedService<GlobalSetting
 		
 		if (entity.getData() == null || entity.getData().isEmpty()) {
 			SettingsData data = new SettingsData();
-			entity.setData(marshalData(data));
+			entity.setData(marshaller.marshalData(data));
 		}
 		
 		super.add(entity);
 	}
-	
-	private String marshalData(SettingsData data) {
-		StringWriter wr = new StringWriter();
-		try {
-			marshaller.setWriter(wr);
-			marshaller. marshal(data);
-		} catch (MarshalException e) {
-			log.error(MARSHAL_ERROR + e.getMessage());
-		} catch (ValidationException e) {
-			log.error(MARSHAL_ERROR + e.getMessage());
-		} catch (IOException e) {
-			log.error(MARSHAL_ERROR + e.getMessage());
-		}
-		
-		return wr.toString();
-		
-	}
-	
-	private SettingsData unmarshalData(String data) {
-		StringReader sr = new StringReader(data);
-		try {
-			unmarshaller.setClass(SettingsData.class);
-			return (SettingsData) unmarshaller.unmarshal(sr);
-		} catch (MarshalException e) {
-			log.error(UNMARSHAL_ERROR + e.getMessage());
-		} catch (ValidationException e) {
-			log.error(UNMARSHAL_ERROR + e.getMessage());
-		}
-		
-		return null;
-	}
 
 	@Override
 	@Transactional
 	public SettingsData getSettings() {
 		if (settings == null) {
 			GlobalSettings gs = this.getAll().get(0);
-			settings = unmarshalData(gs.getData());
+			settings = marshaller.unmarshalData(gs.getData());
 		}
 		return settings;
 	}
@@ -108,7 +64,7 @@ public class GlobalSettingServiceImpl extends AbstractOwnedService<GlobalSetting
 			a.setDic(settings.getMainAddress().getDic());
 		}
 		
-		gs.setData(marshalData(settings));
+		gs.setData(marshaller.marshalData(settings));
 		
 		super.update(gs);
 	}
diff --git a/src/main/java/info/bukova/isspst/services/users/UserService.java b/src/main/java/info/bukova/isspst/services/users/UserService.java
index 5e59eb2a..ccb3ec54 100644
--- a/src/main/java/info/bukova/isspst/services/users/UserService.java
+++ b/src/main/java/info/bukova/isspst/services/users/UserService.java
@@ -4,6 +4,7 @@ import java.util.List;
 
 import info.bukova.isspst.data.Role;
 import info.bukova.isspst.data.User;
+import info.bukova.isspst.data.UserSettingsData;
 import info.bukova.isspst.services.Service;
 
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -20,4 +21,7 @@ public interface UserService extends UserDetailsService, Service<User> {
 	public void removeAccess();
 	public void loadAuthorities(User user);
 	public String[] getEmailsForSend(List<User> users);
+	public UserSettingsData getUserSettings(User user);
+	public UserSettingsData getUserSettings();
+	public void setUserSettings(UserSettingsData settings);
 }
diff --git a/src/main/java/info/bukova/isspst/services/users/UserServiceImpl.java b/src/main/java/info/bukova/isspst/services/users/UserServiceImpl.java
index ebe25ec1..9dc2c205 100644
--- a/src/main/java/info/bukova/isspst/services/users/UserServiceImpl.java
+++ b/src/main/java/info/bukova/isspst/services/users/UserServiceImpl.java
@@ -3,7 +3,9 @@ package info.bukova.isspst.services.users;
 import info.bukova.isspst.Constants;
 import info.bukova.isspst.data.Role;
 import info.bukova.isspst.data.User;
+import info.bukova.isspst.data.UserSettingsData;
 import info.bukova.isspst.services.AbstractService;
+import info.bukova.isspst.services.StringXmlMarshaller;
 //import info.bukova.isspst.services.LazyLoader;
 
 import java.util.ArrayList;
@@ -11,9 +13,12 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 
+import org.exolab.castor.xml.Marshaller;
+import org.exolab.castor.xml.Unmarshaller;
 import org.hibernate.LazyInitializationException;
 import org.hibernate.Query;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.encoding.PasswordEncoder;
 import org.springframework.security.core.Authentication;
@@ -27,6 +32,11 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
 	private PasswordEncoder encoder;
 	@Autowired
 	private RoleService roleService;
+	private StringXmlMarshaller<UserSettingsData> marshaller;
+	
+	public UserServiceImpl(Marshaller marshaller, Unmarshaller unmarshaller) {
+		this.marshaller = new StringXmlMarshaller<UserSettingsData>(marshaller, unmarshaller);
+	}
 	
 	public void setEncoder(PasswordEncoder encoder) {
 		this.encoder = encoder;
@@ -64,6 +74,7 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
 
 	@Override
 	@Transactional
+	@PreAuthorize("hasPermission(this, 'PERM_EDIT') or hasPermission(#user, this.getUpdateEntityPermission())")
 	public void saveWithPwd(User user, String password) {
 		if ((password != null) && !password.isEmpty())
 		{
@@ -168,5 +179,24 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
 		return ret;
 	}
 
+	@Override
+	public UserSettingsData getUserSettings() {
+		return getUserSettings(getCurrent());
+	}
+
+	@Override
+	public UserSettingsData getUserSettings(User user) {
+		return marshaller.unmarshalData(user.getSettings());
+	}
+
+	@Override
+	public void setUserSettings(UserSettingsData settings) {
+		getCurrent().setSettings(marshaller.marshalData(settings));		
+	}
+
+	@Override
+	public String getUpdateEntityPermission() {
+		return Constants.PERM_EDIT_OWN;
+	}
 
 }
diff --git a/src/main/webapp/WEB-INF/spring/root-context.xml b/src/main/webapp/WEB-INF/spring/root-context.xml
index 1058b90d..46ba55ef 100644
--- a/src/main/webapp/WEB-INF/spring/root-context.xml
+++ b/src/main/webapp/WEB-INF/spring/root-context.xml
@@ -93,12 +93,15 @@
 	
 	<bean id="tripReqEditEval" class="info.bukova.isspst.security.TripRequirementEvaluator"/>
 	
+	<bean id="userEvaluator" class="info.bukova.isspst.security.UserEvaluator"/>
+	
 	<bean id="evalHolder" class="info.bukova.isspst.security.EvaluatorsHolder">
 		<property name="globalEvaluators">
 			<map>
 				<entry key="#{T(info.bukova.isspst.services.Service)}" value-ref="serviceEval"/>
 				<entry key="#{T(info.bukova.isspst.data.Requirement)}" value-ref="reqEditEval"/>
 				<entry key="#{T(info.bukova.isspst.data.TripRequirement)}" value-ref="tripReqEditEval"/>
+				<entry key="#{T(info.bukova.isspst.data.User)}" value-ref="userEvaluator"/>
 			</map>
 		</property>
 		<property name="specialEvaluators">
@@ -230,9 +233,27 @@
     <bean id="validator" class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean"/>
     
 	<bean id="userService" class="info.bukova.isspst.services.users.UserServiceImpl">
+		<constructor-arg name="marshaller" ref="marshallerUsrSettings"/>
+		<constructor-arg name="unmarshaller" ref="unmarshallerUsrSettings"/>
 		<property name="dao" ref="userDao" />
 		<property name="encoder" ref="passwordEncoder" />
 	</bean>
+	
+	<bean id="xmlCtxUsrSettings" class="org.castor.spring.xml.XMLContextFactoryBean">
+		<property name="castorProperties">
+			<props>
+				<prop key="org.exolab.castor.xml.introspector.primitive.nodetype">element</prop>
+			</props>
+		</property>
+	</bean>
+	
+	<bean id="unmarshallerUsrSettings" class="org.castor.spring.xml.CastorUnmarshallerFactoryBean">
+		<property name="xmlContext" ref="xmlCtxUsrSettings" />
+	</bean>
+	
+	<bean id="marshallerUsrSettings" class="org.castor.spring.xml.CastorMarshallerFactoryBean">
+		<property name="xmlContext" ref="xmlCtxUsrSettings" />
+	</bean>
 
 	<bean id="roleService" class="info.bukova.isspst.services.users.RoleServiceImpl">
 		<property name="dao" ref="roleDao" />