diff --git a/config/alfresco/extension/mt/mt-admin-context.xml.sample b/config/alfresco/extension/mt/mt-admin-context.xml.sample
index 2a2604ac25..4836306b9b 100644
--- a/config/alfresco/extension/mt/mt-admin-context.xml.sample
+++ b/config/alfresco/extension/mt/mt-admin-context.xml.sample
@@ -7,13 +7,15 @@
    <!-- MT Admin Service Implementation -->
    <!--                                           -->
             
-<bean id="tenantAdminService" parent="baseMultiTAdminService" />
+   <bean id="tenantAdminService" parent="baseMultiTAdminService" />
                 
    <bean id="tenantInterpreter" class="org.alfresco.repo.tenant.TenantInterpreter">
         <property name="transactionService" ref="transactionComponent"/>
         <property name="tenantAdminService" ref="tenantAdminService"/>       
         <property name="tenantService" ref="tenantService"/>        
         <property name="authenticationService" ref="AuthenticationService"/>
+        <property name="authorityService" ref="AuthorityService"/>
+        <property name="baseAdminUsername"><value>${alfresco_user_store.adminusername}</value></property>
    </bean>
 
    <bean id="tenantInterpreterHelp" class="org.alfresco.i18n.ResourceBundleBootstrapComponent">
diff --git a/config/alfresco/mt/mt-base-context.xml b/config/alfresco/mt/mt-base-context.xml
index 9901bd2966..076c998d7f 100644
--- a/config/alfresco/mt/mt-base-context.xml
+++ b/config/alfresco/mt/mt-base-context.xml
@@ -19,7 +19,8 @@
       <property name="tenantFileContentStore" ref="tenantFileContentStore"/>     
       <property name="workflowService" ref="WorkflowService"/>
       <property name="repositoryExporterService" ref="repositoryExporterComponent"/>
-      <property name="moduleService" ref="moduleService"/>
+      <property name="moduleService" ref="moduleService"/>
+      <property name="baseAdminUsername"><value>${alfresco_user_store.adminusername}</value></property>
       
       <property name="siteAVMBootstrap" ref="siteAVMBootstrap"/>
       
diff --git a/config/alfresco/repo-admin-context.xml b/config/alfresco/repo-admin-context.xml
index e86b4f7a70..ac7f8dd3ac 100755
--- a/config/alfresco/repo-admin-context.xml
+++ b/config/alfresco/repo-admin-context.xml
@@ -21,7 +21,7 @@
    
       <property name="transactionService" ref="transactionComponent"/>
       <property name="repoAdminService" ref="RepoAdminService"/>
-      <property name="tenantService" ref="tenantService"/>
+      <property name="authorityService" ref="AuthorityService"/>
         
    </bean>
 
diff --git a/config/alfresco/workflow-context.xml b/config/alfresco/workflow-context.xml
index 363691b49b..b13e2cb449 100644
--- a/config/alfresco/workflow-context.xml
+++ b/config/alfresco/workflow-context.xml
@@ -53,6 +53,7 @@
       <property name="transactionService" ref="transactionService"/>
       <property name="fileFolderService" ref="FileFolderService"/>
       <property name="tenantService" ref="tenantService"/>
+      <property name="authorityService" ref="AuthorityService"/>
    </bean>
 
    <bean id="workflowInterpreterHelp" class="org.alfresco.i18n.ResourceBundleBootstrapComponent">
diff --git a/source/java/org/alfresco/repo/admin/BaseInterpreter.java b/source/java/org/alfresco/repo/admin/BaseInterpreter.java
index 0b070981de..6eda55a803 100755
--- a/source/java/org/alfresco/repo/admin/BaseInterpreter.java
+++ b/source/java/org/alfresco/repo/admin/BaseInterpreter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -30,8 +30,8 @@ import java.io.InputStreamReader;
 
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
-import org.alfresco.repo.tenant.TenantService;
 import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
+import org.alfresco.service.cmr.security.AuthorityService;
 import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.util.AbstractLifecycleBean;
 import org.alfresco.util.ApplicationContextHelper;
@@ -46,8 +46,7 @@ public abstract class BaseInterpreter extends AbstractLifecycleBean
 {
     // dependencies
     protected TransactionService transactionService;
-    protected TenantService tenantService;
-
+    protected AuthorityService authorityService;
 
     /**4
      * The reader for interaction.
@@ -99,11 +98,11 @@ public abstract class BaseInterpreter extends AbstractLifecycleBean
     {
         this.transactionService = transactionService;
     }
-
-    public void setTenantService(TenantService tenantService)
+    
+    public void setAuthorityService(AuthorityService authorityService)
     {
-        this.tenantService = tenantService;
-    }   
+        this.authorityService = authorityService;
+    }
     
 
 
@@ -175,7 +174,13 @@ public abstract class BaseInterpreter extends AbstractLifecycleBean
     
     protected boolean hasAuthority(String username)
     {
-        return ((username != null) && (tenantService.getBaseNameUser(username).equals(DEFAULT_ADMIN)));
+        if (authorityService == null)
+        {
+            // default for backwards compatibility - eg. upgrade of existing MT instance (mt-admin-context.xml.sample)
+            authorityService = (AuthorityService)getApplicationContext().getBean("AuthorityService");
+        }
+        
+        return ((username != null) && (authorityService.isAdminAuthority(username)));
     }
 
     /**
diff --git a/source/java/org/alfresco/repo/admin/RepoAdminInterpreter.java b/source/java/org/alfresco/repo/admin/RepoAdminInterpreter.java
index e4e2bf2006..47758194bb 100755
--- a/source/java/org/alfresco/repo/admin/RepoAdminInterpreter.java
+++ b/source/java/org/alfresco/repo/admin/RepoAdminInterpreter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -45,7 +45,7 @@ import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
 public class RepoAdminInterpreter extends BaseInterpreter
 {
     // dependencies
-    private RepoAdminService repoAdminService;   
+    private RepoAdminService repoAdminService;
       
     
     public void setRepoAdminService(RepoAdminService repoAdminService)
@@ -61,13 +61,6 @@ public class RepoAdminInterpreter extends BaseInterpreter
         runMain("repoAdminInterpreter");
     }
 
-    protected boolean hasAuthority(String username)
-    {
-        // must be an "admin" for repository administration
-        return ((username != null) && (tenantService.getBaseNameUser(username).equals(BaseInterpreter.DEFAULT_ADMIN)));
-    }
-
-
     /**
      * Execute a single command using the BufferedReader passed in for any data needed.
      *
diff --git a/source/java/org/alfresco/repo/dictionary/DictionaryModelType.java b/source/java/org/alfresco/repo/dictionary/DictionaryModelType.java
index 30d6f1520e..8e2d3d5de6 100644
--- a/source/java/org/alfresco/repo/dictionary/DictionaryModelType.java
+++ b/source/java/org/alfresco/repo/dictionary/DictionaryModelType.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -398,7 +398,7 @@ public class DictionaryModelType implements ContentServicePolicies.OnContentUpda
                 for (NodeRef pendingNodeRef : pendingModels)
                 {
                     String tenantDomain = tenantService.getDomain(pendingNodeRef.getStoreRef().getIdentifier());
-                    String tenantAdminUserName = tenantService.getDomainUser(TenantService.ADMIN_BASENAME, tenantDomain);
+                    String tenantSystemUserName = tenantService.getDomainUser(AuthenticationUtil.getSystemUserName(), tenantDomain);
                     
                     final NodeRef nodeRef = tenantService.getBaseName(pendingNodeRef);
                     
@@ -484,7 +484,7 @@ public class DictionaryModelType implements ContentServicePolicies.OnContentUpda
 
                             return null; 
                         }
-                    }, tenantAdminUserName);
+                    }, tenantSystemUserName);
                 }
             }
         }
diff --git a/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java b/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java
index 6738a4a3ae..5aa6c99368 100755
--- a/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java
+++ b/source/java/org/alfresco/repo/tenant/MultiTAdminServiceImpl.java
@@ -99,6 +99,8 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
     
     private List<WorkflowDeployer> workflowDeployers = new ArrayList<WorkflowDeployer>();
     
+    private String baseAdminUsername = "admin"; // default for backwards compatibility only - eg. upgrade of existing MT instance (mt-admin-context.xml.sample)
+
     /*
      * Tenant domain/ids are unique strings that are case-insensitive. Tenant ids must be valid filenames. 
      * They may also map onto domains and hence should allow valid FQDN.
@@ -204,6 +206,11 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
         this.siteAVMBootstrap = siteAVMBootstrap;
     }
     
+    public void setBaseAdminUsername(String baseAdminUsername)
+    {
+        this.baseAdminUsername = baseAdminUsername;
+    }
+    
     public static final String PROTOCOL_STORE_USER = "user";
     public static final String PROTOCOL_STORE_WORKSPACE = "workspace";
     public static final String PROTOCOL_STORE_SYSTEM = "system";
@@ -218,8 +225,6 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
     private static final String TENANTS_ATTRIBUTE_PATH = "alfresco-tenants";
     private static final String TENANT_ATTRIBUTE_ENABLED = "enabled";
     private static final String TENANT_ROOT_CONTENT_STORE_DIR = "rootContentStoreDir";
-    
-    private static final String ADMIN_BASENAME = TenantService.ADMIN_BASENAME;
 
     private List<TenantDeployer> tenantDeployers = new ArrayList<TenantDeployer>();
 
@@ -750,7 +755,6 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
         
         ImporterBootstrap systemImporterBootstrap = (ImporterBootstrap)ctx.getBean("systemBootstrap");
         systemImporterBootstrap.setBootstrapViews(bootstrapViews);
-        systemImporterBootstrap.setLog(true);
 
         bootstrapSystemTenantStore(systemImporterBootstrap, tenantDomain);
     }
@@ -787,7 +791,6 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
         
         ImporterBootstrap userImporterBootstrap = (ImporterBootstrap)ctx.getBean("userBootstrap");
         userImporterBootstrap.setBootstrapViews(bootstrapViews);
-        userImporterBootstrap.setLog(true);
 
         bootstrapUserTenantStore(userImporterBootstrap, tenantDomain, null);
     }
@@ -826,7 +829,6 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
         
         ImporterBootstrap versionImporterBootstrap = (ImporterBootstrap)ctx.getBean("versionBootstrap");
         versionImporterBootstrap.setBootstrapViews(bootstrapViews);
-        versionImporterBootstrap.setLog(true);
 
         bootstrapVersionTenantStore(versionImporterBootstrap, tenantDomain);
     }
@@ -855,7 +857,6 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
         
         ImporterBootstrap spacesArchiveImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesArchiveBootstrap");
         spacesArchiveImporterBootstrap.setBootstrapViews(bootstrapViews);
-        spacesArchiveImporterBootstrap.setLog(true);
 
         bootstrapSpacesArchiveTenantStore(spacesArchiveImporterBootstrap, tenantDomain);
     }
@@ -889,7 +890,6 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
         
         ImporterBootstrap spacesImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesBootstrap");
         spacesImporterBootstrap.setBootstrapViews(bootstrapViews);
-        spacesImporterBootstrap.setLog(true);
 
         bootstrapSpacesTenantStore(spacesImporterBootstrap, tenantDomain);
     }
@@ -907,7 +907,6 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
         
         ImporterBootstrap spacesImporterBootstrap = (ImporterBootstrap)ctx.getBean("spacesBootstrap");
         spacesImporterBootstrap.setBootstrapViews(bootstrapViews);
-        spacesImporterBootstrap.setLog(true);
         
         spacesImporterBootstrap.setUseExistingStore(true);
 
@@ -1240,7 +1239,7 @@ public class MultiTAdminServiceImpl implements TenantAdminService, ApplicationCo
     
     private String getTenantAdminUser(String tenantDomain)
     {
-        return tenantService.getDomainUser(ADMIN_BASENAME, tenantDomain);
+        return tenantService.getDomainUser(this.baseAdminUsername, tenantDomain);
     }
 
     private String getTenantGuestUser(String tenantDomain)
diff --git a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
index cfe748787d..81f4ef95de 100644
--- a/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
+++ b/source/java/org/alfresco/repo/tenant/MultiTDemoTest.java
@@ -217,7 +217,7 @@ public class MultiTDemoTest extends TestCase
         {
             for (final String tenantDomain : tenants)
             {        
-                String tenantAdminName = tenantService.getDomainUser(TenantService.ADMIN_BASENAME, tenantDomain);
+                String tenantAdminName = tenantService.getDomainUser(DEFAULT_ADMIN_UN, tenantDomain);
                 
                 AuthenticationUtil.runAs(new RunAsWork<Object>()
                 {
@@ -238,7 +238,7 @@ public class MultiTDemoTest extends TestCase
             
             for (final String tenantDomain : tenants)
             {        
-                String tenantAdminName = tenantService.getDomainUser(TenantService.ADMIN_BASENAME, tenantDomain);
+                String tenantAdminName = tenantService.getDomainUser(DEFAULT_ADMIN_UN, tenantDomain);
                 
                 AuthenticationUtil.runAs(new RunAsWork<Object>()
                 {
@@ -343,7 +343,7 @@ public class MultiTDemoTest extends TestCase
             
             for (final String tenantDomain : tenants)
             {
-                loginLogoutUser(tenantService.getDomainUser(TenantService.ADMIN_BASENAME, tenantDomain), DEFAULT_ADMIN_PW+" "+tenantDomain);
+                loginLogoutUser(tenantService.getDomainUser(DEFAULT_ADMIN_UN, tenantDomain), DEFAULT_ADMIN_PW+" "+tenantDomain);
             }
         }   
         catch (Throwable t)
@@ -361,7 +361,7 @@ public class MultiTDemoTest extends TestCase
 
         for (final String tenantDomain : tenants)
         {        
-            String tenantAdminName = tenantService.getDomainUser(TenantService.ADMIN_BASENAME, tenantDomain);
+            String tenantAdminName = tenantService.getDomainUser(DEFAULT_ADMIN_UN, tenantDomain);
             
             AuthenticationUtil.runAs(new RunAsWork<Object>()
                     {
@@ -392,7 +392,7 @@ public class MultiTDemoTest extends TestCase
         
         for (final String tenantDomain : tenants)
         {        
-            String tenantAdminName = tenantService.getDomainUser(TenantService.ADMIN_BASENAME, tenantDomain);
+            String tenantAdminName = tenantService.getDomainUser(DEFAULT_ADMIN_UN, tenantDomain);
             
             AuthenticationUtil.runAs(new RunAsWork<Object>()
                     {
@@ -526,7 +526,7 @@ public class MultiTDemoTest extends TestCase
         
         for (final String tenantDomain : tenants)
         {        
-            String tenantAdminName = tenantService.getDomainUser(TenantService.ADMIN_BASENAME, tenantDomain);
+            String tenantAdminName = tenantService.getDomainUser(DEFAULT_ADMIN_UN, tenantDomain);
             
             AuthenticationUtil.runAs(new RunAsWork<Object>()
             {
@@ -546,7 +546,7 @@ public class MultiTDemoTest extends TestCase
         
         for (final String tenantDomain : tenants)
         {
-            String tenantAdminName = tenantService.getDomainUser(TenantService.ADMIN_BASENAME, tenantDomain);
+            String tenantAdminName = tenantService.getDomainUser(DEFAULT_ADMIN_UN, tenantDomain);
             
             AuthenticationUtil.runAs(new RunAsWork<Object>()
             {
diff --git a/source/java/org/alfresco/repo/tenant/TenantInterpreter.java b/source/java/org/alfresco/repo/tenant/TenantInterpreter.java
index 3ee3e2a916..42b834893e 100755
--- a/source/java/org/alfresco/repo/tenant/TenantInterpreter.java
+++ b/source/java/org/alfresco/repo/tenant/TenantInterpreter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Alfresco Software Limited.
+ * Copyright (C) 2005-2009 Alfresco Software Limited.
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
@@ -48,8 +48,10 @@ public class TenantInterpreter extends BaseInterpreter
     // Service dependencies    
     
     private TenantAdminService tenantAdminService;
+    protected TenantService tenantService;
+    private AuthenticationService authenticationService;
     
-    private AuthenticationService authenticationService;
+    private String baseAdminUsername = "admin"; // default for backwards compatibility only - eg. upgrade of existing MT instance (mt-admin-context.xml.sample)
 
     public void setTenantAdminService(TenantAdminService tenantAdminService)
     {
@@ -60,7 +62,17 @@ public class TenantInterpreter extends BaseInterpreter
     {
         this.authenticationService = authenticationService;
     }
-
+    
+    public void setTenantService(TenantService tenantService)
+    {
+        this.tenantService = tenantService;
+    }
+    
+    public void setBaseAdminUsername(String baseAdminUsername)
+    {
+        this.baseAdminUsername = baseAdminUsername;
+    }
+    
     /**
      * Main entry point.
      */
@@ -72,8 +84,8 @@ public class TenantInterpreter extends BaseInterpreter
     
     protected boolean hasAuthority(String username)
     {
-        // must be super "admin" for tenant administrator
-        return ((username != null) && (username.equals(BaseInterpreter.DEFAULT_ADMIN)));
+        // must be "super" admin for tenant administration
+        return ((username != null) && (authorityService.isAdminAuthority(username)) && (! tenantService.isTenantUser(username)));
     }
     
     public String interpretCommand(final String line) throws IOException
@@ -323,8 +335,8 @@ public class TenantInterpreter extends BaseInterpreter
             
             String tenantDomain = new String(command[1]).toLowerCase();
             
-            final String newPassword = new String(command[2]);        
-            final String tenantAdminUsername = tenantService.getDomainUser(TenantService.ADMIN_BASENAME, tenantDomain);
+            final String newPassword = new String(command[2]);
+            final String tenantAdminUsername = tenantService.getDomainUser(baseAdminUsername, tenantDomain);
 
             AuthenticationUtil.runAs(new RunAsWork<Object>()
             {
diff --git a/source/java/org/alfresco/repo/tenant/TenantService.java b/source/java/org/alfresco/repo/tenant/TenantService.java
index 932f9d5d7b..05a92bbda9 100644
--- a/source/java/org/alfresco/repo/tenant/TenantService.java
+++ b/source/java/org/alfresco/repo/tenant/TenantService.java
@@ -46,8 +46,6 @@ public interface TenantService extends TenantUserService
     
     public static final String DEFAULT_DOMAIN = "";
     
-    public static final String ADMIN_BASENAME = "admin";
-    
     /**
      * @return          the reference <b>with</b> the tenant-specific ID attached
      */