diff --git a/internal/auth/repository/eventsourcing/handler/application.go b/internal/auth/repository/eventsourcing/handler/application.go
index ef0afc5219..eccd0d36ab 100644
--- a/internal/auth/repository/eventsourcing/handler/application.go
+++ b/internal/auth/repository/eventsourcing/handler/application.go
@@ -1,6 +1,8 @@
 package handler
 
 import (
+	"context"
+
 	"github.com/caos/logging"
 
 	"github.com/caos/zitadel/internal/eventstore/models"
@@ -32,10 +34,17 @@ func (p *Application) EventQuery() (*models.SearchQuery, error) {
 	return eventsourcing.ProjectQuery(sequence.CurrentSequence), nil
 }
 
-func (p *Application) Reduce(event *models.Event) (err error) {
+func (a *Application) Reduce(event *models.Event) (err error) {
 	app := new(view_model.ApplicationView)
 	switch event.Type {
 	case es_model.ApplicationAdded:
+		project, err := a.projectEvents.ProjectByID(context.Background(), event.AggregateID)
+		if err != nil {
+			return err
+		}
+		app.ProjectRoleCheck = project.ProjectRoleCheck
+		app.ProjectRoleAssertion = project.ProjectRoleAssertion
+
 		err = app.AppendEvent(event)
 	case es_model.ApplicationChanged,
 		es_model.OIDCConfigAdded,
@@ -46,7 +55,7 @@ func (p *Application) Reduce(event *models.Event) (err error) {
 		if err != nil {
 			return err
 		}
-		app, err = p.view.ApplicationByID(event.AggregateID, app.ID)
+		app, err = a.view.ApplicationByID(event.AggregateID, app.ID)
 		if err != nil {
 			return err
 		}
@@ -56,30 +65,30 @@ func (p *Application) Reduce(event *models.Event) (err error) {
 		if err != nil {
 			return err
 		}
-		return p.view.DeleteApplication(app.ID, event.Sequence)
+		return a.view.DeleteApplication(app.ID, event.Sequence)
 	case es_model.ProjectChanged:
-		apps, err := p.view.ApplicationsByProjectID(event.AggregateID)
+		apps, err := a.view.ApplicationsByProjectID(event.AggregateID)
 		if err != nil {
 			return err
 		}
 		if len(apps) == 0 {
-			return p.view.ProcessedApplicationSequence(event.Sequence)
+			return a.view.ProcessedApplicationSequence(event.Sequence)
 		}
 		for _, app := range apps {
 			if err := app.AppendEvent(event); err != nil {
 				return err
 			}
 		}
-		return p.view.PutApplications(apps, event.Sequence)
+		return a.view.PutApplications(apps, event.Sequence)
 	case es_model.ProjectRemoved:
-		return p.view.DeleteApplicationsByProjectID(event.AggregateID)
+		return a.view.DeleteApplicationsByProjectID(event.AggregateID)
 	default:
-		return p.view.ProcessedApplicationSequence(event.Sequence)
+		return a.view.ProcessedApplicationSequence(event.Sequence)
 	}
 	if err != nil {
 		return err
 	}
-	return p.view.PutApplication(app)
+	return a.view.PutApplication(app)
 }
 
 func (p *Application) OnError(event *models.Event, spoolerError error) error {
diff --git a/internal/auth/repository/eventsourcing/handler/token.go b/internal/auth/repository/eventsourcing/handler/token.go
index 22557cfba9..8fb4c65739 100644
--- a/internal/auth/repository/eventsourcing/handler/token.go
+++ b/internal/auth/repository/eventsourcing/handler/token.go
@@ -24,12 +24,12 @@ const (
 	tokenTable = "auth.tokens"
 )
 
-func (u *Token) ViewModel() string {
+func (t *Token) ViewModel() string {
 	return tokenTable
 }
 
-func (u *Token) EventQuery() (*models.SearchQuery, error) {
-	sequence, err := u.view.GetLatestTokenSequence()
+func (t *Token) EventQuery() (*models.SearchQuery, error) {
+	sequence, err := t.view.GetLatestTokenSequence()
 	if err != nil {
 		return nil, err
 	}
@@ -41,7 +41,7 @@ func (u *Token) EventQuery() (*models.SearchQuery, error) {
 		LatestSequenceFilter(sequence.CurrentSequence), nil
 }
 
-func (u *Token) Reduce(event *models.Event) (err error) {
+func (t *Token) Reduce(event *models.Event) (err error) {
 	switch event.Type {
 	case user_es_model.UserTokenAdded:
 		token := new(view_model.TokenView)
@@ -49,40 +49,40 @@ func (u *Token) Reduce(event *models.Event) (err error) {
 		if err != nil {
 			return err
 		}
-		return u.view.PutToken(token)
+		return t.view.PutToken(token)
 	case user_es_model.UserProfileChanged,
 		user_es_model.HumanProfileChanged:
 		user := new(view_model.UserView)
 		user.AppendEvent(event)
-		tokens, err := u.view.TokensByUserID(event.AggregateID)
+		tokens, err := t.view.TokensByUserID(event.AggregateID)
 		if err != nil {
 			return err
 		}
 		for _, token := range tokens {
 			token.PreferredLanguage = user.PreferredLanguage
 		}
-		return u.view.PutTokens(tokens, event.Sequence)
+		return t.view.PutTokens(tokens, event.Sequence)
 	case user_es_model.SignedOut,
 		user_es_model.HumanSignedOut:
 		id, err := agentIDFromSession(event)
 		if err != nil {
 			return err
 		}
-		return u.view.DeleteSessionTokens(id, event.AggregateID, event.Sequence)
+		return t.view.DeleteSessionTokens(id, event.AggregateID, event.Sequence)
 	case user_es_model.UserLocked,
 		user_es_model.UserDeactivated,
 		user_es_model.UserRemoved:
-		return u.view.DeleteUserTokens(event.AggregateID, event.Sequence)
+		return t.view.DeleteUserTokens(event.AggregateID, event.Sequence)
 	case project_es_model.ApplicationDeactivated,
 		project_es_model.ApplicationRemoved:
 		application, err := applicationFromSession(event)
 		if err != nil {
 			return err
 		}
-		return u.view.DeleteApplicationTokens(event.Sequence, application.AppID)
+		return t.view.DeleteApplicationTokens(event.Sequence, application.AppID)
 	case project_es_model.ProjectDeactivated,
 		project_es_model.ProjectRemoved:
-		project, err := u.ProjectEvents.ProjectByID(context.Background(), event.AggregateID)
+		project, err := t.ProjectEvents.ProjectByID(context.Background(), event.AggregateID)
 		if err != nil {
 			return err
 		}
@@ -90,15 +90,15 @@ func (u *Token) Reduce(event *models.Event) (err error) {
 		for _, app := range project.Applications {
 			applicationsIDs = append(applicationsIDs, app.AppID)
 		}
-		return u.view.DeleteApplicationTokens(event.Sequence, applicationsIDs...)
+		return t.view.DeleteApplicationTokens(event.Sequence, applicationsIDs...)
 	default:
-		return u.view.ProcessedTokenSequence(event.Sequence)
+		return t.view.ProcessedTokenSequence(event.Sequence)
 	}
 }
 
-func (u *Token) OnError(event *models.Event, err error) error {
+func (t *Token) OnError(event *models.Event, err error) error {
 	logging.LogWithFields("SPOOL-3jkl4", "id", event.AggregateID).WithError(err).Warn("something went wrong in token handler")
-	return spooler.HandleError(event, err, u.view.GetLatestTokenFailedEvent, u.view.ProcessedTokenFailedEvent, u.view.ProcessedTokenSequence, u.errorCountUntilSkip)
+	return spooler.HandleError(event, err, t.view.GetLatestTokenFailedEvent, t.view.ProcessedTokenFailedEvent, t.view.ProcessedTokenSequence, t.errorCountUntilSkip)
 }
 
 func agentIDFromSession(event *models.Event) (string, error) {
diff --git a/internal/authz/repository/eventsourcing/handler/application.go b/internal/authz/repository/eventsourcing/handler/application.go
index 3b329daa9e..401f761ad0 100644
--- a/internal/authz/repository/eventsourcing/handler/application.go
+++ b/internal/authz/repository/eventsourcing/handler/application.go
@@ -18,19 +18,19 @@ const (
 	applicationTable = "authz.applications"
 )
 
-func (p *Application) ViewModel() string {
+func (a *Application) ViewModel() string {
 	return applicationTable
 }
 
-func (p *Application) EventQuery() (*models.SearchQuery, error) {
-	sequence, err := p.view.GetLatestApplicationSequence()
+func (a *Application) EventQuery() (*models.SearchQuery, error) {
+	sequence, err := a.view.GetLatestApplicationSequence()
 	if err != nil {
 		return nil, err
 	}
 	return eventsourcing.ProjectQuery(sequence.CurrentSequence), nil
 }
 
-func (p *Application) Reduce(event *models.Event) (err error) {
+func (a *Application) Reduce(event *models.Event) (err error) {
 	app := new(view_model.ApplicationView)
 	switch event.Type {
 	case es_model.ApplicationAdded:
@@ -44,7 +44,7 @@ func (p *Application) Reduce(event *models.Event) (err error) {
 		if err != nil {
 			return err
 		}
-		app, err = p.view.ApplicationByID(event.AggregateID, app.ID)
+		app, err = a.view.ApplicationByID(event.AggregateID, app.ID)
 		if err != nil {
 			return err
 		}
@@ -54,17 +54,17 @@ func (p *Application) Reduce(event *models.Event) (err error) {
 		if err != nil {
 			return err
 		}
-		return p.view.DeleteApplication(app.ID, event.Sequence)
+		return a.view.DeleteApplication(app.ID, event.Sequence)
 	default:
-		return p.view.ProcessedApplicationSequence(event.Sequence)
+		return a.view.ProcessedApplicationSequence(event.Sequence)
 	}
 	if err != nil {
 		return err
 	}
-	return p.view.PutApplication(app)
+	return a.view.PutApplication(app)
 }
 
-func (p *Application) OnError(event *models.Event, spoolerError error) error {
+func (a *Application) OnError(event *models.Event, spoolerError error) error {
 	logging.LogWithFields("SPOOL-sjZw", "id", event.AggregateID).WithError(spoolerError).Warn("something went wrong in project app handler")
-	return spooler.HandleError(event, spoolerError, p.view.GetLatestApplicationFailedEvent, p.view.ProcessedApplicationFailedEvent, p.view.ProcessedApplicationSequence, p.errorCountUntilSkip)
+	return spooler.HandleError(event, spoolerError, a.view.GetLatestApplicationFailedEvent, a.view.ProcessedApplicationFailedEvent, a.view.ProcessedApplicationSequence, a.errorCountUntilSkip)
 }
diff --git a/internal/management/repository/eventsourcing/handler/application.go b/internal/management/repository/eventsourcing/handler/application.go
index e92be3ed1d..4395737197 100644
--- a/internal/management/repository/eventsourcing/handler/application.go
+++ b/internal/management/repository/eventsourcing/handler/application.go
@@ -1,6 +1,8 @@
 package handler
 
 import (
+	"context"
+
 	"github.com/caos/logging"
 
 	"github.com/caos/zitadel/internal/eventstore/models"
@@ -20,22 +22,29 @@ const (
 	applicationTable = "management.applications"
 )
 
-func (p *Application) ViewModel() string {
+func (a *Application) ViewModel() string {
 	return applicationTable
 }
 
-func (p *Application) EventQuery() (*models.SearchQuery, error) {
-	sequence, err := p.view.GetLatestApplicationSequence()
+func (a *Application) EventQuery() (*models.SearchQuery, error) {
+	sequence, err := a.view.GetLatestApplicationSequence()
 	if err != nil {
 		return nil, err
 	}
 	return eventsourcing.ProjectQuery(sequence.CurrentSequence), nil
 }
 
-func (p *Application) Reduce(event *models.Event) (err error) {
+func (a *Application) Reduce(event *models.Event) (err error) {
 	app := new(view_model.ApplicationView)
 	switch event.Type {
 	case es_model.ApplicationAdded:
+		project, err := a.projectEvents.ProjectByID(context.Background(), event.AggregateID)
+		if err != nil {
+			return err
+		}
+		app.ProjectRoleCheck = project.ProjectRoleCheck
+		app.ProjectRoleAssertion = project.ProjectRoleAssertion
+
 		err = app.AppendEvent(event)
 	case es_model.ApplicationChanged,
 		es_model.OIDCConfigAdded,
@@ -46,7 +55,7 @@ func (p *Application) Reduce(event *models.Event) (err error) {
 		if err != nil {
 			return err
 		}
-		app, err = p.view.ApplicationByID(event.AggregateID, app.ID)
+		app, err = a.view.ApplicationByID(event.AggregateID, app.ID)
 		if err != nil {
 			return err
 		}
@@ -56,33 +65,33 @@ func (p *Application) Reduce(event *models.Event) (err error) {
 		if err != nil {
 			return err
 		}
-		return p.view.DeleteApplication(app.ID, event.Sequence)
+		return a.view.DeleteApplication(app.ID, event.Sequence)
 	case es_model.ProjectChanged:
-		apps, err := p.view.ApplicationsByProjectID(event.AggregateID)
+		apps, err := a.view.ApplicationsByProjectID(event.AggregateID)
 		if err != nil {
 			return err
 		}
 		if len(apps) == 0 {
-			return p.view.ProcessedApplicationSequence(event.Sequence)
+			return a.view.ProcessedApplicationSequence(event.Sequence)
 		}
 		for _, app := range apps {
 			if err := app.AppendEvent(event); err != nil {
 				return err
 			}
 		}
-		return p.view.PutApplications(apps, event.Sequence)
+		return a.view.PutApplications(apps, event.Sequence)
 	case es_model.ProjectRemoved:
-		return p.view.DeleteApplicationsByProjectID(event.AggregateID)
+		return a.view.DeleteApplicationsByProjectID(event.AggregateID)
 	default:
-		return p.view.ProcessedApplicationSequence(event.Sequence)
+		return a.view.ProcessedApplicationSequence(event.Sequence)
 	}
 	if err != nil {
 		return err
 	}
-	return p.view.PutApplication(app)
+	return a.view.PutApplication(app)
 }
 
-func (p *Application) OnError(event *models.Event, spoolerError error) error {
+func (a *Application) OnError(event *models.Event, spoolerError error) error {
 	logging.LogWithFields("SPOOL-ls9ew", "id", event.AggregateID).WithError(spoolerError).Warn("something went wrong in project app handler")
-	return spooler.HandleError(event, spoolerError, p.view.GetLatestApplicationFailedEvent, p.view.ProcessedApplicationFailedEvent, p.view.ProcessedApplicationSequence, p.errorCountUntilSkip)
+	return spooler.HandleError(event, spoolerError, a.view.GetLatestApplicationFailedEvent, a.view.ProcessedApplicationFailedEvent, a.view.ProcessedApplicationSequence, a.errorCountUntilSkip)
 }