diff --git a/src/Umbraco.Core/Models/Identity/BackOfficeIdentityUser.cs b/src/Umbraco.Core/Models/Identity/BackOfficeIdentityUser.cs
index e2ab9ec692..df34c2bee1 100644
--- a/src/Umbraco.Core/Models/Identity/BackOfficeIdentityUser.cs
+++ b/src/Umbraco.Core/Models/Identity/BackOfficeIdentityUser.cs
@@ -132,7 +132,14 @@ namespace Umbraco.Core.Models.Identity
         /// </summary>
         public int[] AllStartContentIds
         {
-            get { return _allStartContentIds ?? (_allStartContentIds = StartContentIds.Concat(Groups.Where(x => x.StartContentId.HasValue).Select(x => x.StartContentId.Value)).Distinct().ToArray()); }
+            get
+            {
+                if (_allStartContentIds != null) return _allStartContentIds;
+
+                var gsn = Groups.Where(x => x.StartContentId.HasValue).Select(x => x.StartContentId.Value).Distinct().ToArray();
+                var usn = StartContentIds;
+                return _allStartContentIds = UserExtensions.CombineStartNodes(UmbracoObjectTypes.Document, gsn, usn, ApplicationContext.Current.Services.EntityService);
+            }
         }
 
         /// <summary>
@@ -140,7 +147,14 @@ namespace Umbraco.Core.Models.Identity
         /// </summary>
         public int[] AllStartMediaIds
         {
-            get { return _allStartMediaIds ?? (_allStartMediaIds = StartMediaIds.Concat(Groups.Where(x => x.StartMediaId.HasValue).Select(x => x.StartMediaId.Value)).Distinct().ToArray()); }
+            get
+            {
+                if (_allStartMediaIds != null) return _allStartMediaIds;
+
+                var gsn = Groups.Where(x => x.StartMediaId.HasValue).Select(x => x.StartMediaId.Value).Distinct().ToArray();
+                var usn = StartMediaIds;
+                return _allStartMediaIds = UserExtensions.CombineStartNodes(UmbracoObjectTypes.Document, gsn, usn, ApplicationContext.Current.Services.EntityService);
+            }
         }
     }
 }
\ No newline at end of file
diff --git a/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs b/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs
index 3725e84969..87f793e816 100644
--- a/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs
+++ b/src/Umbraco.Core/Security/BackOfficeClaimsIdentityFactory.cs
@@ -3,6 +3,7 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNet.Identity;
+using Umbraco.Core.Models;
 using Umbraco.Core.Models.Identity;
 
 namespace Umbraco.Core.Security
@@ -39,8 +40,8 @@ namespace Umbraco.Core.Security
                     //For now, I'll fix this by using the user.Groups instead
                     //Roles = user.Roles.Select(x => x.RoleId).ToArray(),
                     Roles = user.Groups.Select(x => x.Alias).ToArray(),
-                    StartContentNodes = user.StartContentIds,
-                    StartMediaNodes = user.StartMediaIds,
+                    StartContentNodes = user.AllStartContentIds,
+                    StartMediaNodes = user.AllStartMediaIds,
                     SessionId = user.SecurityStamp
                 });