diff --git a/clientapi/routing/admin_whois.go b/clientapi/routing/admin_whois.go
index d7f505fd3..87bb79366 100644
--- a/clientapi/routing/admin_whois.go
+++ b/clientapi/routing/admin_whois.go
@@ -47,7 +47,8 @@ func GetAdminWhois(
 	req *http.Request, userAPI api.UserInternalAPI, device *api.Device,
 	userID string,
 ) util.JSONResponse {
-	if device.AccountType != api.AccountTypeAdmin && userID != device.UserID {
+	allowed := device.AccountType == api.AccountTypeAdmin || userID == device.UserID
+	if !allowed {
 		return util.JSONResponse{
 			Code: http.StatusForbidden,
 			JSON: jsonerror.Forbidden("userID does not match the current user"),
diff --git a/userapi/storage/accounts/postgres/accounts_table.go b/userapi/storage/accounts/postgres/accounts_table.go
index e6687b136..cc60b57c0 100644
--- a/userapi/storage/accounts/postgres/accounts_table.go
+++ b/userapi/storage/accounts/postgres/accounts_table.go
@@ -42,7 +42,7 @@ CREATE TABLE IF NOT EXISTS account_accounts (
     -- If the account is currently active
     is_deactivated BOOLEAN DEFAULT FALSE,
 	-- The account_type (user = 1, guest = 2, admin = 3, appservice = 4)
-	account_type INT DEFAULT 2
+	account_type SMALLINT
     -- TODO:
     -- upgraded_ts, devices, any email reset stuff?
 );
diff --git a/userapi/storage/accounts/postgres/deltas/2022021013023800_add_account_type.go b/userapi/storage/accounts/postgres/deltas/2022021013023800_add_account_type.go
index f4da387f9..88d446c0b 100644
--- a/userapi/storage/accounts/postgres/deltas/2022021013023800_add_account_type.go
+++ b/userapi/storage/accounts/postgres/deltas/2022021013023800_add_account_type.go
@@ -12,13 +12,18 @@ func LoadAddAccountType(m *sqlutil.Migrations) {
 }
 
 func UpAddAccountType(tx *sql.Tx) error {
-	_, err := tx.Exec("ALTER TABLE account_accounts ADD COLUMN IF NOT EXISTS account_type INT DEFAULT 2;")
+	_, err := tx.Exec("ALTER TABLE account_accounts ADD COLUMN IF NOT EXISTS account_type SMALLINT;")
 	if err != nil {
-		return fmt.Errorf("failed to execute upgrade: %w", err)
+		return fmt.Errorf("failed to add column: %w", err)
+
+	}
+	_, err = tx.Exec("UPDATE account_accounts SET account_type = 1 WHERE appservice_id = '';")
+	if err != nil {
+		return fmt.Errorf("failed to update user accounts: %w", err)
 	}
 	_, err = tx.Exec("UPDATE account_accounts SET account_type = 4 WHERE appservice_id <> '';")
 	if err != nil {
-		return fmt.Errorf("failed to execute upgrade: %w", err)
+		return fmt.Errorf("failed to update appservice accounts upgrade: %w", err)
 	}
 	return nil
 }
diff --git a/userapi/storage/accounts/sqlite3/accounts_table.go b/userapi/storage/accounts/sqlite3/accounts_table.go
index 05af80018..ec8cd13f5 100644
--- a/userapi/storage/accounts/sqlite3/accounts_table.go
+++ b/userapi/storage/accounts/sqlite3/accounts_table.go
@@ -42,7 +42,7 @@ CREATE TABLE IF NOT EXISTS account_accounts (
     -- If the account is currently active
     is_deactivated BOOLEAN DEFAULT 0,
 	-- The account_type (user = 1, guest = 2, admin = 3, appservice = 4)
-	account_type INTEGER DEFAULT 2
+	account_type INTEGER
     -- TODO:
     -- upgraded_ts, devices, any email reset stuff?
 );
diff --git a/userapi/storage/accounts/sqlite3/deltas/2022021012490600_add_account_type.go b/userapi/storage/accounts/sqlite3/deltas/2022021012490600_add_account_type.go
index f405de8ba..86621b2d5 100644
--- a/userapi/storage/accounts/sqlite3/deltas/2022021012490600_add_account_type.go
+++ b/userapi/storage/accounts/sqlite3/deltas/2022021012490600_add_account_type.go
@@ -18,49 +18,24 @@ func LoadAddAccountType(m *sqlutil.Migrations) {
 }
 
 func UpAddAccountType(tx *sql.Tx) error {
-	_, err := tx.Exec(`
-	ALTER TABLE account_accounts RENAME TO account_accounts_tmp;
-CREATE TABLE account_accounts (
-    localpart TEXT NOT NULL PRIMARY KEY,
-    created_ts BIGINT NOT NULL,
-    password_hash TEXT,
-    appservice_id TEXT,
-    is_deactivated BOOLEAN DEFAULT 0,
-	account_type INTEGER DEFAULT 2
-);
-INSERT INTO account_accounts (
-      localpart, created_ts, password_hash, appservice_id 
-    ) SELECT
-        localpart, created_ts, password_hash, appservice_id
-    FROM account_accounts_tmp;
-
-UPDATE account_accounts SET account_type = 4 WHERE appservice_id <> '';
-
-DROP TABLE account_accounts_tmp;`)
+	// initially set every account to useracount, change appserver accounts afterwards
+	_, err := tx.Exec(`ALTER TABLE account_accounts ADD COLUMN account_type INTEGER;`)
 	if err != nil {
-		return fmt.Errorf("failed to execute upgrade: %w", err)
+		return fmt.Errorf("failed to add column: %w", err)
+	}
+	_, err = tx.Exec(`UPDATE account_accounts SET account_type = 1 WHERE appservice_id = ''`)
+	if err != nil {
+		return fmt.Errorf("failed to update user accounts: %w", err)
+	}
+	_, err = tx.Exec(`UPDATE account_accounts SET account_type = 4 WHERE appservice_id <> ''`)
+	if err != nil {
+		return fmt.Errorf("failed to update appservice accounts upgrade: %w", err)
 	}
 	return nil
 }
 
 func DownAddAccountType(tx *sql.Tx) error {
-	_, err := tx.Exec(`
-	ALTER TABLE account_accounts RENAME TO account_accounts_tmp;
-CREATE TABLE account_accounts (
-    localpart TEXT NOT NULL PRIMARY KEY,
-    created_ts BIGINT NOT NULL,
-    password_hash TEXT,
-    appservice_id TEXT,
-    is_deactivated BOOLEAN DEFAULT 0
-);
-INSERT
-    INTO account_accounts (
-      localpart, created_ts, password_hash, appservice_id 
-    ) SELECT
-        localpart, created_ts, password_hash, appservice_id
-    FROM account_accounts_tmp
-;
-DROP TABLE account_accounts_tmp;`)
+	_, err := tx.Exec(`ALTER TABLE account_accounts DROP COLUMN account_type;`)
 	if err != nil {
 		return fmt.Errorf("failed to execute downgrade: %w", err)
 	}