diff --git a/common/models/role.js b/common/models/role.js
index 2b18b2b1b..7740cc34c 100644
--- a/common/models/role.js
+++ b/common/models/role.js
@@ -273,6 +273,10 @@ module.exports = function(Role) {
         process.nextTick(function() {
           callback(null, matches(modelId, userId));
         });
+      }else {
+        process.nextTick(function() {
+          callback(null, false);
+        });
       }
       return callback.promise;
     }
diff --git a/lib/access-context.js b/lib/access-context.js
index 310e9bf2a..517b68495 100644
--- a/lib/access-context.js
+++ b/lib/access-context.js
@@ -86,8 +86,9 @@ function AccessContext(context) {
 
   var token = this.accessToken || {};
 
-  if (token.userId != null) {
-    this.addPrincipal(Principal.USER, token.userId);
+  if (token.userId) {
+    const userPrincipalType = token.principalType || Principal.USER;
+    this.addPrincipal(userPrincipalType, token.userId);
   }
   if (token.appId != null) {
     this.addPrincipal(Principal.APPLICATION, token.appId);
diff --git a/test/multiple-user-principal-types.test.js b/test/multiple-user-principal-types.test.js
index 7ce9a74e0..9b04ea65d 100644
--- a/test/multiple-user-principal-types.test.js
+++ b/test/multiple-user-principal-types.test.js
@@ -22,7 +22,7 @@ describe('Multiple users with custom principalType', function() {
 
   var commonCredentials = {email: 'foo@bar.com', password: 'bar'};
   var app, OneUser, AnotherUser, AccessToken, Role,
-    userFromOneModel, userFromAnotherModel, userRole, userOneBaseContext;
+    userFromOneModel, userFromAnotherModel, accessTokenForUserFromOneModel, accessTokenForUserFromAnotherModel, userRole, userOneBaseContext;
 
   beforeEach(function setupAppAndModels() {
     // create a local app object that does not share state with other tests
@@ -213,6 +213,50 @@ describe('Multiple users with custom principalType', function() {
     });
 
     describe('getUser()', function() {
+      it("Check correct principalType for users belonging to different user models", function() {
+        Promise.all([
+          OneUser.login(commonCredentials),
+          AnotherUser.login(commonCredentials)
+          ]).spread(function(t1, t2) {
+            
+            accessTokenForUserFromOneModel = t1;
+            accessTokenForUserFromAnotherModel = t2;
+
+
+            const accessContextForUserFromOneModel = new AccessContext({registry: OneUser.registry, accessToken: accessTokenForUserFromOneModel});
+            const accessContextForUserFromAnotherModel = new AccessContext({registry: AnotherUser.registry, accessToken: accessTokenForUserFromAnotherModel});
+
+            var user1 = accessContextForUserFromOneModel.getUser();
+            expect(user1).to.eql({
+              id: userFromOneModel.id,
+              principalType: OneUser.modelName,
+            });
+
+            var user2 = accessContextForUserFromAnotherModel.getUser();
+            expect(user2).to.eql({
+              id: userFromAnotherModel.id,
+              principalType: AnotherUser.modelName,
+            });
+          
+          })
+
+        
+        return Promise.try(function() {
+            addToAccessContext([
+              {type: Principal.ROLE},
+              {type: Principal.APP},
+              {type: Principal.SCOPE},
+              {type: OneUser.modelName, id: userFromOneModel.id},
+            ]);
+            var user = accessContext.getUser();
+            expect(user).to.eql({
+              id: userFromOneModel.id,
+              principalType: OneUser.modelName,
+            });
+          });
+
+      })
+
       it('returns user although principals contain non USER principals',
         function() {
           return Promise.try(function() {