diff --git a/src/tests/test_app_resources.py b/src/tests/test_app_resources.py
index 3640adde0..4f7651067 100644
--- a/src/tests/test_app_resources.py
+++ b/src/tests/test_app_resources.py
@@ -344,12 +344,8 @@ def test_resource_permissions():
         "main": {
             "url": "/",
             "allowed": "visitors"
-            # protected?
+            # TODO: test protected?
         },
-        "admin": {
-            "url": "/admin",
-            "allowed": ""
-        }
     }
 
     res = user_permission_list(full=True)["permissions"]
@@ -361,7 +357,36 @@ def test_resource_permissions():
     assert "testapp.main" in res
     assert "visitors" in res["testapp.main"]["allowed"]
     assert res["testapp.main"]["url"] == "/"
+    assert "testapp.admin" not in res
+
+    conf["admin"] = {
+        "url": "/admin",
+        "allowed": ""
+    }
+
+    r(conf, "testapp", manager).provision_or_update()
+
+    res = user_permission_list(full=True)["permissions"]
+
+    assert "testapp.main" in list(res.keys())
+    assert "visitors" in res["testapp.main"]["allowed"]
+    assert res["testapp.main"]["url"] == "/"
 
     assert "testapp.admin" in res
     assert not res["testapp.admin"]["allowed"]
     assert res["testapp.admin"]["url"] == "/admin"
+
+    conf["admin"]["url"] = "/adminpanel"
+
+    r(conf, "testapp", manager).provision_or_update()
+
+    res = user_permission_list(full=True)["permissions"]
+
+    # FIXME FIXME FIXME : this is the current behavior but
+    # it is NOT okay. c.f. comment in the code
+    assert res["testapp.admin"]["url"] == "/admin"  # should be '/adminpanel'
+
+    r(conf, "testapp").deprovision()
+
+    res = user_permission_list(full=True)["permissions"]
+    assert "testapp.main" not in res
diff --git a/src/utils/resources.py b/src/utils/resources.py
index 3d3d06cca..5bde70e83 100644
--- a/src/utils/resources.py
+++ b/src/utils/resources.py
@@ -238,7 +238,7 @@ class PermissionsResource(AppResource):
 
         existing_perms = user_permission_list(short=True, apps=[self.app])["permissions"]
         for perm in existing_perms:
-            if perm.split(".")[0] not in self.permissions.keys():
+            if perm.split(".")[1] not in self.permissions.keys():
                 permission_delete(perm, force=True, sync_perm=False)
 
         for perm, infos in self.permissions.items():