diff --git a/goosebit/ui/bff/rollouts/routes.py b/goosebit/ui/bff/rollouts/routes.py
index e60f8270..8631cc45 100644
--- a/goosebit/ui/bff/rollouts/routes.py
+++ b/goosebit/ui/bff/rollouts/routes.py
@@ -28,7 +28,7 @@ def search_filter(search_value):
 
 @router.post(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=[Permissions.ROLLOUT.WRITE])],
+    dependencies=[Security(validate_user_permissions, scopes=["rollout.write"])],
 )
 async def rollouts_put(_: Request, rollout: RolloutsPutRequest) -> RolloutsPutResponse:
     rollout = await Rollout.create(
@@ -41,7 +41,7 @@ async def rollouts_put(_: Request, rollout: RolloutsPutRequest) -> RolloutsPutRe
 
 @router.patch(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=[Permissions.ROLLOUT.WRITE])],
+    dependencies=[Security(validate_user_permissions, scopes=["rollout.write"])],
 )
 async def rollouts_patch(_: Request, rollouts: RolloutsPatchRequest) -> StatusResponse:
     await Rollout.filter(id__in=rollouts.ids).update(paused=rollouts.paused)
@@ -50,7 +50,7 @@ async def rollouts_patch(_: Request, rollouts: RolloutsPatchRequest) -> StatusRe
 
 @router.delete(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=[Permissions.ROLLOUT.DELETE])],
+    dependencies=[Security(validate_user_permissions, scopes=["rollout.delete"])],
 )
 async def rollouts_delete(_: Request, rollouts: RolloutsDeleteRequest) -> StatusResponse:
     await Rollout.filter(id__in=rollouts.ids).delete()
diff --git a/goosebit/ui/bff/software/routes.py b/goosebit/ui/bff/software/routes.py
index 4cab70f0..cfe65cb1 100644
--- a/goosebit/ui/bff/software/routes.py
+++ b/goosebit/ui/bff/software/routes.py
@@ -8,8 +8,6 @@
 from tortoise.expressions import Q
 
 from goosebit.auth import validate_user_permissions
-from goosebit.models import Software
-from goosebit.ui.bff.software.responses import BFFSoftwareResponse
 from goosebit.models import Rollout, Software
 from goosebit.settings import config
 from goosebit.updates import create_software_update
@@ -63,7 +61,7 @@ async def software_delete(_: Request, files: SoftwareDeleteRequest) -> StatusRes
 
 @router.post(
     "",
-    dependencies=[Security(validate_user_permissions, scopes=[Permissions.SOFTWARE.WRITE])],
+    dependencies=[Security(validate_user_permissions, scopes=["software.write"])],
 )
 async def post_update(
     request: Request,
@@ -87,6 +85,7 @@ async def post_update(
     else:
         # local file
         file = config.artifacts_dir.joinpath(filename)
+        config.artifacts_dir.mkdir(parents=True, exist_ok=True)
 
         temp_file = file.with_suffix(".tmp")
         if init: