diff --git a/lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java b/lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java
index c92269bd4..996b4da41 100644
--- a/lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/WorkbasketService.java
@@ -216,11 +216,13 @@ public interface WorkbasketService {
     Workbasket newWorkbasket(String key, String domain);
 
     /**
-     * Returns a set with all permissions of the current user at this workbasket.
+     * Returns a set with all permissions of the current user at this workbasket.<br>
+     * If the workbasketId is invalid, an empty list of permissions is returned since there is no distinction made
+     * between the situation that the workbasket is not found and the caller has no permissions on the workbasket.
      *
      * @param workbasketId
      *            the id of the referenced workbasket
-     * @return a Set with all permissions
+     * @return a {@link List} with all {@link WorkbasketPermission}s of the caller on the requested workbasket.
      */
     List<WorkbasketPermission> getPermissionsForWorkbasket(String workbasketId);
 
diff --git a/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java b/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java
index e00d1234d..1ae7a9e5f 100644
--- a/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java
+++ b/lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketServiceImpl.java
@@ -4,6 +4,7 @@ import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -411,8 +412,11 @@ public class WorkbasketServiceImpl implements WorkbasketService {
         List<WorkbasketPermission> permissions = new ArrayList<>();
         WorkbasketAccessItem wbAcc = workbasketAccessMapper.findByWorkbasketAndAccessId(workbasketId,
             CurrentUserContext.getAccessIds());
-        this.addWorkbasketAccessItemValuesToPermissionSet(wbAcc, permissions);
+        if (wbAcc != null) {
+            this.addWorkbasketAccessItemValuesToPermissionSet(wbAcc, permissions);
+        }
         return permissions;
+
     }
 
     @Override
diff --git a/lib/taskana-core/src/test/java/acceptance/workbasket/GetWorkbasketAccTest.java b/lib/taskana-core/src/test/java/acceptance/workbasket/GetWorkbasketAccTest.java
index 5292e5865..0b46d62a6 100644
--- a/lib/taskana-core/src/test/java/acceptance/workbasket/GetWorkbasketAccTest.java
+++ b/lib/taskana-core/src/test/java/acceptance/workbasket/GetWorkbasketAccTest.java
@@ -1,7 +1,7 @@
 package acceptance.workbasket;
 
-import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
 
 import java.util.List;
 
@@ -56,8 +56,8 @@ public class GetWorkbasketAccTest extends AbstractAccTest {
     }
 
     @WithAccessId(
-            userName = "user_1_1",
-            groupNames = {"group_1"})
+        userName = "user_1_1",
+        groupNames = {"group_1"})
     @Test
     public void testGetWorkbasketByKeyAndDomain()
         throws NotAuthorizedException, WorkbasketNotFoundException {
@@ -96,6 +96,18 @@ public class GetWorkbasketAccTest extends AbstractAccTest {
         assertTrue(permissions.contains(WorkbasketPermission.APPEND));
     }
 
+    @WithAccessId(
+        userName = "user_1_1",
+        groupNames = {"group_1"})
+    @Test
+    public void testGetWorkbasketPermissionsForInvalidWorkbasketId() {
+        WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
+        List<WorkbasketPermission> permissions = workbasketService
+            .getPermissionsForWorkbasket("WBI:invalid");
+
+        assertEquals(0, permissions.size());
+    }
+
     @WithAccessId(
         userName = "user_1_1",
         groupNames = {"group_1"})
@@ -104,7 +116,8 @@ public class GetWorkbasketAccTest extends AbstractAccTest {
         throws NotAuthorizedException, WorkbasketNotFoundException {
         WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
 
-        WorkbasketSummary workbasketSummary = workbasketService.getWorkbasket("WBI:100000000000000000000000000000000007").asSummary();
+        WorkbasketSummary workbasketSummary = workbasketService
+            .getWorkbasket("WBI:100000000000000000000000000000000007").asSummary();
 
         assertEquals("DOMAIN_A", workbasketSummary.getDomain());
         assertEquals("PPK User 2 KSC 1", workbasketSummary.getDescription());
@@ -127,7 +140,7 @@ public class GetWorkbasketAccTest extends AbstractAccTest {
 
     @Test(expected = WorkbasketNotFoundException.class)
     public void testThrowsExceptionIfKeyOrDomainIsInvalid()
-            throws NotAuthorizedException, WorkbasketNotFoundException {
+        throws NotAuthorizedException, WorkbasketNotFoundException {
         WorkbasketService workbasketService = taskanaEngine.getWorkbasketService();
         workbasketService.getWorkbasket("INVALID_KEY", "INVALID_DOMAIN");
     }