diff --git a/framework/jobs/src/org/apache/cloudstack/framework/jobs/AsyncJobExecutionContext.java b/framework/jobs/src/org/apache/cloudstack/framework/jobs/AsyncJobExecutionContext.java
index 966e638e3e5..4343a4d60a5 100644
--- a/framework/jobs/src/org/apache/cloudstack/framework/jobs/AsyncJobExecutionContext.java
+++ b/framework/jobs/src/org/apache/cloudstack/framework/jobs/AsyncJobExecutionContext.java
@@ -29,6 +29,8 @@ import org.apache.cloudstack.managed.threadlocal.ManagedThreadLocal;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientCapacityException;
 import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+import com.cloud.user.User;
 
 public class AsyncJobExecutionContext  {
     private static final Logger s_logger = Logger.getLogger(AsyncJobExecutionContext.class);
@@ -167,10 +169,15 @@ public class AsyncJobExecutionContext  {
 	public static AsyncJobExecutionContext getCurrentExecutionContext() {
 		AsyncJobExecutionContext context = s_currentExectionContext.get();
         if (context == null) {
-            // TODO, this has security implicitions
+            // TODO, this has security implications, operations carried from API layer should always
+            // set its context, otherwise, the fall-back here will use system security context
+            //
             s_logger.warn("Job is executed without a context, setup psudo job for the executing thread");
-            context = registerPseudoExecutionContext(CallContext.current().getCallingAccountId(),
-                    CallContext.current().getCallingUserId());
+            if (CallContext.current() != null)
+                context = registerPseudoExecutionContext(CallContext.current().getCallingAccountId(),
+                        CallContext.current().getCallingUserId());
+            else
+                context = registerPseudoExecutionContext(Account.ACCOUNT_ID_SYSTEM, User.UID_SYSTEM);
         }
 		return context;
 	}