diff --git a/pkg/proxy/service/cluster_service.go b/pkg/proxy/service/cluster_service.go
index 586afb0a..29892b63 100644
--- a/pkg/proxy/service/cluster_service.go
+++ b/pkg/proxy/service/cluster_service.go
@@ -53,7 +53,7 @@ func (s *ServiceImpl) GetClusterAccess(userID, username, workspace, proxyPluginN
 // getSpaceAccess retrieves space access for an user
 func (s *ServiceImpl) getSpaceAccess(userID, username, workspace, proxyPluginName string, publicViewerEnabled bool) (*access.ClusterAccess, error) {
 	// retrieve the user's complaint name
-	userName, err := s.getUserSignupComplaintName(userID, username, publicViewerEnabled)
+	complaintUserName, err := s.getUserSignupComplaintName(userID, username, publicViewerEnabled)
 	if err != nil {
 		return nil, err
 	}
@@ -66,12 +66,12 @@ func (s *ServiceImpl) getSpaceAccess(userID, username, workspace, proxyPluginNam
 		return nil, fmt.Errorf("the requested space is not available")
 	}
 
-	return s.accessForSpace(space, userName, proxyPluginName)
+	return s.accessForSpace(space, complaintUserName, proxyPluginName)
 }
 
 func (s *ServiceImpl) getUserSignupComplaintName(userID, username string, publicViewerEnabled bool) (string, error) {
 	// if PublicViewer is enabled and the requested user is the PublicViewer, than no lookup is required
-	if publicViewerEnabled && username == userID && userID == toolchainv1alpha1.KubesawAuthenticatedUsername {
+	if publicViewerEnabled && username == toolchainv1alpha1.KubesawAuthenticatedUsername {
 		return username, nil
 	}
 
diff --git a/pkg/proxy/service/cluster_service_test.go b/pkg/proxy/service/cluster_service_test.go
index 39ff8473..e818da0c 100644
--- a/pkg/proxy/service/cluster_service_test.go
+++ b/pkg/proxy/service/cluster_service_test.go
@@ -448,9 +448,18 @@ func (s *TestClusterServiceSuite) TestGetClusterAccess() {
 		})
 	}
 
-	// public-viewer enabled
+	// public-viewer specific tests
 	s.Run("user is public-viewer", func() {
-		s.Run("always get space", func() {
+		s.Run("has no default workspace", func() {
+			// when
+			ca, err := svc.GetClusterAccess("", toolchainv1alpha1.KubesawAuthenticatedUsername, "", "", true)
+
+			// then
+			require.EqualError(s.T(), err, "user is not provisioned (yet)")
+			require.Nil(s.T(), ca)
+		})
+
+		s.Run("get workspace by name", func() {
 			svc := service.NewMemberClusterService(
 				fake.MemberClusterServiceContext{
 					Client: s,
@@ -462,16 +471,47 @@ func (s *TestClusterServiceSuite) TestGetClusterAccess() {
 					}
 				},
 			)
-			_, err := svc.GetClusterAccess(toolchainv1alpha1.KubesawAuthenticatedUsername, toolchainv1alpha1.KubesawAuthenticatedUsername, "smith2", "", true)
-			require.NoError(s.T(), err)
-		})
 
-		s.Run("has no default workspace", func() {
-			// when
-			_, err := svc.GetClusterAccess(toolchainv1alpha1.KubesawAuthenticatedUsername, toolchainv1alpha1.KubesawAuthenticatedUsername, "", "", true)
+			s.Run("public-viewer is disabled", func() {
+				// when
+				ca, err := svc.GetClusterAccess("", toolchainv1alpha1.KubesawAuthenticatedUsername, "smith2", "", false)
 
-			// then
-			require.EqualError(s.T(), err, "user is not provisioned (yet)")
+				// then
+				require.EqualError(s.T(), err, "user is not provisioned (yet)")
+				require.Nil(s.T(), ca)
+			})
+
+			s.Run("ready space", func() {
+				//given
+				expectedURL, err := url.Parse("https://api.endpoint.member-2.com:6443")
+				require.NoError(s.T(), err)
+				expectedClusterAccess := access.NewClusterAccess(*expectedURL, "token", toolchainv1alpha1.KubesawAuthenticatedUsername)
+
+				// when
+				clusterAccess, err := svc.GetClusterAccess("", toolchainv1alpha1.KubesawAuthenticatedUsername, "smith2", "", true)
+
+				// then
+				require.NoError(s.T(), err)
+				require.Equal(s.T(), expectedClusterAccess, clusterAccess)
+			})
+
+			s.Run("not-available space", func() {
+				// when
+				clusterAccess, err := svc.GetClusterAccess("", toolchainv1alpha1.KubesawAuthenticatedUsername, "456-not-ready", "", true)
+
+				// then
+				require.EqualError(s.T(), err, "the requested space is not available")
+				require.Nil(s.T(), clusterAccess)
+			})
+
+			s.Run("ready space with unknown cluster", func() {
+				// when
+				clusterAccess, err := svc.GetClusterAccess("", toolchainv1alpha1.KubesawAuthenticatedUsername, "012-ready-unknown-cluster", "", true)
+
+				// then
+				require.EqualError(s.T(), err, "the requested space is not available")
+				require.Nil(s.T(), clusterAccess)
+			})
 		})
 	})
 }