diff --git a/data-dashboard-backend/dashboard.yml b/data-dashboard-backend/dashboard.yml
index bdd91fc..84b0d99 100644
--- a/data-dashboard-backend/dashboard.yml
+++ b/data-dashboard-backend/dashboard.yml
@@ -11,4 +11,7 @@ database:
   password: radarbase
   dialect: org.hibernate.dialect.PostgreSQLDialect
   liquibase:
-    contexts: [dev]
+    contexts: [prod]
+  properties:
+    hibernate.globally_quoted_identifiers: true
+    hibernate.physical_naming_strategy: org.radarbase.datadashboard.api.domain.model.CamelCaseToUppercaseColumnNamingStrategy
diff --git a/data-dashboard-backend/dev/dashboard.yml b/data-dashboard-backend/dev/dashboard.yml
index c2e0cc5..7ed44ec 100644
--- a/data-dashboard-backend/dev/dashboard.yml
+++ b/data-dashboard-backend/dev/dashboard.yml
@@ -17,3 +17,6 @@ database:
   dialect: org.hibernate.dialect.PostgreSQLDialect
   liquibase:
     contexts: [dev]
+  properties:
+    hibernate.globally_quoted_identifiers: true
+    hibernate.physical_naming_strategy: org.radarbase.datadashboard.api.domain.model.CamelCaseToUppercaseColumnNamingStrategy
diff --git a/data-dashboard-backend/src/main/java/org/radarbase/datadashboard/api/domain/model/CamelCaseToUppercaseColumnNamingStrategy.java b/data-dashboard-backend/src/main/java/org/radarbase/datadashboard/api/domain/model/CamelCaseToUppercaseColumnNamingStrategy.java
new file mode 100644
index 0000000..fbe64a3
--- /dev/null
+++ b/data-dashboard-backend/src/main/java/org/radarbase/datadashboard/api/domain/model/CamelCaseToUppercaseColumnNamingStrategy.java
@@ -0,0 +1,40 @@
+/*
+ *
+ *  *  Copyright 2024 The Hyve
+ *  *
+ *  *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  *  you may not use this file except in compliance with the License.
+ *  *  You may obtain a copy of the License at
+ *  *
+ *  *    http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  *  Unless required by applicable law or agreed to in writing, software
+ *  *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  *  See the License for the specific language governing permissions and
+ *  *  limitations under the License.
+ *
+ */
+
+package org.radarbase.datadashboard.api.domain.model;
+
+import org.hibernate.boot.model.naming.CamelCaseToUnderscoresNamingStrategy;
+import org.hibernate.boot.model.naming.Identifier;
+import org.hibernate.engine.jdbc.env.spi.JdbcEnvironment;
+
+public class CamelCaseToUppercaseColumnNamingStrategy extends CamelCaseToUnderscoresNamingStrategy {
+
+    private Identifier adjustName(final Identifier name) {
+        if (name == null) {
+            return null;
+        }
+        final String adjustedName = name.getText().toUpperCase();
+        return new Identifier(adjustedName, true);
+    }
+
+    @Override
+    public Identifier toPhysicalColumnName(final Identifier name, final JdbcEnvironment context) {
+        return adjustName(super.toPhysicalColumnName(name, context));
+    }
+
+}
diff --git a/data-dashboard-backend/src/main/java/org/radarbase/datadashboard/api/resource/ObservationResource.kt b/data-dashboard-backend/src/main/java/org/radarbase/datadashboard/api/resource/ObservationResource.kt
index 61bfb43..04574fc 100644
--- a/data-dashboard-backend/src/main/java/org/radarbase/datadashboard/api/resource/ObservationResource.kt
+++ b/data-dashboard-backend/src/main/java/org/radarbase/datadashboard/api/resource/ObservationResource.kt
@@ -32,7 +32,6 @@ import org.radarbase.datadashboard.api.api.ObservationListDto
 import org.radarbase.datadashboard.api.service.ObservationService
 import org.radarbase.jersey.auth.Authenticated
 import org.radarbase.jersey.auth.NeedsPermission
-import org.radarbase.jersey.auth.filter.RadarSecurityContext
 import org.slf4j.LoggerFactory
 
 @Path("project/{projectId}/subject/{subjectId}/topic/{topicId}")
@@ -46,19 +45,14 @@ class ObservationResource(
 ) {
     @GET
     @Path("observations")
+//    @NeedsPermission(Permission.MEASUREMENT_READ, "projectId", "subjectId")
     @NeedsPermission(Permission.MEASUREMENT_READ)
     fun getObservations(
         @PathParam("projectId") projectId: String,
         @PathParam("subjectId") subjectId: String,
         @PathParam("topicId") topicId: String,
     ): ObservationListDto {
-        if (request.securityContext != null && request.securityContext is RadarSecurityContext) {
-            val userName = (request.securityContext as RadarSecurityContext).auth.token.username
-            log.info("User $userName is accessing observations for $subjectId")
-            if (!subjectId.equals(userName)) throw NotFoundException("Subjects can only request their own observations.")
-            return observationService.getObservations(projectId = projectId, subjectId = subjectId, topicId = topicId)
-        }
-        return ObservationListDto(emptyList())
+        return observationService.getObservations(projectId = projectId, subjectId = subjectId, topicId = topicId)
     }
 
     companion object {