diff --git a/pkg/admission/teamrole_webhook.go b/pkg/admission/teamrole_webhook.go
index 0da94ef4c..f17bae633 100644
--- a/pkg/admission/teamrole_webhook.go
+++ b/pkg/admission/teamrole_webhook.go
@@ -19,6 +19,8 @@ import (
 	greenhousev1alpha1 "github.com/cloudoperators/greenhouse/pkg/apis/greenhouse/v1alpha1"
 )
 
+const errAggregationRuleAndRulesExclusive = ".spec.rules and .spec.aggregationRule are mutually exclusive"
+
 // Webhook for the Role custom resource.
 
 func SetupTeamRoleWebhookWithManager(mgr ctrl.Manager) error {
@@ -105,7 +107,7 @@ func isRoleReferenced(ctx context.Context, c client.Client, r *greenhousev1alpha
 // Returning the error in case both are defined will prevent unexpected behavior by the User.
 func isRulesAndAggregationRuleExclusive(role *greenhousev1alpha1.TeamRole) error {
 	if len(role.Spec.Rules) != 0 && role.Spec.AggregationRule != nil {
-		return apierrors.NewBadRequest("aggregationRules and rules are mutually exclusive")
+		return apierrors.NewBadRequest(errAggregationRuleAndRulesExclusive)
 	}
 	return nil
 }
diff --git a/pkg/admission/teamrole_webhook_test.go b/pkg/admission/teamrole_webhook_test.go
index ee70d9c15..66633e4ea 100644
--- a/pkg/admission/teamrole_webhook_test.go
+++ b/pkg/admission/teamrole_webhook_test.go
@@ -67,6 +67,7 @@ var _ = Describe("Validate Role Admission", func() {
 
 		err := test.K8sClient.Create(test.Ctx, teamRole)
 		Expect(err).To(HaveOccurred(), "there should be an error creating the role with both rules and aggregation rule set")
+		Expect(err.Error()).To(ContainSubstring(errAggregationRuleAndRulesExclusive), "unexpected error message")
 	})
 
 	It("should not allow to add Rules to a TeamRole with AggregationRule set", func() {
diff --git a/pkg/controllers/teamrbac/teamrolebinding_controller_test.go b/pkg/controllers/teamrbac/teamrolebinding_controller_test.go
index 3d3e2ba2d..f5952cb6e 100644
--- a/pkg/controllers/teamrbac/teamrolebinding_controller_test.go
+++ b/pkg/controllers/teamrbac/teamrolebinding_controller_test.go
@@ -555,6 +555,8 @@ var _ = Describe("Validate ClusterRole & RoleBinding on Remote Cluster", Ordered
 			aggregateClusterRoleName := types.NamespacedName{Name: trAggregate.GetRBACName()}
 			Eventually(func(g Gomega) bool {
 				g.Expect(clusterAKubeClient.Get(test.Ctx, aggregateClusterRoleName, aggregateClusterRole)).To(Succeed(), "there should be no error getting the ClusterRole from the Remote Cluster")
+				// The dev-env does not start the Kubernetes ControllerManager, thus the ClusterRoles are not reconciled and we can only check that it was
+				// created with the correct AggregationRule.
 				g.Expect(aggregateClusterRole.AggregationRule).To(Equal(trAggregate.Spec.AggregationRule), "the Aggregate ClusterRole should have the same AggregationRule as the Base ClusterRole")
 				return true
 			}).Should(BeTrue(), "the ClusterRole should exists and have the correct rules")