diff --git a/application/controllers/UserController.php b/application/controllers/UserController.php
index ac0afc9a0..cff627b6b 100644
--- a/application/controllers/UserController.php
+++ b/application/controllers/UserController.php
@@ -175,6 +175,7 @@ class UserController extends AuthBackendController
      */
     public function editAction()
     {
+        $this->assertPermission('config/application/users/edit');
         $userName = $this->params->getRequired('user');
         $backend = $this->getUserBackend($this->params->getRequired('backend'), 'Icinga\Data\Updatable');
 
diff --git a/application/views/scripts/user/show.phtml b/application/views/scripts/user/show.phtml
index 1049a426a..4db1b0635 100644
--- a/application/views/scripts/user/show.phtml
+++ b/application/views/scripts/user/show.phtml
@@ -4,7 +4,7 @@ use Icinga\Data\Updatable;
 use Icinga\Data\Reducible;
 
 $editLink = null;
-if ($backend instanceof Updatable) {
+if ($this->hasPermission('config/application/users/edit') && $backend instanceof Updatable) {
     $editLink = $this->qlink(
         null,
         'user/edit',