diff --git a/application/controllers/UserController.php b/application/controllers/UserController.php
index cff627b6b..f2c2ba2d4 100644
--- a/application/controllers/UserController.php
+++ b/application/controllers/UserController.php
@@ -198,6 +198,7 @@ class UserController extends AuthBackendController
      */
     public function removeAction()
     {
+        $this->assertPermission('config/application/users/remove');
         $userName = $this->params->getRequired('user');
         $backend = $this->getUserBackend($this->params->getRequired('backend'), 'Icinga\Data\Reducible');
 
diff --git a/application/views/scripts/user/list.phtml b/application/views/scripts/user/list.phtml
index a6ba5f601..51c0eb7b7 100644
--- a/application/views/scripts/user/list.phtml
+++ b/application/views/scripts/user/list.phtml
@@ -22,8 +22,8 @@ if ($backend === null) {
     echo $this->translate('No backend found which is able to list users') . '</div>';
     return;
 } else {
-    $reducible = $backend instanceof Reducible;
     $extensible = $this->hasPermission('config/application/users/add') && $backend instanceof Extensible;
+    $reducible = $this->hasPermission('config/application/users/remove') && $backend instanceof Reducible;
 }
 
 if (count($users) > 0): ?>