diff --git a/pandora_console/godmode/massive/massive_add_profiles.php b/pandora_console/godmode/massive/massive_add_profiles.php
index da97d96d76..9e84c44b71 100644
--- a/pandora_console/godmode/massive/massive_add_profiles.php
+++ b/pandora_console/godmode/massive/massive_add_profiles.php
@@ -64,6 +64,40 @@ require_once $config['homedir'].'/include/functions_users.php';
 
 $create_profiles = (int) get_parameter('create_profiles');
 
+// Get users and groups user can manage to check and for selectors.
+$group_um = users_get_groups_UM($config['id_user']);
+
+$users_profiles = '';
+$users_order = [
+    'field' => 'id_user',
+    'order' => 'ASC',
+];
+
+$info_users = [];
+// Is admin.
+if (users_is_admin()) {
+    $info_users = users_get_info($users_order, 'id_user');
+    // has PM permission.
+} else if (check_acl($config['id_user'], 0, 'PM')) {
+    $info_users = users_get_info($users_order, 'id_user');
+    foreach ($info_users as $id_user => $value) {
+        if (users_is_admin($id_user)) {
+            unset($info_users[$value]);
+        }
+    }
+} else {
+    $info = [];
+    foreach ($group_um as $group => $value) {
+        $info = array_merge($info, users_get_users_by_group($group, $value));
+    }
+
+    foreach ($info as $key => $value) {
+        if (!$value['is_admin']) {
+            $info_users[$key] = $value['id_user'];
+        }
+    }
+}
+
 if ($create_profiles) {
     $profiles_id = get_parameter('profiles_id', -1);
     $groups_id = get_parameter('groups_id', -1);
@@ -74,8 +108,42 @@ if ($create_profiles) {
         $result = false;
     } else {
         foreach ($profiles_id as $profile) {
+             // Check profiles permissions for non admin user.
+            if (is_user_admin($config['user_id']) === false) {
+                $user_profiles = profile_get_profiles(
+                    [
+                        'pandora_management' => '<> 1',
+                        'db_management'      => '<> 1',
+                    ]
+                );
+
+                if (array_search((int) $profile, array_keys($user_profiles)) === false) {
+                    db_pandora_audit(
+                        AUDIT_LOG_ACL_VIOLATION,
+                        'Trying to add administrator profile whith standar user for user '.io_safe_input($user)
+                    );
+                    exit;
+                }
+            }
+
             foreach ($groups_id as $group) {
+                if (check_acl($config['id_user'], $group, 'UM') === false) {
+                    db_pandora_audit(
+                        AUDIT_LOG_ACL_VIOLATION,
+                        'Trying to add profile group without permission for user '.io_safe_input($user)
+                    );
+                    exit;
+                }
+
                 foreach ($users_id as $user) {
+                    if (array_search($user, $info_users) === false) {
+                        db_pandora_audit(
+                            AUDIT_LOG_ACL_VIOLATION,
+                            'Trying to edit user without permission for user '.io_safe_input($user)
+                        );
+                        exit;
+                    }
+
                     $profile_data = db_get_row_filter('tusuario_perfil', ['id_usuario' => $user, 'id_perfil' => $profile, 'id_grupo' => $group]);
                     // If the profile doesnt exist, we create it
                     if ($profile_data === false) {
@@ -142,7 +210,6 @@ $table->size[2] = '33%';
 $data = [];
 $data[0] = '<form method="post" id="form_profiles" action="index.php?sec=gmassive&sec2=godmode/massive/massive_operations&tab=massive_users&option=add_profiles">';
 
-$group_um = users_get_groups_UM($config['id_user']);
 
 $display_all_group = true;
 if (check_acl($config['id_user'], 0, 'PM')) {
@@ -205,36 +272,6 @@ $data[1] = html_print_select_groups(
 $data[2] = '<span id="alerts_loading" class="invisible">';
 $data[2] .= html_print_image('images/spinner.png', true);
 $data[2] .= '</span>';
-$users_profiles = '';
-$users_order = [
-    'field' => 'id_user',
-    'order' => 'ASC',
-];
-
-$info_users = [];
-// Is admin.
-if (users_is_admin()) {
-    $info_users = users_get_info($users_order, 'id_user');
-    // has PM permission.
-} else if (check_acl($config['id_user'], 0, 'PM')) {
-    $info_users = users_get_info($users_order, 'id_user');
-    foreach ($info_users as $id_user => $value) {
-        if (users_is_admin($id_user)) {
-            unset($info_users[$value]);
-        }
-    }
-} else {
-    $info = [];
-    foreach ($group_um as $group => $value) {
-        $info = array_merge($info, users_get_users_by_group($group, $value));
-    }
-
-    foreach ($info as $key => $value) {
-        if (!$value['is_admin']) {
-            $info_users[$key] = $value['id_user'];
-        }
-    }
-}
 
 $data[2] .= html_print_select(
     $info_users,
diff --git a/pandora_console/include/functions_groups.php b/pandora_console/include/functions_groups.php
index 9dc757d1e6..58f178b770 100644
--- a/pandora_console/include/functions_groups.php
+++ b/pandora_console/include/functions_groups.php
@@ -567,6 +567,10 @@ function groups_get_groups_tree_recursive($groups, $trash=0, $trash2=0)
 
     $tree = $groups;
     foreach ($groups as $key => $group) {
+        if ($group === 'None') {
+            continue;
+        }
+
         if ($group['id_grupo'] == 0) {
             continue;
         }