diff --git a/core/server/models/user.js b/core/server/models/user.js
index c44ef85fb2..bdc7b180f1 100644
--- a/core/server/models/user.js
+++ b/core/server/models/user.js
@@ -466,6 +466,10 @@ User = ghostBookshelf.Model.extend({
         }
 
         if (action === 'edit') {
+            // Owner can only be editted by owner
+            if (userModel.hasRole('Owner')) {
+                hasUserPermission = _.any(loadedPermissions.user.roles, {name: 'Owner'});
+            }
             // Users with the role 'Editor' and 'Author' have complex permissions when the action === 'edit'
             // We now have all the info we need to construct the permissions
             if (_.any(loadedPermissions.user.roles, {name: 'Author'})) {
diff --git a/core/test/integration/api/api_users_spec.js b/core/test/integration/api/api_users_spec.js
index f4ff9d9366..c6526c8cd2 100644
--- a/core/test/integration/api/api_users_spec.js
+++ b/core/test/integration/api/api_users_spec.js
@@ -237,14 +237,10 @@ describe('Users API', function () {
                 }).catch(done);
         });
 
-        it('Admin can edit all users in all roles', function (done) {
-            UserAPI.edit({users: [{name: newName}]}, _.extend({}, context.admin, {id: userIdFor.owner}))
+        it('Admin can edit Admin, Editor and Author roles', function (done) {
+            UserAPI.edit({users: [{name: newName}]}, _.extend({}, context.admin, {id: userIdFor.admin}))
                 .then(function (response) {
                     checkEditResponse(response);
-
-                    return UserAPI.edit({users: [{name: newName}]}, _.extend({}, context.admin, {id: userIdFor.admin}));
-                }).then(function (response) {
-                    checkEditResponse(response);
                     return UserAPI.edit({users: [{name: newName}]}, _.extend({}, context.admin, {id: userIdFor.editor}));
                 }).then(function (response) {
                     checkEditResponse(response);
@@ -257,14 +253,20 @@ describe('Users API', function () {
                 }).catch(done);
         });
 
-        it('Admin can edit all users in all roles with roles in payload', function (done) {
-            UserAPI.edit({users: [{name: newName, roles: [roleIdFor.owner]}]}, _.extend({}, context.admin, {id: userIdFor.owner}))
-                .then(function (response) {
+        it('Admin CANNOT edit Owner role', function (done) {
+            UserAPI.edit({users: [{name: newName}]}, _.extend({}, context.admin, {id: userIdFor.owner}))
+                .then(function () {
+                    done(new Error('Admin should not be able to edit owner account'));
+                }).catch(function (error) {
+                    error.errorType.should.eql('NoPermissionError');
+                    done();
+                });
+        });
+
+        it('Admin can edit Admin, Editor and Author roles with roles in payload', function (done) {
+            UserAPI.edit({users: [{name: newName, roles: [roleIdFor.admin]}]}, _.extend({}, context.admin, {id: userIdFor.admin})).then(function (response) {
                     checkEditResponse(response);
 
-                    return UserAPI.edit({users: [{name: newName, roles: [roleIdFor.admin]}]}, _.extend({}, context.admin, {id: userIdFor.admin}));
-                }).then(function (response) {
-                    checkEditResponse(response);
                     return UserAPI.edit({users: [{name: newName, roles: [roleIdFor.editor]}]}, _.extend({}, context.admin, {id: userIdFor.editor}));
                 }).then(function (response) {
                     checkEditResponse(response);