diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php
index f2a2752196..68f669a48d 100755
--- a/app/Http/Controllers/UsersController.php
+++ b/app/Http/Controllers/UsersController.php
@@ -125,7 +125,16 @@ class UsersController extends Controller
         $user->company_id = e(Company::getIdForUser($request->input('company_id')));
         $user->manager_id = e($request->input('manager_id'));
         $user->notes = e($request->input('notes'));
-        $user->permissions = json_encode($request->input('permission'));
+
+        // Strip out the superuser permission if the user isn't a superadmin
+        $permissions_array = $request->input('permission');
+
+        if (!Auth::user()->isSuperUser()) {
+            unset($permissions_array['superuser']);
+        }
+
+        $user->permissions =  json_encode($permissions_array);
+
 
 
         if ($user->manager_id == "") {
@@ -357,7 +366,7 @@ class UsersController extends Controller
         }
 
         $user->permissions =  json_encode($permissions_array);
-        
+
         if ($user->manager_id == "") {
             $user->manager_id = null;
         }