diff --git a/modules/user.module b/modules/user.module
index 72564c5e82832dc2f3931fd6694cdefc38431274..af603cd75b77bc9ac7f5a8177e4ee6e818b6b0ae 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -1154,8 +1154,10 @@ function user_edit_form($uid, $edit) {
   $form['account']['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#default_value' => $edit['name'], '#maxlength' => 55, '#description' => t('Your full name or your preferred username: only letters, numbers and spaces are allowed.'), '#required' => TRUE);
   $form['account']['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#default_value' => $edit['mail'], '#maxlength' => 55, '#description' => t('Insert a valid e-mail address.  All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'), '#required' => TRUE);
   $form['account']['pass'] = array('#type' => 'item', '#title' => t('Password'), '#value' => '<input type="password" class="form-password" name="edit[pass1]" size="12" maxlength="24" /> <input type="password" class="form-password" name="edit[pass2]" size="12" maxlength="24" />', '#required' => true);
-  if (user_access('administer access control')) {
+  if (user_access('administer users')) {
     $form['account']['status'] = array('#type' => 'radios', '#title' => t('Status'), '#default_value' => $edit['status'], '#options' => array(t('Blocked'), t('Active')));
+  }
+  if (user_access('administer access control')) {
     $form['account']['roles'] = array('#type' => 'checkboxes', '#title' => t('Roles'), '#default_value' => array_keys($edit['roles']), '#options' => user_roles(1), '#description' => t('Select at least one role.  The user receives the combined permissions of all of the selected roles.'), '#required' => TRUE);
   }
 
@@ -1244,7 +1246,8 @@ function user_edit($category = 'account') {
 
     if (!form_get_errors()) {
       // Validate input to ensure that non-privileged users can't alter protected data.
-      if (!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session'))) {
+      if ((!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'init', 'session'))) ||
+          (!user_access('administer access control') && isset($edit['roles']))) {
         watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
       }
       else {
diff --git a/modules/user/user.module b/modules/user/user.module
index 72564c5e82832dc2f3931fd6694cdefc38431274..af603cd75b77bc9ac7f5a8177e4ee6e818b6b0ae 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1154,8 +1154,10 @@ function user_edit_form($uid, $edit) {
   $form['account']['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#default_value' => $edit['name'], '#maxlength' => 55, '#description' => t('Your full name or your preferred username: only letters, numbers and spaces are allowed.'), '#required' => TRUE);
   $form['account']['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#default_value' => $edit['mail'], '#maxlength' => 55, '#description' => t('Insert a valid e-mail address.  All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'), '#required' => TRUE);
   $form['account']['pass'] = array('#type' => 'item', '#title' => t('Password'), '#value' => '<input type="password" class="form-password" name="edit[pass1]" size="12" maxlength="24" /> <input type="password" class="form-password" name="edit[pass2]" size="12" maxlength="24" />', '#required' => true);
-  if (user_access('administer access control')) {
+  if (user_access('administer users')) {
     $form['account']['status'] = array('#type' => 'radios', '#title' => t('Status'), '#default_value' => $edit['status'], '#options' => array(t('Blocked'), t('Active')));
+  }
+  if (user_access('administer access control')) {
     $form['account']['roles'] = array('#type' => 'checkboxes', '#title' => t('Roles'), '#default_value' => array_keys($edit['roles']), '#options' => user_roles(1), '#description' => t('Select at least one role.  The user receives the combined permissions of all of the selected roles.'), '#required' => TRUE);
   }
 
@@ -1244,7 +1246,8 @@ function user_edit($category = 'account') {
 
     if (!form_get_errors()) {
       // Validate input to ensure that non-privileged users can't alter protected data.
-      if (!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session'))) {
+      if ((!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'init', 'session'))) ||
+          (!user_access('administer access control') && isset($edit['roles']))) {
         watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
       }
       else {