diff --git a/lms.group.permissions.yml b/lms.group.permissions.yml
new file mode 100644
index 0000000000000000000000000000000000000000..6e2d98b5ea319ffccceb01b238d733e8ba6289b8
--- /dev/null
+++ b/lms.group.permissions.yml
@@ -0,0 +1,3 @@
+add students:
+  title: 'Add students'
+  description: 'Add students to child classes. Effective only in LMS Courses.'
diff --git a/lms.post_update.php b/lms.post_update.php
index dfac7f623675edc1a6ab35caffc1ad9cd101b4be..1737f3afbb7e04aded57a17854cfb21e34d447fd 100644
--- a/lms.post_update.php
+++ b/lms.post_update.php
@@ -41,3 +41,20 @@ function lms_post_update_set_statuses(array &$sandbox): void {
   $sandbox['progress']++;
   $sandbox['#finished'] = $sandbox['progress'] / $sandbox['total'];
 }
+
+/**
+ * BC - Add add students permission to all member course group roles.
+ */
+function lms_post_update_add_students_permission(): void {
+  $roles = \Drupal::entityTypeManager()->getStorage('group_role')->loadByProperties([
+    'group_type' => 'lms_course',
+    'scope' => ['insider', 'individual'],
+  ]);
+  /** @var Drupal\group\Entity\GroupRoleInterface $role */
+  foreach ($roles as $role) {
+    if ($role->hasPermission('add students')) {
+      continue;
+    }
+    $role->grantPermission('add students')->save();
+  }
+}
diff --git a/src/Access/ClassPermissionCalculator.php b/src/Access/ClassPermissionCalculator.php
index 0e0b165125e88074b638760b67ff96131d2d232b..57ca2dba8b0907e65a22049c7bc8a8b76272b545 100644
--- a/src/Access/ClassPermissionCalculator.php
+++ b/src/Access/ClassPermissionCalculator.php
@@ -9,6 +9,7 @@ use Drupal\Core\Session\AccountInterface;
 use Drupal\flexible_permissions\CalculatedPermissionsItem;
 use Drupal\flexible_permissions\PermissionCalculatorBase;
 use Drupal\flexible_permissions\RefinableCalculatedPermissionsInterface;
+use Drupal\group\Entity\GroupMembershipInterface;
 use Drupal\group\Entity\GroupRelationshipInterface;
 use Drupal\group\PermissionScopeInterface;
 use Drupal\lms\Entity\Bundle\Course;
@@ -51,9 +52,18 @@ final class ClassPermissionCalculator extends PermissionCalculatorBase {
     foreach ($memberships as $membership) {
       $calculated_permissions->addCacheableDependency($membership);
 
-      \assert($membership instanceof GroupRelationshipInterface);
+      \assert($membership instanceof GroupMembershipInterface);
       $course = $membership->getGroup();
       \assert($course instanceof Course);
+
+      $class_permissions = ['view group'];
+      foreach ($membership->getRoles(TRUE) as $role) {
+        $calculated_permissions->addCacheableDependency($role);
+        if ($role->hasPermission('add students')) {
+          $class_permissions[] = 'administer members';
+        }
+      }
+
       foreach ($course->getClasses() as $class) {
         $class_id = $class->id();
         if (\array_key_exists($class_id, $class_ids)) {
@@ -64,10 +74,7 @@ final class ClassPermissionCalculator extends PermissionCalculatorBase {
         $calculated_permissions->addItem(new CalculatedPermissionsItem(
           $scope,
           $class_id,
-          [
-            'administer members',
-            'view group',
-          ],
+          $class_permissions,
           FALSE,
         ));
       }
@@ -83,7 +90,7 @@ final class ClassPermissionCalculator extends PermissionCalculatorBase {
     $courses = [];
 
     foreach ($memberships as $membership) {
-      \assert($membership instanceof GroupRelationshipInterface);
+      \assert($membership instanceof GroupMembershipInterface);
       $course_relationships = $this->entityTypeManager->getStorage('group_relationship')->loadByProperties([
         'plugin_id' => 'lms_classes',
         'entity_id' => $membership->getGroupId(),