diff --git a/rhodecode/controllers/admin/users.py b/rhodecode/controllers/admin/users.py
--- a/rhodecode/controllers/admin/users.py
+++ b/rhodecode/controllers/admin/users.py
@@ -41,8 +41,8 @@ from rhodecode.lib.auth import LoginRequ
     AuthUser
 from rhodecode.lib.base import BaseController, render
 
-from rhodecode.model.db import User, UserEmailMap, UserIpMap
-from rhodecode.model.forms import UserForm
+from rhodecode.model.db import User, UserEmailMap, UserIpMap, UserToPerm
+from rhodecode.model.forms import UserForm, CustomDefaultPermissionsForm
 from rhodecode.model.user import UserModel
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
@@ -61,8 +61,6 @@ class UsersController(BaseController):
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
-        c.admin_user = session.get('admin_user')
-        c.admin_username = session.get('admin_username')
         super(UsersController, self).__before__()
         c.available_permissions = config['available_permissions']
 
@@ -70,7 +68,9 @@ class UsersController(BaseController):
         """GET /users: All items in the collection"""
         # url('users')
 
-        c.users_list = User.query().order_by(User.username).all()
+        c.users_list = User.query().order_by(User.username)\
+                        .filter(User.username != User.DEFAULT_USER)\
+                        .all()
 
         users_data = []
         total_records = len(c.users_list)
@@ -223,6 +223,7 @@ class UsersController(BaseController):
     def show(self, id, format='html'):
         """GET /users/id: Show a specific item"""
         # url('user', id=ID)
+        User.get_or_404(-1)
 
     def edit(self, id, format='html'):
         """GET /users/id/edit: Form to edit an existing item"""
@@ -241,12 +242,13 @@ class UsersController(BaseController):
                         .filter(UserEmailMap.user == c.user).all()
         c.user_ip_map = UserIpMap.query()\
                         .filter(UserIpMap.user == c.user).all()
-        user_model = UserModel()
+        umodel = UserModel()
         c.ldap_dn = c.user.ldap_dn
         defaults = c.user.get_dict()
         defaults.update({
-            'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
-            'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
+         'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),
+         'create_user_group_perm': umodel.has_perm(c.user, 'hg.usergroup.create.true'),
+         'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),
         })
 
         return htmlfill.render(
@@ -259,39 +261,36 @@ class UsersController(BaseController):
     def update_perm(self, id):
         """PUT /users_perm/id: Update an existing item"""
         # url('user_perm', id=ID, method='put')
-        usr = User.get_or_404(id)
-        grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
-        grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
-        inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
-
-        user_model = UserModel()
+        user = User.get_or_404(id)
 
         try:
-            usr.inherit_default_permissions = inherit_perms
-            Session().add(usr)
+            form = CustomDefaultPermissionsForm()()
+            form_result = form.to_python(request.POST)
+
+            inherit_perms = form_result['inherit_default_permissions']
+            user.inherit_default_permissions = inherit_perms
+            Session().add(user)
+            user_model = UserModel()
 
-            if grant_create_perm:
-                user_model.revoke_perm(usr, 'hg.create.none')
-                user_model.grant_perm(usr, 'hg.create.repository')
-                h.flash(_("Granted 'repository create' permission to user"),
-                        category='success')
+            defs = UserToPerm.query()\
+                .filter(UserToPerm.user == user)\
+                .all()
+            for ug in defs:
+                Session().delete(ug)
+
+            if form_result['create_repo_perm']:
+                user_model.grant_perm(id, 'hg.create.repository')
             else:
-                user_model.revoke_perm(usr, 'hg.create.repository')
-                user_model.grant_perm(usr, 'hg.create.none')
-                h.flash(_("Revoked 'repository create' permission to user"),
-                        category='success')
-
-            if grant_fork_perm:
-                user_model.revoke_perm(usr, 'hg.fork.none')
-                user_model.grant_perm(usr, 'hg.fork.repository')
-                h.flash(_("Granted 'repository fork' permission to user"),
-                        category='success')
+                user_model.grant_perm(id, 'hg.create.none')
+            if form_result['create_user_group_perm']:
+                user_model.grant_perm(id, 'hg.usergroup.create.true')
             else:
-                user_model.revoke_perm(usr, 'hg.fork.repository')
-                user_model.grant_perm(usr, 'hg.fork.none')
-                h.flash(_("Revoked 'repository fork' permission to user"),
-                        category='success')
-
+                user_model.grant_perm(id, 'hg.usergroup.create.false')
+            if form_result['fork_repo_perm']:
+                user_model.grant_perm(id, 'hg.fork.repository')
+            else:
+                user_model.grant_perm(id, 'hg.fork.none')
+            h.flash(_("Updated permissions"), category='success')
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())