diff --git a/pandora/config.0xdb.jsonc b/pandora/config.0xdb.jsonc
index 072ce8ac..b1ee518c 100644
--- a/pandora/config.0xdb.jsonc
+++ b/pandora/config.0xdb.jsonc
@@ -32,6 +32,7 @@
         "canEditMedia": {"staff": true, "admin": true},
         "canEditMetadata": {"staff": true, "admin": true},
         "canEditPlaces": {"staff": true, "admin": true},
+        "canEditRightsLevel": {"staff": true, "admin": true},
         "canEditSitePages": {"staff": true, "admin": true},
         "canEditUsers": {"admin": true},
         "canImportAnnotations": {},
diff --git a/pandora/config.indiancinema.jsonc b/pandora/config.indiancinema.jsonc
index a2b64e06..f04949a8 100644
--- a/pandora/config.indiancinema.jsonc
+++ b/pandora/config.indiancinema.jsonc
@@ -33,6 +33,7 @@
         "canEditMedia": {"researcher": true, "staff": true, "admin": true},
         "canEditMetadata": {"researcher": true, "staff": true, "admin": true},
         "canEditPlaces": {"researcher": true, "staff": true, "admin": true},
+        "canEditRightsLevel": {"researcher": true, "staff": true, "admin": true},
         "canEditSitePages": {"staff": true, "admin": true},
         "canEditUsers": {"staff": true, "admin": true},
         "canImportAnnotations": {"researcher": true, "staff": true, "admin": true},
diff --git a/pandora/config.padma.jsonc b/pandora/config.padma.jsonc
index bcd1e771..691fd031 100644
--- a/pandora/config.padma.jsonc
+++ b/pandora/config.padma.jsonc
@@ -32,6 +32,7 @@
         "canEditMedia": {"staff": true, "admin": true},
         "canEditMetadata": {"staff": true, "admin": true},
         "canEditPlaces": {"staff": true, "admin": true},
+        "canEditRightsLevel": {"member": true, "staff": true, "admin": true},
         "canEditSitePages": {"staff": true, "admin": true},
         "canEditUsers": {"admin": true},
         "canImportAnnotations": {"member": true, "staff": true, "admin": true},
diff --git a/pandora/config.pandora.jsonc b/pandora/config.pandora.jsonc
index 65b2a110..5341756d 100644
--- a/pandora/config.pandora.jsonc
+++ b/pandora/config.pandora.jsonc
@@ -32,6 +32,7 @@
         "canEditMedia": {"staff": true, "admin": true},
         "canEditMetadata": {"staff": true, "admin": true},
         "canEditPlaces": {"staff": true, "admin": true},
+        "canEditRightsLevel": {"member": true, "staff": true, "admin": true},
         "canEditSitePages": {"staff": true, "admin": true},
         "canEditUsers": {"admin": true},
         "canImportAnnotations": {"member": true, "staff": true, "admin": true},
diff --git a/pandora/item/views.py b/pandora/item/views.py
index ab39bfc7..e4ceef58 100644
--- a/pandora/item/views.py
+++ b/pandora/item/views.py
@@ -555,7 +555,10 @@ def edit(request):
         item.log()
         response = json_response(status=200, text='ok')
         if 'rightslevel' in data:
-            item.level = int(data['rightslevel'])
+            if request.user.get_profile().capability('canEditRightsLevel') == True:
+                item.level = int(data['rightslevel'])
+            else:
+                response = json_response(status=403, text='permission denied')
             del data['rightslevel']
         if 'user' in data:
             if request.user.get_profile().get_level() in ('admin', 'staff') and \
@@ -572,7 +575,7 @@ def edit(request):
             tasks.update_clips.delay(item.itemId)
         response['data'] = item.get_json()
     else:
-        response = json_response(status=403, text='permissino denied')
+        response = json_response(status=403, text='permission denied')
     return render_to_json_response(response)
 actions.register(edit, cache=False)