diff --git a/application/controllers/GroupController.php b/application/controllers/GroupController.php
index fe8853a06..0b752a854 100644
--- a/application/controllers/GroupController.php
+++ b/application/controllers/GroupController.php
@@ -181,6 +181,7 @@ class GroupController extends AuthBackendController
      */
     public function editAction()
     {
+        $this->assertPermission('config/application/groups/edit');
         $groupName = $this->params->getRequired('group');
         $backend = $this->getUserGroupBackend($this->params->getRequired('backend'), 'Icinga\Data\Updatable');
 
diff --git a/application/views/scripts/group/show.phtml b/application/views/scripts/group/show.phtml
index 61f793cb7..75895b908 100644
--- a/application/views/scripts/group/show.phtml
+++ b/application/views/scripts/group/show.phtml
@@ -6,7 +6,7 @@ use Icinga\Data\Updatable;
 $extensible = $this->hasPermission('config/application/groups/add') && $backend instanceof Extensible;
 
 $editLink = null;
-if ($backend instanceof Updatable) {
+if ($this->hasPermission('config/application/groups/edit') && $backend instanceof Updatable) {
     $editLink = $this->qlink(
         null,
         'group/edit',