diff --git a/platform/user.go b/platform/user.go
index 4adac22d..96e5e7f8 100644
--- a/platform/user.go
+++ b/platform/user.go
@@ -50,6 +50,9 @@ func (u User) AsJSON() string {
 func (u User) HasRoot() bool {
 	return u.model.Role == enums.UserroleRoot
 }
+func (u User) IsAccountOwner() bool {
+	return u.model.Role == enums.UserroleAccountOwner
+}
 func newUser(ctx context.Context, org Organization, user *models.User) User {
 	avatar := user.Avatar.Ptr()
 	u := User{
diff --git a/resource/user.go b/resource/user.go
index fca8e235..24d5e7b5 100644
--- a/resource/user.go
+++ b/resource/user.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	"strconv"
 
+	"github.com/Gleipnir-Technology/nidus-sync/db/enums"
 	"github.com/Gleipnir-Technology/nidus-sync/db/models"
 	nhttp "github.com/Gleipnir-Technology/nidus-sync/http"
 	"github.com/Gleipnir-Technology/nidus-sync/platform"
@@ -86,7 +87,7 @@ func (res *userR) ByIDPut(ctx context.Context, r *http.Request, user platform.Us
 		return "", nhttp.NewErrorStatus(http.StatusBadRequest, "user id conversion: %w", err)
 	}
 	user_changes := &models.UserSetter{}
-	if !(user.HasRoot() || user.Role == enums.UserroleAccountOwner || user.ID == user_id) {
+	if !(user.HasRoot() || user.IsAccountOwner() || user.ID == user_id) {
 		return "", nhttp.NewForbidden("Only account owners can change other users")
 	}
 	if updates.Avatar.IsValue() {
@@ -103,8 +104,14 @@ func (res *userR) ByIDPut(ctx context.Context, r *http.Request, user platform.Us
 	}
 	if updates.Role.IsValue() {
 		// Don't allow privilege escalation
-		if user.HasRoot() || user.Role == enums.UserroleAccountOwner {
-			user_changes.Role = updates.Role.MustGet()
+		if user.HasRoot() || user.IsAccountOwner() {
+			var role enums.Userrole
+			v := updates.Role.MustGet()
+			err := role.Scan(v)
+			if err != nil {
+				return "", nhttp.NewBadRequest("invalid role %s: %w", v, err)
+			}
+			user_changes.Role = omit.From(role)
 		} else {
 			return "", nhttp.NewBadRequest("you aren't allowed to change roles")
 		}