diff --git a/awx/api/permissions.py b/awx/api/permissions.py
index 6e1320e2d8..285441421d 100644
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -19,7 +19,7 @@ from awx.main.utils import get_object_or_400
 logger = logging.getLogger('awx.api.permissions')
 
 __all__ = ['ModelAccessPermission', 'JobTemplateCallbackPermission',
-           'TaskPermission', 'ProjectUpdatePermission']
+           'TaskPermission', 'ProjectUpdatePermission', 'UserPermission']
 
 class ModelAccessPermission(permissions.BasePermission):
     '''
@@ -202,3 +202,10 @@ class ProjectUpdatePermission(ModelAccessPermission):
     def check_post_permissions(self, request, view, obj=None):
         project = get_object_or_400(view.model, pk=view.kwargs['pk'])
         return check_user_access(request.user, view.model, 'start', project)
+
+
+class UserPermission(ModelAccessPermission):
+    def check_post_permissions(self, request, view, obj=None):
+        if request.user.is_superuser:
+            return True
+        raise PermissionDenied()
diff --git a/awx/api/views.py b/awx/api/views.py
index 0b20304892..a58b706856 100644
--- a/awx/api/views.py
+++ b/awx/api/views.py
@@ -1152,6 +1152,7 @@ class UserList(ListCreateAPIView):
 
     model = User
     serializer_class = UserSerializer
+    permission_classes = (UserPermission,)
 
     def post(self, request, *args, **kwargs):
         ret = super(UserList, self).post( request, *args, **kwargs)