diff --git a/src/controllers/02-user-controller.ts b/src/controllers/02-user-controller.ts
index 45e8808..a697223 100644
--- a/src/controllers/02-user-controller.ts
+++ b/src/controllers/02-user-controller.ts
@@ -381,7 +381,7 @@ export class UserController extends Controller {
     const THROW_PERM_MSG = "You do not have permission to perform this action.";
     const THROW_PERM_CODE = "noPermission";
 
-    if (setRoleIndex < userRoleIndex) {
+    if (setRoleIndex !== -1 && setRoleIndex < userRoleIndex) {
       throw new HttpError(HttpStatus.FORBIDDEN, THROW_PERM_MSG, THROW_PERM_CODE);
     }
     if (!globalAllow(req.user)) {