diff --git a/rhodecode/controllers/admin/users.py b/rhodecode/controllers/admin/users.py
--- a/rhodecode/controllers/admin/users.py
+++ b/rhodecode/controllers/admin/users.py
@@ -41,8 +41,8 @@ from rhodecode.lib.auth import LoginRequ
     AuthUser
 from rhodecode.lib.base import BaseController, render
 
-from rhodecode.model.db import User, UserEmailMap, UserIpMap
-from rhodecode.model.forms import UserForm
+from rhodecode.model.db import User, UserEmailMap, UserIpMap, UserToPerm
+from rhodecode.model.forms import UserForm, CustomDefaultPermissionsForm
 from rhodecode.model.user import UserModel
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
@@ -240,12 +240,13 @@ class UsersController(BaseController):
                         .filter(UserEmailMap.user == c.user).all()
         c.user_ip_map = UserIpMap.query()\
                         .filter(UserIpMap.user == c.user).all()
-        user_model = UserModel()
+        umodel = UserModel()
         c.ldap_dn = c.user.ldap_dn
         defaults = c.user.get_dict()
         defaults.update({
-            'create_repo_perm': user_model.has_perm(id, 'hg.create.repository'),
-            'fork_repo_perm': user_model.has_perm(id, 'hg.fork.repository'),
+         'create_repo_perm': umodel.has_perm(c.user, 'hg.create.repository'),
+         'create_user_group_perm': umodel.has_perm(c.user, 'hg.usergroup.create.true'),
+         'fork_repo_perm': umodel.has_perm(c.user, 'hg.fork.repository'),
         })
 
         return htmlfill.render(
@@ -258,39 +259,36 @@ class UsersController(BaseController):
     def update_perm(self, id):
         """PUT /users_perm/id: Update an existing item"""
         # url('user_perm', id=ID, method='put')
-        usr = User.get_or_404(id)
-        grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
-        grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
-        inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
-
-        user_model = UserModel()
+        user = User.get_or_404(id)
 
         try:
-            usr.inherit_default_permissions = inherit_perms
-            Session().add(usr)
+            form = CustomDefaultPermissionsForm()()
+            form_result = form.to_python(request.POST)
+
+            inherit_perms = form_result['inherit_default_permissions']
+            user.inherit_default_permissions = inherit_perms
+            Session().add(user)
+            user_model = UserModel()
 
-            if grant_create_perm:
-                user_model.revoke_perm(usr, 'hg.create.none')
-                user_model.grant_perm(usr, 'hg.create.repository')
-                h.flash(_("Granted 'repository create' permission to user"),
-                        category='success')
+            defs = UserToPerm.query()\
+                .filter(UserToPerm.user == user)\
+                .all()
+            for ug in defs:
+                Session().delete(ug)
+
+            if form_result['create_repo_perm']:
+                user_model.grant_perm(id, 'hg.create.repository')
             else:
-                user_model.revoke_perm(usr, 'hg.create.repository')
-                user_model.grant_perm(usr, 'hg.create.none')
-                h.flash(_("Revoked 'repository create' permission to user"),
-                        category='success')
-
-            if grant_fork_perm:
-                user_model.revoke_perm(usr, 'hg.fork.none')
-                user_model.grant_perm(usr, 'hg.fork.repository')
-                h.flash(_("Granted 'repository fork' permission to user"),
-                        category='success')
+                user_model.grant_perm(id, 'hg.create.none')
+            if form_result['create_user_group_perm']:
+                user_model.grant_perm(id, 'hg.usergroup.create.true')
             else:
-                user_model.revoke_perm(usr, 'hg.fork.repository')
-                user_model.grant_perm(usr, 'hg.fork.none')
-                h.flash(_("Revoked 'repository fork' permission to user"),
-                        category='success')
-
+                user_model.grant_perm(id, 'hg.usergroup.create.false')
+            if form_result['fork_repo_perm']:
+                user_model.grant_perm(id, 'hg.fork.repository')
+            else:
+                user_model.grant_perm(id, 'hg.fork.none')
+            h.flash(_("Updated permissions"), category='success')
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
diff --git a/rhodecode/controllers/admin/users_groups.py b/rhodecode/controllers/admin/users_groups.py
--- a/rhodecode/controllers/admin/users_groups.py
+++ b/rhodecode/controllers/admin/users_groups.py
@@ -43,7 +43,8 @@ from rhodecode.model.users_group import 
 from rhodecode.model.repo import RepoModel
 from rhodecode.model.db import User, UserGroup, UserGroupToPerm,\
     UserGroupRepoToPerm, UserGroupRepoGroupToPerm
-from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm
+from rhodecode.model.forms import UserGroupForm, UserGroupPermsForm,\
+    CustomDefaultPermissionsForm
 from rhodecode.model.meta import Session
 from rhodecode.lib.utils import action_logger
 from sqlalchemy.orm import joinedload
@@ -113,6 +114,8 @@ class UsersGroupsController(BaseControll
         data.update({
             'create_repo_perm': ug_model.has_perm(user_group,
                                                   'hg.create.repository'),
+            'create_user_group_perm': ug_model.has_perm(user_group,
+                                                  'hg.usergroup.create.true'),
             'fork_repo_perm': ug_model.has_perm(user_group,
                                                 'hg.fork.repository'),
         })
@@ -326,38 +329,36 @@ class UsersGroupsController(BaseControll
         # url('users_group_perm', id=ID, method='put')
 
         users_group = UserGroup.get_or_404(id)
-        grant_create_perm = str2bool(request.POST.get('create_repo_perm'))
-        grant_fork_perm = str2bool(request.POST.get('fork_repo_perm'))
-        inherit_perms = str2bool(request.POST.get('inherit_default_permissions'))
-
-        usergroup_model = UserGroupModel()
 
         try:
+            form = CustomDefaultPermissionsForm()()
+            form_result = form.to_python(request.POST)
+
+            inherit_perms = form_result['inherit_default_permissions']
             users_group.inherit_default_permissions = inherit_perms
             Session().add(users_group)
+            usergroup_model = UserGroupModel()
 
-            if grant_create_perm:
-                usergroup_model.revoke_perm(id, 'hg.create.none')
-                usergroup_model.grant_perm(id, 'hg.create.repository')
-                h.flash(_("Granted 'repository create' permission to user group"),
-                        category='success')
-            else:
-                usergroup_model.revoke_perm(id, 'hg.create.repository')
-                usergroup_model.grant_perm(id, 'hg.create.none')
-                h.flash(_("Revoked 'repository create' permission to user group"),
-                        category='success')
+            defs = UserGroupToPerm.query()\
+                .filter(UserGroupToPerm.users_group == users_group)\
+                .all()
+            for ug in defs:
+                Session().delete(ug)
 
-            if grant_fork_perm:
-                usergroup_model.revoke_perm(id, 'hg.fork.none')
-                usergroup_model.grant_perm(id, 'hg.fork.repository')
-                h.flash(_("Granted 'repository fork' permission to user group"),
-                        category='success')
+            if form_result['create_repo_perm']:
+                usergroup_model.grant_perm(id, 'hg.create.repository')
+            else:
+                usergroup_model.grant_perm(id, 'hg.create.none')
+            if form_result['create_user_group_perm']:
+                usergroup_model.grant_perm(id, 'hg.usergroup.create.true')
             else:
-                usergroup_model.revoke_perm(id, 'hg.fork.repository')
+                usergroup_model.grant_perm(id, 'hg.usergroup.create.false')
+            if form_result['fork_repo_perm']:
+                usergroup_model.grant_perm(id, 'hg.fork.repository')
+            else:
                 usergroup_model.grant_perm(id, 'hg.fork.none')
-                h.flash(_("Revoked 'repository fork' permission to user group"),
-                        category='success')
 
+            h.flash(_("Updated permissions"), category='success')
             Session().commit()
         except Exception:
             log.error(traceback.format_exc())
diff --git a/rhodecode/model/forms.py b/rhodecode/model/forms.py
--- a/rhodecode/model/forms.py
+++ b/rhodecode/model/forms.py
@@ -334,6 +334,21 @@ def DefaultPermissionsForm(repo_perms_ch
     return _DefaultPermissionsForm
 
 
+def CustomDefaultPermissionsForm():
+    class _CustomDefaultPermissionsForm(formencode.Schema):
+        filter_extra_fields = True
+        allow_extra_fields = True
+        inherit_default_permissions = v.StringBoolean(if_missing=False)
+
+        create_repo_perm = v.StringBoolean(if_missing=False)
+        create_user_group_perm = v.StringBoolean(if_missing=False)
+        #create_repo_group_perm Impl. later
+
+        fork_repo_perm = v.StringBoolean(if_missing=False)
+
+    return _CustomDefaultPermissionsForm
+
+
 def DefaultsForm(edit=False, old_data={}, supported_backends=BACKENDS.keys()):
     class _DefaultsForm(formencode.Schema):
         allow_extra_fields = True
diff --git a/rhodecode/model/user.py b/rhodecode/model/user.py
--- a/rhodecode/model/user.py
+++ b/rhodecode/model/user.py
@@ -524,8 +524,11 @@ class UserModel(BaseModel):
         # !! OVERRIDE GLOBALS !! with user permissions if any found
         #======================================================================
         # those can be configured from groups or users explicitly
-        _configurable = set(['hg.fork.none', 'hg.fork.repository',
-                             'hg.create.none', 'hg.create.repository'])
+        _configurable = set([
+            'hg.fork.none', 'hg.fork.repository',
+            'hg.create.none', 'hg.create.repository',
+            'hg.usergroup.create.false', 'hg.usergroup.create.true'
+        ])
 
         # USER GROUPS comes first
         # user group global permissions
@@ -565,6 +568,8 @@ class UserModel(BaseModel):
 
             for perm in user_perms:
                 user.permissions[GLOBAL].add(perm.permission.permission_name)
+        ## END GLOBAL PERMISSIONS
+
 
         #======================================================================
         # !! PERMISSIONS FOR REPOSITORIES !!
diff --git a/rhodecode/templates/admin/users/user_edit.html b/rhodecode/templates/admin/users/user_edit.html
--- a/rhodecode/templates/admin/users/user_edit.html
+++ b/rhodecode/templates/admin/users/user_edit.html
@@ -149,45 +149,8 @@
     <div class="title">
         <h5>${_('Permissions')}</h5>
     </div>
-    ${h.form(url('user_perm', id=c.user.user_id),method='put')}
-    <div class="form">
-        <!-- fields -->
-        <div class="fields">
-             <div class="field">
-                <div class="label label-checkbox">
-                    <label for="inherit_permissions">${_('Inherit default permissions')}:</label>
-                </div>
-                <div class="checkboxes">
-                    ${h.checkbox('inherit_default_permissions',value=True)}
-                </div>
-                <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
-                                             'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
-             </div>
-             <div id="inherit_overlay" style="${'opacity:0.3' if c.user.inherit_default_permissions else ''}" >
-             <div class="field">
-                <div class="label label-checkbox">
-                    <label for="create_repo_perm">${_('Create repositories')}:</label>
-                </div>
-                <div class="checkboxes">
-                    ${h.checkbox('create_repo_perm',value=True)}
-                </div>
-             </div>
-             <div class="field">
-                <div class="label label-checkbox">
-                    <label for="fork_repo_perm">${_('Fork repositories')}:</label>
-                </div>
-                <div class="checkboxes">
-                    ${h.checkbox('fork_repo_perm',value=True)}
-                </div>
-             </div>
-             </div>
-            <div class="buttons">
-              ${h.submit('save',_('Save'),class_="ui-btn large")}
-              ${h.reset('reset',_('Reset'),class_="ui-btn large")}
-            </div>
-        </div>
-    </div>
-    ${h.end_form()}
+    <%namespace name="dpb" file="/base/default_perms_box.html"/>
+    ${dpb.default_perms_box(url('user_perm', id=c.user.user_id))}
 
     ## permissions overview
     <%namespace name="p" file="/base/perms_summary.html"/>
diff --git a/rhodecode/templates/admin/users_groups/users_group_edit.html b/rhodecode/templates/admin/users_groups/users_group_edit.html
--- a/rhodecode/templates/admin/users_groups/users_group_edit.html
+++ b/rhodecode/templates/admin/users_groups/users_group_edit.html
@@ -111,6 +111,14 @@
     </div>
 </div>
 
+<div class="box box-right">
+    <!-- box / title -->
+    <div class="title">
+        <h5>${_('Global Permissions')}</h5>
+    </div>
+    <%namespace name="dpb" file="/base/default_perms_box.html"/>
+    ${dpb.default_perms_box(url('users_group_perm', id=c.users_group.users_group_id))}
+</div>
 
 <div class="box box-right">
     <div class="title">
@@ -136,52 +144,6 @@
     ${h.end_form()}
 </div>
 
-<div class="box box-right">
-    <!-- box / title -->
-    <div class="title">
-        <h5>${_('Global Permissions')}</h5>
-    </div>
-    ${h.form(url('users_group_perm', id=c.users_group.users_group_id), method='put')}
-    <div class="form">
-        <!-- fields -->
-        <div class="fields">
-             <div class="field">
-                <div class="label label-checkbox">
-                    <label for="inherit_permissions">${_('Inherit default permissions')}:</label>
-                </div>
-                <div class="checkboxes">
-                    ${h.checkbox('inherit_default_permissions',value=True)}
-                </div>
-                <span class="help-block">${h.literal(_('Select to inherit permissions from %s settings. '
-                                             'With this selected below options does not have any action') % h.link_to('default', url('edit_permission', id='default')))}</span>
-             </div>
-             <div id="inherit_overlay" style="${'opacity:0.3' if c.users_group.inherit_default_permissions else ''}" >
-             <div class="field">
-                <div class="label label-checkbox">
-                    <label for="create_repo_perm">${_('Create repositories')}:</label>
-                </div>
-                <div class="checkboxes">
-                    ${h.checkbox('create_repo_perm',value=True)}
-                </div>
-             </div>
-             <div class="field">
-                <div class="label label-checkbox">
-                    <label for="fork_repo_perm">${_('Fork repositories')}:</label>
-                </div>
-                <div class="checkboxes">
-                    ${h.checkbox('fork_repo_perm',value=True)}
-                </div>
-             </div>
-             </div>
-            <div class="buttons">
-              ${h.submit('save',_('Save'),class_="ui-btn large")}
-              ${h.reset('reset',_('Reset'),class_="ui-btn large")}
-            </div>
-        </div>
-    </div>
-    ${h.end_form()}
-</div>
-
 <script type="text/javascript">
   MultiSelectWidget('users_group_members','available_members','edit_users_group');
 </script>
diff --git a/rhodecode/templates/base/default_perms_box.html b/rhodecode/templates/base/default_perms_box.html
new file mode 100644
--- /dev/null
+++ b/rhodecode/templates/base/default_perms_box.html
@@ -0,0 +1,86 @@
+## snippet for displaying default permission box
+## usage:
+##    <%namespace name="dpb" file="/base/default_perms_box.html"/>
+##    ${dpb.default_perms_box(<url_to_form>)}
+
+
+<%def name="default_perms_box(form_url)">
+${h.form(form_url, method='put')}
+    <div class="form">
+        <!-- fields -->
+        <div class="fields">
+             <div class="field">
+                <div class="checkboxes">
+                    <label for="inherit_default_permissions">${_('Inherit default permissions')}:</label>
+                    ${h.checkbox('inherit_default_permissions',value=True)}
+                </div>
+                <span class="help-block">
+                ${h.literal(_('Select to inherit permissions from %s settings. '
+                              'With this selected below options does not apply.')
+                              % h.link_to('default', url('edit_permission', id='default')))}
+                </span>
+             </div>
+             <div id="inherit_overlay">
+             <div class="field">
+                <div class="checkboxes">
+                    <label for="create_repo_perm">${_('Create repositories')}:</label>
+                    ${h.checkbox('create_repo_perm',value=True)}
+                </div>
+                <span class="help-block">
+                ${h.literal(_('Select this option to allow repository creation for this user'))}
+                </span>
+             </div>
+             <div class="field">
+                <div class="checkboxes">
+                    <label for="create_user_group_perm">${_('Create user groups')}:</label>
+                    ${h.checkbox('create_user_group_perm',value=True)}
+                </div>
+                <span class="help-block">
+                ${h.literal(_('Select this option to allow user group creation for this user'))}
+                </span>
+             </div>
+             <div class="field">
+                <div class="checkboxes">
+                    <label for="fork_repo_perm">${_('Fork repositories')}:</label>
+                    ${h.checkbox('fork_repo_perm',value=True)}
+                </div>
+                <span class="help-block">
+                ${h.literal(_('Select this option to allow repository forking for this user'))}
+                </span>
+             </div>
+             </div>
+            <div class="buttons">
+              ${h.submit('save',_('Save'),class_="ui-btn large")}
+              ${h.reset('reset',_('Reset'),class_="ui-btn large")}
+            </div>
+        </div>
+    </div>
+${h.end_form()}
+
+## JS
+<script>
+YUE.onDOMReady(function(e){
+
+    var show_custom_perms = function(inherit_default){
+        if(inherit_default){
+            YUD.setStyle('inherit_overlay', 'display', 'none');
+        }
+        else{
+            YUD.setStyle('inherit_overlay', 'display', '');
+        }
+    }
+
+    var defaults = YUD.get('inherit_default_permissions').checked;
+    show_custom_perms(defaults);
+    YUE.on('inherit_default_permissions', 'change', function(e){
+        if(YUD.get('inherit_default_permissions').checked){
+            show_custom_perms(true);
+        }
+        else{
+            show_custom_perms(false);
+        }
+    })
+})
+</script>
+
+</%def>
diff --git a/rhodecode/templates/base/perms_summary.html b/rhodecode/templates/base/perms_summary.html
--- a/rhodecode/templates/base/perms_summary.html
+++ b/rhodecode/templates/base/perms_summary.html
@@ -1,4 +1,7 @@
 ## snippet for displaying permissions overview for users
+## usage:
+##    <%namespace name="p" file="/base/perms_summary.html"/>
+##    ${p.perms_summary(c.perm_user.permissions)}
 
 <%def name="perms_summary(permissions)">
 <div id="perms" class="table">
@@ -16,7 +19,7 @@
                   <th class="left">${_('Edit Permission')}</th>
               </thead>
               <tbody>
-              %for k in sorted(permissions[section], key=lambda s: s.lower()):
+              %for k in permissions[section]:
                   <tr>
                       <td colspan="2">
                           ${h.get_permission_name(k)}