diff --git a/app/assets/javascripts/admin/models/admin_user.js b/app/assets/javascripts/admin/models/admin_user.js
index e621429010..3ce78ea655 100644
--- a/app/assets/javascripts/admin/models/admin_user.js
+++ b/app/assets/javascripts/admin/models/admin_user.js
@@ -155,7 +155,11 @@ Discourse.AdminUser = Discourse.User.extend({
       window.location.reload();
     }, function(e) {
       // failure
-      var error = I18n.t('admin.user.trust_level_change_failed', { error: "http: " + e.status + " - " + e.body });
+      var error;
+      if (e.responseJSON && e.responseJSON.errors) {
+        error = e.responseJSON.errors[0];
+      }
+      error = error || I18n.t('admin.user.trust_level_change_failed', { error: "http: " + e.status + " - " + e.body });
       bootbox.alert(error);
     });
   },
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 16e2d13fb8..054d2a00d2 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -131,6 +131,8 @@ class Admin::UsersController < Admin::AdminController
     @user.change_trust_level!(level, log_action_for: current_user)
 
     render_serialized(@user, AdminUserSerializer)
+  rescue Discourse::InvalidAccess => e
+    render_json_error(e.message)
   end
 
   def approve