diff --git a/code/SecurityAdmin.php b/code/SecurityAdmin.php
index d4343decae..41a37e8c6d 100644
--- a/code/SecurityAdmin.php
+++ b/code/SecurityAdmin.php
@@ -26,6 +26,11 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 		'EditForm',
 	);
 
+	/**
+	 * @var Array
+	 */
+	static $hidden_permissions = array();
+
 	public function init() {
 		parent::init();
 
@@ -42,6 +47,10 @@ function getEditForm($id = null) {
 			'action_save'
 		);
 		
+		// Filter permissions
+		$permissionField = $form->Fields()->dataFieldByName('Permissions');
+		if($permissionField) $permissionField->setHiddenPermissions(self::$hidden_permissions);
+		
 		return $form;
 	}
 
@@ -214,15 +223,36 @@ function providePermissions() {
 	}
 	
 	/**
-	 * the permissions represented in the $codes will not appearing in the form
-	 * containning {@link PermissionCheckboxSetField} so as not to be checked / unchecked.
-	 * @param $codes array of permission code
-	 * @return void
+	 * The permissions represented in the $codes will not appearing in the form
+	 * containing {@link PermissionCheckboxSetField} so as not to be checked / unchecked.
+	 * 
+	 * @param $codes String|Array
 	 */
-	static function hide_permissions($codes){
-		foreach($codes as $code){
-			Permission::add_to_hidden_permissions($code);
-		}
+	static function add_hidden_permission($codes){
+		if(is_string($codes)) $codes = array($codes);
+		self::$hidden_permissions += $codes;
+	}
+	
+	/**
+	 * @param $codes String|Array
+	 */
+	static function remove_hidden_permission($codes){
+		if(is_string($codes)) $codes = array($codes);
+		self::$hidden_permissions = array_diff(self::$hidden_permissions, $codes);
+	}
+	
+	/**
+	 * @return Array
+	 */
+	static function get_hidden_permissions(){
+		return self::$hidden_permissions;
+	}
+	
+	/**
+	 * Clear all permissions previously hidden with {@link add_hidden_permission}
+	 */
+	static function clear_hidden_permissions(){
+		self::$hidden_permissions = array();
 	}
 }
 
diff --git a/tests/SecurityAdminTest.php b/tests/SecurityAdminTest.php
index 02d94f0630..0c8023adba 100644
--- a/tests/SecurityAdminTest.php
+++ b/tests/SecurityAdminTest.php
@@ -36,16 +36,51 @@ function testEmptyGroupExport() {
 		$this->assertEquals($lines[1], '', "Empty export only has no content row");
 	}
 	
-	function testHidePermissions() {
-		$permissionCheckboxSet = new PermissionCheckboxSetField('Permissions','Permissions','Permission','GroupID');
-		$this->assertContains('CMS_ACCESS_CMSMain', $permissionCheckboxSet->Field());
-		$this->assertContains('CMS_ACCESS_AssetAdmin', $permissionCheckboxSet->Field());
-		
-		SecurityAdmin::hide_permissions(array('CMS_ACCESS_CMSMain','CMS_ACCESS_AssetAdmin'));
-		$this->assertNotContains('CMS_ACCESS_CMSMain', $permissionCheckboxSet->Field());
-		$this->assertNotContains('CMS_ACCESS_AssetAdmin', $permissionCheckboxSet->Field());
+	function testAddHiddenPermission() {
+		SecurityAdmin::add_hidden_permission('CMS_ACCESS_ReportAdmin');
+		$this->assertContains('CMS_ACCESS_ReportAdmin', SecurityAdmin::get_hidden_permissions());
+		
+		// reset to defaults
+		SecurityAdmin::clear_hidden_permissions();
+	}
+	
+	function testRemoveHiddenPermission() {
+		SecurityAdmin::add_hidden_permission('CMS_ACCESS_ReportAdmin');
+		$this->assertContains('CMS_ACCESS_ReportAdmin', SecurityAdmin::get_hidden_permissions());
+		SecurityAdmin::remove_hidden_permission('CMS_ACCESS_ReportAdmin');
+		$this->assertNotContains('CMS_ACCESS_ReportAdmin', SecurityAdmin::get_hidden_permissions());
+		
+		// reset to defaults
+		SecurityAdmin::clear_hidden_permissions();
+	}
+	
+	function testClearHiddenPermission() {
+		SecurityAdmin::add_hidden_permission('CMS_ACCESS_ReportAdmin');
+		$this->assertContains('CMS_ACCESS_ReportAdmin', SecurityAdmin::get_hidden_permissions());
+		SecurityAdmin::clear_hidden_permissions('CMS_ACCESS_ReportAdmin');
+		$this->assertNotContains('CMS_ACCESS_ReportAdmin', SecurityAdmin::get_hidden_permissions());
 	}
 	
+	function testPermissionFieldRespectsHiddenPermissions() {
+		$this->session()->inst_set('loggedInAs', $this->idFromFixture('Member', 'admin'));
+		
+		$group = $this->objFromFixture('Group', 'admin');
+		
+		SecurityAdmin::add_hidden_permission('CMS_ACCESS_ReportAdmin');
+		$response = $this->get('admin/security/show/' . $group->ID);
+		
+		$this->assertContains(
+			'CMS_ACCESS_CMSMain',
+			$response->getBody()
+		);
+		$this->assertNotContains(
+			'CMS_ACCESS_ReportAdmin',
+			$response->getBody()
+		);
+		
+		// reset to defaults
+		SecurityAdmin::clear_hidden_permissions();
+	}
 }
 
 ?>
\ No newline at end of file