diff --git a/app/helpers/admin/roles_helper.rb b/app/helpers/admin/roles_helper.rb
new file mode 100644
index 000000000..7b4702e26
--- /dev/null
+++ b/app/helpers/admin/roles_helper.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Admin
+  module RolesHelper
+    def privilege_label(privilege)
+      safe_join(
+        [
+          t("admin.roles.privileges.#{privilege}"),
+          content_tag(:span, t("admin.roles.privileges.#{privilege}_description"), class: 'hint'),
+        ]
+      )
+    end
+
+    def disable_permissions?(permissions)
+      permissions.filter { |privilege| role_flag_value(privilege).zero? }
+    end
+
+    private
+
+    def role_flag_value(privilege)
+      UserRole::FLAGS[privilege] & current_user.role.computed_permissions
+    end
+  end
+end
diff --git a/app/models/user_role.rb b/app/models/user_role.rb
index 5472646c6..89354da54 100644
--- a/app/models/user_role.rb
+++ b/app/models/user_role.rb
@@ -49,7 +49,7 @@ class UserRole < ApplicationRecord
         invite_users
       ).freeze,
 
-      moderation: %w(
+      moderation: %i(
         view_dashboard
         view_audit_log
         manage_users
@@ -63,7 +63,7 @@ class UserRole < ApplicationRecord
         manage_invites
       ).freeze,
 
-      administration: %w(
+      administration: %i(
         manage_settings
         manage_rules
         manage_roles
@@ -72,7 +72,7 @@ class UserRole < ApplicationRecord
         manage_announcements
       ).freeze,
 
-      devops: %w(
+      devops: %i(
         view_devops
       ).freeze,
 
diff --git a/app/views/admin/roles/_form.html.haml b/app/views/admin/roles/_form.html.haml
index 240033214..46a1c537a 100644
--- a/app/views/admin/roles/_form.html.haml
+++ b/app/views/admin/roles/_form.html.haml
@@ -31,6 +31,6 @@
     - (form.object.everyone? ? UserRole::Flags::CATEGORIES.slice(:invites) : UserRole::Flags::CATEGORIES).each do |category, permissions|
       %h4= t(category, scope: 'admin.roles.categories')
 
-      = form.input :permissions_as_keys, collection: permissions, wrapper: :with_block_label, include_blank: false, label_method: ->(privilege) { safe_join([t("admin.roles.privileges.#{privilege}"), content_tag(:span, t("admin.roles.privileges.#{privilege}_description"), class: 'hint')]) }, required: false, as: :check_boxes, collection_wrapper_tag: 'ul', item_wrapper_tag: 'li', label: false, hint: false, disabled: permissions.filter { |privilege| UserRole::FLAGS[privilege] & current_user.role.computed_permissions == 0 }
+      = form.input :permissions_as_keys, collection: permissions, wrapper: :with_block_label, include_blank: false, label_method: ->(privilege) { privilege_label(privilege) }, required: false, as: :check_boxes, collection_wrapper_tag: 'ul', item_wrapper_tag: 'li', label: false, hint: false, disabled: disable_permissions?(permissions)
 
   %hr.spacer/