diff --git a/workflow/engine/methods/roles/roles_Ajax.php b/workflow/engine/methods/roles/roles_Ajax.php
index 061435b13..d3aba1ec9 100755
--- a/workflow/engine/methods/roles/roles_Ajax.php
+++ b/workflow/engine/methods/roles/roles_Ajax.php
@@ -162,6 +162,14 @@ switch ($REQUEST) {
         foreach ($aUserIuds as $key => $val) {
             $sData['USR_UID'] = $val;
             $sData['ROL_UID'] = $ROL_UID;
+            if ($sData['USR_UID'] == '00000000000000000000000000000001') {
+                if ($sData['ROL_UID'] != 'PROCESSMAKER_ADMIN') {
+                    $response = new stdclass();
+					$response->userRole = true;
+					echo G::json_encode($response);
+                    break;
+                }
+            }
             $RBAC->assignUserToRole( $sData );
         }
 
diff --git a/workflow/engine/templates/roles/rolesUsersPermission.js b/workflow/engine/templates/roles/rolesUsersPermission.js
index e0dc61ce2..23f549ea4 100755
--- a/workflow/engine/templates/roles/rolesUsersPermission.js
+++ b/workflow/engine/templates/roles/rolesUsersPermission.js
@@ -753,7 +753,17 @@ SaveUsersRole = function(arr_usr, function_success, function_failure){
 	Ext.Ajax.request({
 		url: 'roles_Ajax',
 		params: {request: 'assignUserToRole', ROL_UID: ROLES.ROL_UID, aUsers: arr_usr.join(',')},
-		success: function(){
+		success: function( result, request ){
+				    var data = Ext.util.JSON.decode(result.responseText);
+		            if( data.userRole ) {
+		             Ext.Msg.show({
+		                  title: _('ID_WARNING'),
+		                  msg: _('ID_ADMINISTRATOR_ROLE_CANT_CHANGED'),
+		                  animEl: 'elId',
+		                  icon: Ext.MessageBox.WARNING,
+		                  buttons: Ext.MessageBox.OK
+		             });
+		            }
 					viewport.getEl().unmask();
 					function_success();
 				  },