diff --git a/client/src/components/User.js b/client/src/components/User.js
index 8f49fb01..411688cd 100644
--- a/client/src/components/User.js
+++ b/client/src/components/User.js
@@ -109,7 +109,7 @@ export const User = ({user, other, config, currentUser}) => {
         );
     }
 
-    user.highestAuthority = I18n.t(`access.${highestAuthority(user)}`);
+    user.highestAuthority = I18n.t(`access.${highestAuthority(user, false)}`);
     const attributes = [["name"], ["sub"], ["eduPersonPrincipalName"], ["schacHomeOrganization"], ["email"], ["highestAuthority"],
         ["lastActivity", true]];
     const filteredUserRoles = user.userRoles.filter(filterUserRole).filter(role => role.authority !== AUTHORITIES.GUEST || currentUser.superUser);
diff --git a/client/src/components/UserMenu.jsx b/client/src/components/UserMenu.jsx
index 01516960..5234fdfb 100644
--- a/client/src/components/UserMenu.jsx
+++ b/client/src/components/UserMenu.jsx
@@ -31,7 +31,7 @@ export const UserMenu = ({user, config, actions}) => {
         });
     }
 
-    const renderMenu = (adminLinks) => {
+    const renderMenu = adminLinks => {
         return (<>
                 <ul>
                     {user.superUser && adminLinks.map(l => <li key={l}>
@@ -60,7 +60,7 @@ export const UserMenu = ({user, config, actions}) => {
              onBlur={() => setTimeout(() => setDropDownActive(false), 250)}>
             <UserInfo isOpen={dropDownActive}
                       children={renderMenu(adminLinks)}
-                      organisationName={I18n.t(`access.${highestAuthority(user)}`)}
+                      organisationName={I18n.t(`access.${highestAuthority(user, false)}`)}
                       userName={user.name}
                       toggle={() => setDropDownActive(!dropDownActive)}
             />
diff --git a/client/src/locale/en.js b/client/src/locale/en.js
index 66340a46..870126e2 100644
--- a/client/src/locale/en.js
+++ b/client/src/locale/en.js
@@ -92,7 +92,7 @@ const en = {
         roles: "Roles",
         applications: "Applications",
         noRolesInfo: "You have no roles (which means you must be super-user)",
-        noRolesInstitutionAdmin: "As an institution admin you have no roles (but you do have access to applications)",
+        noRolesInstitutionAdmin: "As an institution admin you have no roles (but you might have access to applications)",
         guestRoleOnly: "You are a guest user. Are you looking for the <a href='{{welcomeUrl}}'>inviter app for guests</a>?",
         rolesInfo: "You have the following roles",
         applicationsInfo: "You have access to the following applications",
diff --git a/client/src/pages/RoleForm.js b/client/src/pages/RoleForm.js
index 34ed5f8d..a9fe306f 100644
--- a/client/src/pages/RoleForm.js
+++ b/client/src/pages/RoleForm.js
@@ -18,6 +18,7 @@ import ConfirmationDialog from "../components/ConfirmationDialog";
 import SwitchField from "../components/SwitchField";
 import {displayExpiryDate, futureDate} from "../utils/Date";
 
+const DEFAULT_EXPIRY_DAYS = 365;
 export const RoleForm = () => {
 
     const navigate = useNavigate();
@@ -30,7 +31,7 @@ export const RoleForm = () => {
     const [role, setRole] = useState({
         name: "",
         shortName: "",
-        defaultExpiryDays: 365,
+        defaultExpiryDays: DEFAULT_EXPIRY_DAYS,
         identifier: crypto.randomUUID()
     });
     const [providers, setProviders] = useState([]);
@@ -58,7 +59,8 @@ export const RoleForm = () => {
             }
             Promise.all(promises).then(res => {
                 if (!newRole) {
-                    setRole(res[0])
+                    setRole(res[0]);
+                    setCustomRoleExpiryDate(res[0].defaultExpiryDays !== DEFAULT_EXPIRY_DAYS)
                 }
                 if (user.superUser) {
                     setProviders(providersToOptions(res[newRole ? 0 : 1]));
diff --git a/server/src/main/java/access/security/InstitutionAdmin.java b/server/src/main/java/access/security/InstitutionAdmin.java
index b51ce316..7ca34ff5 100644
--- a/server/src/main/java/access/security/InstitutionAdmin.java
+++ b/server/src/main/java/access/security/InstitutionAdmin.java
@@ -32,7 +32,9 @@ public static boolean isInstitutionAdmin(Map<String, Object> attributes,
     }
 
     public static boolean isInstitutionAdmin(User user) {
-        return user.isInstitutionAdmin() && StringUtils.hasText(user.getOrganizationGUID()) && user.isInstitutionAdminByInvite();
+        return user.isInstitutionAdmin() &&
+                StringUtils.hasText(user.getOrganizationGUID()) &&
+                user.isInstitutionAdminByInvite();
     }
 
     public static Optional<String> getOrganizationGuid(Map<String, Object> attributes,
diff --git a/server/src/main/java/access/security/UserPermissions.java b/server/src/main/java/access/security/UserPermissions.java
index afc7f127..1e298140 100644
--- a/server/src/main/java/access/security/UserPermissions.java
+++ b/server/src/main/java/access/security/UserPermissions.java
@@ -5,6 +5,7 @@
 import access.model.Role;
 import access.model.User;
 import access.model.UserRole;
+import org.springframework.util.StringUtils;
 
 import java.util.List;
 import java.util.Map;
@@ -23,7 +24,8 @@ public static void assertSuperUser(User user) {
     }
 
     public static void assertInstitutionAdmin(User user) {
-        if (user.isSuperUser() || InstitutionAdmin.isInstitutionAdmin(user)) {
+        if (user.isSuperUser() || (user.isInstitutionAdmin() &&
+                StringUtils.hasText(user.getOrganizationGUID()))) {
             return;
         }
         throw new UserRestrictionException();