diff --git a/configs/users.conf.sample b/configs/users.conf.sample
index f88adee9cd..2a816d7e41 100644
--- a/configs/users.conf.sample
+++ b/configs/users.conf.sample
@@ -46,6 +46,11 @@ hasiax = yes
 ;
 hasmanager = no
 ;
+; Set permissions for manager entry (see manager.conf.sample for documentation)
+; (defaults to *all* permissions)
+;managerread = system,call,log,verbose,command,agent,user,config
+;managerwrite = system,call,log,verbose,command,agent,user,config
+;
 ; Remaining options are not specific to users.conf entries but are general.
 ;
 callwaiting = yes
diff --git a/main/manager.c b/main/manager.c
index d2f1158864..cecb2ca891 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -1054,6 +1054,9 @@ static int authenticate(struct mansession *s, const struct message *m)
 		struct ast_variable *v;
 		const char *password = NULL;
 		int hasmanager = 0;
+		const char *readperms = NULL;
+		const char *writeperms = NULL;
+
 		if (strcasecmp(cat, user) || !strcasecmp(cat, "general")) {
 			cat = ast_category_browse(cfg, cat);
 			continue;
@@ -1063,6 +1066,10 @@ static int authenticate(struct mansession *s, const struct message *m)
 				password = v->value;
 			else if (!strcasecmp(v->name, "hasmanager"))
 				hasmanager = ast_true(v->value);
+			else if (!strcasecmp(v->name, "managerread"))
+				readperms = v->value;
+			else if (!strcasecmp(v->name, "managerwrite"))
+				writeperms = v->value;
 		}
 		if (!hasmanager)
 			break;
@@ -1072,8 +1079,8 @@ static int authenticate(struct mansession *s, const struct message *m)
 			return -1;
 		}
 		ast_copy_string(s->username, cat, sizeof(s->username));
-		s->readperm = -1;
-		s->writeperm = -1;
+		s->readperm = readperms ? get_perm(readperms) : -1;
+		s->writeperm = writeperms ? get_perm(writeperms) : -1;
 		ast_config_destroy(cfg);
 		if (events)
 			set_eventmask(s, events);