diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
index 150099b94..27eed3642 100755
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -592,11 +592,18 @@ class ApiController(RedditController, OAuth2ResourceController):
 
         # The user who made the request must be an admin or a moderator
         # for the privilege change to succeed.
+        # (Exception: a user can remove privilege from oneself)
         victim = iuser or nuser
-        perm = 'wiki' if type.startswith('wiki') else 'access'
+        required_perms = []
+        if c.user != victim:
+            if type.startswith('wiki'):
+                required_perms.append('wiki')
+            else:
+                required_perms.append('access')
         if (not c.user_is_admin
             and (type in self._sr_friend_types
-                 and not container.is_moderator_with_perms(c.user, perm))):
+                 and not container.is_moderator_with_perms(
+                     c.user, *required_perms))):
             abort(403, 'forbidden')
         if (type == 'moderator' and not
             (c.user_is_admin or container.can_demod(c.user, victim))):
diff --git a/r2/r2/models/subreddit.py b/r2/r2/models/subreddit.py
index 42ba23feb..3d9f4bf31 100644
--- a/r2/r2/models/subreddit.py
+++ b/r2/r2/models/subreddit.py
@@ -459,6 +459,9 @@ class Subreddit(Thing, Printable):
 
     def can_demod(self, bully, victim):
         bully_rel = self.get_moderator(bully)
+        if bully_rel is not None and bully == victim:
+            # mods can always demod themselves
+            return True
         victim_rel = self.get_moderator(victim)
         return (
             bully_rel is not None