diff --git a/src/Orchard.Web/Modules/Orchard.ContentPermissions/Drivers/ContentPermissionsPartDriver.cs b/src/Orchard.Web/Modules/Orchard.ContentPermissions/Drivers/ContentPermissionsPartDriver.cs
index c64e3b779..e3d342e36 100644
--- a/src/Orchard.Web/Modules/Orchard.ContentPermissions/Drivers/ContentPermissionsPartDriver.cs
+++ b/src/Orchard.Web/Modules/Orchard.ContentPermissions/Drivers/ContentPermissionsPartDriver.cs
@@ -41,15 +41,15 @@ namespace Orchard.ContentPermissions.Drivers {
         protected override DriverResult Editor(ContentPermissionsPart part, dynamic shapeHelper) {
             return ContentShape("Parts_ContentPermissions_Edit", () => {
 
-                var settings = part.Settings.TryGetModel<ContentPermissionsPartSettings>();
-
-                var allRoles = _roleService.GetRoles().Select(x => x.Name).OrderBy(x => x).ToList();
-
                 // ensure the current user is allowed to define permissions
                 if (!_authorizer.Authorize(Permissions.GrantPermission)) {
                     return null;
                 }
 
+                var settings = part.Settings.TryGetModel<ContentPermissionsPartSettings>();
+
+                var allRoles = _roleService.GetRoles().Select(x => x.Name).OrderBy(x => x).ToList();
+
                 if(settings == null) {
                     settings = new ContentPermissionsPartSettings {
                         View = ContentPermissionsPartViewModel.SerializePermissions(allRoles.Select(x => new RoleEntry { Role = x, Checked = _authorizationService.TryCheckAccess(Core.Contents.Permissions.ViewContent, UserSimulation.Create(x), null) }).ToList()),