diff --git a/wp-admin/includes/class-wp-users-list-table.php b/wp-admin/includes/class-wp-users-list-table.php
index 64cad3302f..9325d9a7f7 100644
--- a/wp-admin/includes/class-wp-users-list-table.php
+++ b/wp-admin/includes/class-wp-users-list-table.php
@@ -132,6 +132,8 @@ class WP_Users_List_Table extends WP_List_Table {
 	function extra_tablenav( $which ) {
 		if ( 'top' != $which )
 			return;
+		if ( ! current_user_can( 'promote_users' ) )
+			return;
 ?>
 	<div class="alignleft actions">
 		<label class="screen-reader-text" for="new_role"><?php _e( 'Change role to&hellip;' ) ?></label>
diff --git a/wp-admin/menu.php b/wp-admin/menu.php
index 30d0169cdf..f2eb867e10 100644
--- a/wp-admin/menu.php
+++ b/wp-admin/menu.php
@@ -191,13 +191,19 @@ else
 if ( current_user_can('list_users') ) {
 	$_wp_real_parent_file['profile.php'] = 'users.php'; // Back-compat for plugins adding submenus to profile.php.
 	$submenu['users.php'][5] = array(__('Users'), 'list_users', 'users.php');
-	$submenu['users.php'][10] = array(_x('Add New', 'user'), 'promote_users', 'user-new.php');
+	if ( current_user_can('create_users') )
+		$submenu['users.php'][10] = array(_x('Add New', 'user'), 'create_users', 'user-new.php');
+	else
+		$submenu['users.php'][10] = array(_x('Add New', 'user'), 'promote_users', 'user-new.php');
 
 	$submenu['users.php'][15] = array(__('Your Profile'), 'read', 'profile.php');
 } else {
 	$_wp_real_parent_file['users.php'] = 'profile.php';
 	$submenu['profile.php'][5] = array(__('Your Profile'), 'read', 'profile.php');
-	$submenu['profile.php'][10] = array(__('Add New User'), 'promote_users', 'user-new.php');
+	if ( current_user_can('create_users') )
+		$submenu['profile.php'][10] = array(__('Add New User'), 'create_users', 'user-new.php');
+	else
+		$submenu['profile.php'][10] = array(__('Add New User'), 'promote_users', 'user-new.php');
 }
 
 $menu[75] = array( __('Tools'), 'edit_posts', 'tools.php', '', 'menu-top menu-icon-tools', 'menu-tools', 'div' );
diff --git a/wp-admin/user-new.php b/wp-admin/user-new.php
index 0d958bc2ca..b9d87256fb 100644
--- a/wp-admin/user-new.php
+++ b/wp-admin/user-new.php
@@ -9,8 +9,12 @@
 /** WordPress Administration Bootstrap */
 require_once('./admin.php');
 
-if ( ! current_user_can('create_users') && ! current_user_can('promote_users') )
-	wp_die(__('Cheatin&#8217; uh?'));
+if ( is_multisite() ) {
+	if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) )
+		wp_die( __( 'Cheatin&#8217; uh?' ) );
+} elseif ( ! current_user_can( 'create_users' ) ) {
+	wp_die( __( 'Cheatin&#8217; uh?' ) );
+}
 
 if ( is_multisite() ) {
 	function admin_created_user_email( $text ) {
diff --git a/wp-admin/users.php b/wp-admin/users.php
index e557d450ac..044c806c89 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -48,6 +48,9 @@ switch ( $wp_list_table->current_action() ) {
 case 'promote':
 	check_admin_referer('bulk-users');
 
+	if ( ! current_user_can( 'promote_users' ) )
+		wp_die( __( 'You can&#8217;t edit that user.' ) );
+
 	if ( empty($_REQUEST['users']) ) {
 		wp_redirect($redirect);
 		exit();
@@ -352,7 +355,7 @@ if ( ! empty($messages) ) {
 echo esc_html( $title );
 if ( current_user_can( 'create_users' ) ) { ?>
 	<a href="user-new.php" class="button add-new-h2"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
-<?php } elseif ( current_user_can( 'promote_users' ) ) { ?>
+<?php } elseif ( is_multisite() && current_user_can( 'promote_users' ) ) { ?>
 	<a href="user-new.php" class="button add-new-h2"><?php echo esc_html_x( 'Add Existing', 'user' ); ?></a>
 <?php }