diff --git a/apps/dav/lib/SystemTag/SystemTagNode.php b/apps/dav/lib/SystemTag/SystemTagNode.php
index c8fe5f35239c305f5426263ee89ac005fdec1acc..f139a3335c88cc93b729ed779510b706cd0f5365 100644
--- a/apps/dav/lib/SystemTag/SystemTagNode.php
+++ b/apps/dav/lib/SystemTag/SystemTagNode.php
@@ -56,16 +56,25 @@ class SystemTagNode implements \Sabre\DAV\INode {
 	 */
 	protected $user;
 
+	/**
+	 * Whether to allow permissions for admins
+	 *
+	 * @var bool
+	 */
+	protected $isAdmin;
+
 	/**
 	 * Sets up the node, expects a full path name
 	 *
 	 * @param ISystemTag $tag system tag
 	 * @param IUser $user user
+	 * @param bool $isAdmin whether to allow operations for admins
 	 * @param ISystemTagManager $tagManager tag manager
 	 */
-	public function __construct(ISystemTag $tag, IUser $user, ISystemTagManager $tagManager) {
+	public function __construct(ISystemTag $tag, IUser $user, $isAdmin, ISystemTagManager $tagManager) {
 		$this->tag = $tag;
 		$this->user = $user;
+		$this->isAdmin = $isAdmin;
 		$this->tagManager = $tagManager;
 	}
 
@@ -117,13 +126,14 @@ class SystemTagNode implements \Sabre\DAV\INode {
 				throw new Forbidden('No permission to update tag ' . $this->tag->getId());
 			}
 
-			// FIXME: admin should be able to change permissions still
-
-			// only renaming is allowed for regular users
-			if ($userVisible !== $this->tag->isUserVisible()
-				|| $userAssignable !== $this->tag->isUserAssignable()
-			) {
-				throw new Forbidden('No permission to update permissions for tag ' . $this->tag->getId());
+			// only admin is able to change permissions, regular users can only rename
+			if (!$this->isAdmin) {
+				// only renaming is allowed for regular users
+				if ($userVisible !== $this->tag->isUserVisible()
+					|| $userAssignable !== $this->tag->isUserAssignable()
+				) {
+					throw new Forbidden('No permission to update permissions for tag ' . $this->tag->getId());
+				}
 			}
 
 			$this->tagManager->updateTag($this->tag->getId(), $name, $userVisible, $userAssignable);
diff --git a/apps/dav/lib/SystemTag/SystemTagsByIdCollection.php b/apps/dav/lib/SystemTag/SystemTagsByIdCollection.php
index deaa154d46f3906da853ebf71857c84a26881d97..2b24bce9f35f33e09f38f5d2630938b92186bd8d 100644
--- a/apps/dav/lib/SystemTag/SystemTagsByIdCollection.php
+++ b/apps/dav/lib/SystemTag/SystemTagsByIdCollection.php
@@ -174,6 +174,6 @@ class SystemTagsByIdCollection implements ICollection {
 	 * @return SystemTagNode
 	 */
 	private function makeNode(ISystemTag $tag) {
-		return new SystemTagNode($tag, $this->userSession->getUser(), $this->tagManager);
+		return new SystemTagNode($tag, $this->userSession->getUser(), $this->isAdmin(), $this->tagManager);
 	}
 }