diff --git a/cmd/users.go b/cmd/users.go
index f76dad3..bf48d5e 100644
--- a/cmd/users.go
+++ b/cmd/users.go
@@ -205,8 +205,10 @@ func handleCreateUser(r *fastglue.Request) error {
 	}
 
 	// Upsert user teams.
-	if err := app.team.UpsertUserTeams(user.ID, user.Teams.Names()); err != nil {
-		return sendErrorEnvelope(r, err)
+	if len(user.Teams) > 0 {
+		if err := app.team.UpsertUserTeams(user.ID, user.Teams.Names()); err != nil {
+			return sendErrorEnvelope(r, err)
+		}
 	}
 
 	if user.SendWelcomeEmail {
diff --git a/internal/role/role.go b/internal/role/role.go
index bd8f612..9d7ea06 100644
--- a/internal/role/role.go
+++ b/internal/role/role.go
@@ -134,7 +134,7 @@ func (u *Manager) Update(id int, r models.Role) error {
 // validatePermissions returns true if all given permissions are valid
 func (u *Manager) validatePermissions(permissions []string) error {
 	if len(permissions) == 0 {
-		return envelope.NewError(envelope.InputError, "Permissions cannot be empty", nil)
+		return envelope.NewError(envelope.InputError, "Select at least one permission", nil)
 	}
 	for _, perm := range permissions {
 		if !amodels.IsValidPermission(perm) {