diff --git a/zephyr/management/commands/knight.py b/zephyr/management/commands/knight.py
index 1337aaeb9b..d229571c5f 100644
--- a/zephyr/management/commands/knight.py
+++ b/zephyr/management/commands/knight.py
@@ -8,7 +8,7 @@ from django.core.exceptions import ValidationError
 from django.db.utils import IntegrityError
 from django.core import validators
 
-from guardian.shortcuts import assign_perm
+from guardian.shortcuts import assign_perm, remove_perm
 
 from zephyr.models import Realm, UserProfile
 
@@ -19,6 +19,12 @@ ONLY perform this on customer request from an authorized person.
 """
 
     option_list = BaseCommand.option_list + (
+        make_option('--revoke',
+                    dest='grant',
+                    action="store_false",
+                    default=True,
+                    help='Remove an administrator\'s rights.'),
+        )
 
     def handle(self, *args, **options):
         try:
@@ -29,8 +35,16 @@ ONLY perform this on customer request from an authorized person.
             profile = UserProfile.objects.get(email=email)
         except ValidationError:
             raise CommandError("No such user.")
-        if profile.has_perm('administer', profile.realm):
-            raise CommandError("User already has permission for this realm.")
+
+        if options['grant']:
+            if profile.has_perm('administer', profile.realm):
+                raise CommandError("User already has permission for this realm.")
+            else:
+                assign_perm('administer', profile, profile.realm)
+                print "Done!"
         else:
-            assign_perm('administer', profile, profile.realm)
-            print "Done!"
+            if profile.has_perm('administer', profile.realm):
+                remove_perm('administer', profile, profile.realm)
+                print "Done!"
+            else:
+                raise CommandError("User did not have permission for this realm!")