diff --git a/back/methods/account/privileges.js b/back/methods/account/privileges.js
index 6510779f2..f3f500e7d 100644
--- a/back/methods/account/privileges.js
+++ b/back/methods/account/privileges.js
@@ -44,15 +44,28 @@ module.exports = Self => {
         if (!user.hasGrant)
             throw new UserError(`You don't have grant privilege`);
 
-        const userToUpdate = await models.Account.findById(id, ['name', 'hasGrant', 'roleFk'], myOptions);
+        const [userToUpdate] = await models.Account.find({
+            fields: ['id', 'name', 'hasGrant', 'roleFk', 'password'],
+            include: {
+                relation: 'role',
+                scope: {
+                    fields: ['name']
+                }
+            },
+            where: {
+                id: id
+            }
+        }, myOptions);
+
         if (hasGrant != null)
             userToUpdate.hasGrant = hasGrant;
 
         if (roleFk) {
             const role = await models.Role.findById(roleFk, {fields: ['name']}, myOptions);
             const hasRole = await models.Account.hasRole(userId, role.name, myOptions);
+            const hasRoleFromUser = await models.Account.hasRole(userId, userToUpdate.role().name, myOptions);
 
-            if (!hasRole)
+            if (!hasRole || !hasRoleFromUser)
                 throw new UserError(`You don't own the role and you can't assign it to another user`);
 
             userToUpdate.roleFk = roleFk;
diff --git a/back/models/account.json b/back/models/account.json
index c25cd532d..d0c17e70f 100644
--- a/back/models/account.json
+++ b/back/models/account.json
@@ -102,6 +102,13 @@
 			"principalType": "ROLE",
 			"principalId": "$authenticated",
 			"permission": "ALLOW"
+		},
+		{
+			"property": "privileges",
+			"accessType": "*",
+			"principalType": "ROLE",
+			"principalId": "$authenticated",
+			"permission": "ALLOW"
 		}
 	]
 }
diff --git a/db/changes/10490-august/00-user_hasGrant.sql b/db/changes/10490-august/00-user_hasGrant.sql
index 05a09f87b..60d1273d8 100644
--- a/db/changes/10490-august/00-user_hasGrant.sql
+++ b/db/changes/10490-august/00-user_hasGrant.sql
@@ -1,4 +1 @@
 ALTER TABLE `account`.`user` ADD hasGrant TINYINT(1) NOT NULL;
-
-INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
-    VALUES('Account', 'privileges', '*', 'ALLOW', 'ROLE', '$authenticated');
diff --git a/modules/account/front/privileges/locale/es.yml b/modules/account/front/privileges/locale/es.yml
index 17f1ef29e..d66a7a6cf 100644
--- a/modules/account/front/privileges/locale/es.yml
+++ b/modules/account/front/privileges/locale/es.yml
@@ -1,2 +1,2 @@
 Privileges: Privilegios
-Has grant: Puede dar privilegios
+Has grant: Puede delegar privilegios
diff --git a/package.json b/package.json
index 92ca13e45..573e42335 100644
--- a/package.json
+++ b/package.json
@@ -37,7 +37,7 @@
         "node-ssh": "^11.0.0",
         "object-diff": "0.0.4",
         "object.pick": "^1.3.0",
-        "puppeteer": "^18.0.5",
+        "puppeteer": "^19.0.0",
         "read-chunk": "^3.2.0",
         "require-yaml": "0.0.1",
         "sharp": "^0.27.1",