diff --git a/actions/newgroup.php b/actions/newgroup.php
index 05520223c0f7c6fb5b64e77545547503f8ffeaae..04441e71c64952c3d42f5096e51984568c0b7a8f 100644
--- a/actions/newgroup.php
+++ b/actions/newgroup.php
@@ -66,6 +66,13 @@ class NewgroupAction extends Action
             return false;
         }
 
+        $user = common_current_user();
+        $profile = $user->getProfile();
+        if (!$profile->hasRight(Right::CREATEGROUP)) {
+            // TRANS: Client exception thrown when a user tries to create a group while banned.
+            throw new ClientException(_('You are not allowed to create groups on this site.'), 403);
+        }
+
         return true;
     }
 
diff --git a/classes/Profile.php b/classes/Profile.php
index 2e88f17ad3d787b665750359a7d5726464a5e4b2..00e076a624744a677650177134401bd3aca322a3 100644
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -909,6 +909,7 @@ class Profile extends Memcached_DataObject
             case Right::NEWNOTICE:
             case Right::NEWMESSAGE:
             case Right::SUBSCRIBE:
+            case Right::CREATEGROUP:
                 $result = !$this->isSilenced();
                 break;
             case Right::PUBLICNOTICE:
diff --git a/classes/User_group.php b/classes/User_group.php
index 7d6e219148374f49545d1937ba469b961c7ce97b..f223164d04f25004df852a114611803ff65b2482 100644
--- a/classes/User_group.php
+++ b/classes/User_group.php
@@ -465,6 +465,16 @@ class User_group extends Memcached_DataObject
     }
 
     static function register($fields) {
+        if (!empty($fields['userid'])) {
+            $profile = Profile::staticGet('id', $fields['userid']);
+            if ($profile && !$profile->hasRight(Right::CREATEGROUP)) {
+                common_log(LOG_WARNING, "Attempted group creation from banned user: " . $profile->nickname);
+
+                // TRANS: Client exception thrown when a user tries to create a group while banned.
+                throw new ClientException(_('You are not allowed to create groups on this site.'), 403);
+            }
+        }
+
         // MAGICALLY put fields into current scope
 
         extract($fields);
diff --git a/lib/right.php b/lib/right.php
index bacbea5f2966dc6afd20d1708f92f57b58225e8a..ccabd00c92061925a36d427a80b9988eeb19aef3 100644
--- a/lib/right.php
+++ b/lib/right.php
@@ -61,5 +61,6 @@ class Right
     const GRANTROLE          = 'grantrole';
     const REVOKEROLE         = 'revokerole';
     const DELETEGROUP        = 'deletegroup';
+    const CREATEGROUP        = 'creategroup';
 }