diff --git a/Oqtane.Client/Modules/Controls/PermissionGrid.razor b/Oqtane.Client/Modules/Controls/PermissionGrid.razor
index 07cefc00..f1f6b904 100644
--- a/Oqtane.Client/Modules/Controls/PermissionGrid.razor
+++ b/Oqtane.Client/Modules/Controls/PermissionGrid.razor
@@ -106,7 +106,7 @@
 	public string PermissionNames { get; set; }
 
 	[Parameter]
-	public string Permissions { get; set; }
+	public string Permissions { get; set; } // deprecated - use PermissionList instead
 
 	[Parameter]
 	public List<Permission> PermissionList { get; set; }
@@ -138,40 +138,11 @@
 
 		// initialize permissions
 		_permissions = new List<Permission>();
-		foreach (string permissionname in _permissionnames)
-		{
-			// permission names can be in the form of "EntityName:PermissionName:Roles"
-			if (permissionname.Contains(":"))
-			{
-				var segments = permissionname.Split(':');
-				if (segments.Length == 3)
-				{
-					foreach (var role in segments[2].Split(';'))
-					{
-						_permissions.Add(new Permission(segments[0], segments[1], role, null, true));
-					}
-					// ensure admin access
-					if (!_permissions.Any(item => item.EntityName == segments[0] && item.PermissionName == segments[1] && item.Role.Name == RoleNames.Admin))
-					{
-						_permissions.Add(new Permission(segments[0], segments[1], RoleNames.Admin, null, true));
-					}
-				}
-			}
-			else
-			{
-				_permissions.Add(new Permission(EntityName, permissionname, RoleNames.Admin, null, true));
-			}
-		}
-
-		// populate permissions and users
 		if (PermissionList.Any())
 		{
 			foreach (var permission in PermissionList)
 			{
-				if (!_permissions.Any(item => item.EntityName == permission.EntityName && item.PermissionName == permission.PermissionName && item.Role.Name == permission.Role.Name))
-				{
-					_permissions.Add(permission);
-				}
+				_permissions.Add(permission);
 				if (permission.UserId != null)
 				{
 					if (!_users.Any(item => item.UserId == permission.UserId.Value))
@@ -181,6 +152,33 @@
 				}
 			}
 		}
+		else
+		{
+			foreach (string permissionname in _permissionnames)
+			{
+				// permission names can be in the form of "EntityName:PermissionName:Roles"
+				if (permissionname.Contains(":"))
+				{
+					var segments = permissionname.Split(':');
+					if (segments.Length == 3)
+					{
+						foreach (var role in segments[2].Split(';'))
+						{
+							_permissions.Add(new Permission(segments[0], segments[1], role, null, true));
+						}
+						// ensure admin access
+						if (!_permissions.Any(item => item.EntityName == segments[0] && item.PermissionName == segments[1] && item.Role.Name == RoleNames.Admin))
+						{
+							_permissions.Add(new Permission(segments[0], segments[1], RoleNames.Admin, null, true));
+						}
+					}
+				}
+				else
+				{
+					_permissions.Add(new Permission(EntityName, permissionname, RoleNames.Admin, null, true));
+				}
+			}
+		}
 	}
 
 	private string GetPermissionName(string permissionName)
@@ -246,7 +244,7 @@
 		if (roleName != "")
 		{
 			var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.Role.Name == roleName);
-			if (permission == null)
+			if (permission != null)
 			{
 				_permissions.Remove(permission);
 			}
@@ -258,7 +256,7 @@
 		else
 		{
 			var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.UserId == userId);
-			if (permission == null)
+			if (permission != null)
 			{
 				_permissions.Remove(permission);
 			}
@@ -309,7 +307,7 @@
 	{
 		// remove deny all users, unauthenticated, and registered users
 		var permissions = _permissions.Where(item => !item.IsAuthorized && 
-			(item.Role.Name == RoleNames.Everyone || item.Role.Name == RoleNames.Unauthenticated || item.Role.Name == RoleNames.Registered));
+			(item.Role.Name == RoleNames.Everyone || item.Role.Name == RoleNames.Unauthenticated || item.Role.Name == RoleNames.Registered)).ToList();
 		foreach (var permission in permissions)
 		{
 			_permissions.Remove(permission);
@@ -318,7 +316,7 @@
 		{
 			// remove deny administrators and host users
 			permissions = _permissions.Where(item => !item.IsAuthorized &&
-				(item.Role.Name == RoleNames.Admin || item.Role.Name == RoleNames.Host));
+				(item.Role.Name == RoleNames.Admin || item.Role.Name == RoleNames.Host)).ToList();
 			foreach (var permission in permissions)
 			{
 				_permissions.Remove(permission);
diff --git a/Oqtane.Server/Repository/PermissionRepository.cs b/Oqtane.Server/Repository/PermissionRepository.cs
index c3f4acc6..cfc82ed4 100644
--- a/Oqtane.Server/Repository/PermissionRepository.cs
+++ b/Oqtane.Server/Repository/PermissionRepository.cs
@@ -1,13 +1,10 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Text;
-using System.Text.Json;
 using Microsoft.EntityFrameworkCore;
 using Oqtane.Models;
 using Microsoft.Extensions.Caching.Memory;
 using Oqtane.Infrastructure;
-using Oqtane.Modules.Admin.Users;
 
 namespace Oqtane.Repository
 {