diff --git a/modules/cms/controllers/ThemeOptions.php b/modules/cms/controllers/ThemeOptions.php
index f8134773c..8ce11e4d6 100644
--- a/modules/cms/controllers/ThemeOptions.php
+++ b/modules/cms/controllers/ThemeOptions.php
@@ -67,7 +67,15 @@ class ThemeOptions extends Controller
     public function update_onSave($dirName = null)
     {
         $model = $this->getThemeData($this->getDirName($dirName));
-        $this->asExtension('FormController')->update_onSave($model->id);
+        $result = $this->asExtension('FormController')->update_onSave($model->id);
+
+        // Redirect close requests to the settings index when user doesn't have access
+        // to go back to the theme selection page
+        if (!$this->user->hasAccess('cms.manage_themes') && input('close')) {
+            $result = Backend::redirect('system/settings');
+        }
+
+        return $result;
     }
 
     public function update_onResetDefault($dirName = null)
diff --git a/modules/cms/controllers/Themes.php b/modules/cms/controllers/Themes.php
index 0f780b20e..55058f8cf 100644
--- a/modules/cms/controllers/Themes.php
+++ b/modules/cms/controllers/Themes.php
@@ -28,7 +28,10 @@ class Themes extends Controller
     /**
      * @var array Permissions required to view this page.
      */
-    public $requiredPermissions = ['cms.manage_themes'];
+    public $requiredPermissions = [
+        'cms.manage_themes',
+        'cms.manage_theme_options',
+    ];
 
     /**
      * Constructor.
@@ -47,7 +50,7 @@ class Themes extends Controller
          * Custom redirect for unauthorized request
          */
         $this->bindEvent('page.beforeDisplay', function() {
-            if (!$this->user->hasAnyAccess($this->requiredPermissions)) {
+            if (!$this->user->hasAccess('cms.manage_themes')) {
                 return Backend::redirect('cms/themeoptions/update');
             }
         });