diff --git a/src/c3nav/control/migrations/0016_remove_userpermissions_control_panel.py b/src/c3nav/control/migrations/0016_remove_userpermissions_control_panel.py
new file mode 100644
index 00000000..fef6ba6b
--- /dev/null
+++ b/src/c3nav/control/migrations/0016_remove_userpermissions_control_panel.py
@@ -0,0 +1,17 @@
+# Generated by Django 5.0.8 on 2024-12-12 22:40
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('control', '0015_userpermissions_view_users_and_more'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='userpermissions',
+            name='control_panel',
+        ),
+    ]
diff --git a/src/c3nav/control/models.py b/src/c3nav/control/models.py
index 7190e991..f1be9933 100644
--- a/src/c3nav/control/models.py
+++ b/src/c3nav/control/models.py
@@ -9,6 +9,7 @@ from django.utils.functional import cached_property, lazy
 from django.utils.translation import gettext_lazy as _
 
 from c3nav.mapdata.models import Space
+from c3nav.mapdata.models.access import AccessPermission
 
 
 class UserPermissions(models.Model):
@@ -25,7 +26,6 @@ class UserPermissions(models.Model):
     base_mapdata_access = models.BooleanField(default=False, verbose_name=_('can always access base map data'))
     manage_map_updates = models.BooleanField(default=False, verbose_name=_('manage map updates'))
 
-    control_panel = models.BooleanField(default=False, verbose_name=_('can access control panel'))
     view_users = models.BooleanField(default=False, verbose_name=_('view user list in control panel'))
     grant_permissions = models.BooleanField(default=False, verbose_name=_('can grant control permissions'))
     manage_announcements = models.BooleanField(default=False, verbose_name=_('manage announcements'))
@@ -54,6 +54,18 @@ class UserPermissions(models.Model):
                 if isinstance(field, models.BooleanField):
                     setattr(self, field.name, True)
 
+    @property
+    def control_panel(self):
+        return (
+            self.view_users
+            or self.grant_permissions
+            or self.manage_announcements
+            or self.grant_all_access
+            or self.grant_unlimited_access
+            or self.grant_space_access
+            or AccessPermission.get_for_user(user=self.user, can_grant=True)
+        )
+
     @staticmethod
     def get_cache_key(pk):
         return 'control:permissions:%d' % pk
diff --git a/src/c3nav/mapdata/models/access.py b/src/c3nav/mapdata/models/access.py
index d1e1d8ff..1053272b 100644
--- a/src/c3nav/mapdata/models/access.py
+++ b/src/c3nav/mapdata/models/access.py
@@ -310,7 +310,7 @@ class AccessPermission(models.Model):
         return permissions
 
     @classmethod
-    def get_for_request(cls, request) -> set[int]:
+    def get_for_request(cls, request, can_grant: bool = False) -> set[int]:
         if not request:
             return AccessRestriction.get_all_public()
 
@@ -320,13 +320,13 @@ class AccessPermission(models.Model):
         cache_key = cls.request_access_permission_key(request)
         access_restriction_ids = cache.get(cache_key, None)
         if access_restriction_ids is None or True:
-            permissions = cls.get_for_request_with_expire_date(request)
+            permissions = cls.get_for_request_with_expire_date(request, can_grant=can_grant)
 
             access_restriction_ids = set(permissions.keys())
 
             expire_date = min((e for e in permissions.values() if e), default=timezone.now() + timedelta(seconds=120))
             cache.set(cache_key, access_restriction_ids, max(0.0, (expire_date - timezone.now()).total_seconds()))
-        return set(access_restriction_ids) | AccessRestriction.get_all_public()
+        return set(access_restriction_ids) | (set() if can_grant else AccessRestriction.get_all_public())
 
     @classmethod
     def get_for_user_with_expire_date(cls, user, can_grant=None):
@@ -358,7 +358,7 @@ class AccessPermission(models.Model):
         return permissions
 
     @classmethod
-    def get_for_user(cls, user) -> set[int]:
+    def get_for_user(cls, user, can_grant: bool = False) -> set[int]:
         from c3nav.control.models import UserPermissions
         if not user or not user.is_authenticated:
             return AccessRestriction.get_all_public()
@@ -369,13 +369,13 @@ class AccessPermission(models.Model):
         cache_key = cls.build_access_permission_key(user_id=user.pk)
         access_restriction_ids = cache.get(cache_key, None)
         if access_restriction_ids is None or True:
-            permissions = cls.get_for_user_with_expire_date(user)
+            permissions = cls.get_for_user_with_expire_date(user, can_grant=can_grant)
 
             access_restriction_ids = set(permissions.keys())
 
             expire_date = min((e for e in permissions.values() if e), default=timezone.now()+timedelta(seconds=120))
             cache.set(cache_key, access_restriction_ids, max(0.0, (expire_date-timezone.now()).total_seconds()))
-        return set(access_restriction_ids) | AccessRestriction.get_all_public()
+        return set(access_restriction_ids) | (set() if can_grant else AccessRestriction.get_all_public())
 
     @classmethod
     def cache_key_for_request(cls, request, with_update=True):