diff --git a/app/main/forms.py b/app/main/forms.py
index 3cbfb7390..ad9036e1c 100644
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -104,7 +104,7 @@ class RegisterUserFromInviteForm(Form):
     mobile_number = mobile_number()
     password = password()
     service = HiddenField('service')
-    email_address = email_address()
+    email_address = HiddenField('email_address')
 
 
 class InviteUserForm(Form):
diff --git a/app/notify_client/models.py b/app/notify_client/models.py
index eacd0decb..9c8093ff4 100644
--- a/app/notify_client/models.py
+++ b/app/notify_client/models.py
@@ -88,7 +88,7 @@ class User(UserMixin):
         if service_id in self._permissions:
             if or_:
                 return any([x in self._permissions[service_id] for x in permissions])
-            return set(self._permissions[service_id]) > set(permissions)
+            return set(self._permissions[service_id]) >= set(permissions)
         return False
 
     @property
diff --git a/app/templates/views/register-from-invite.html b/app/templates/views/register-from-invite.html
index b08e8d24f..7e7e81aaa 100644
--- a/app/templates/views/register-from-invite.html
+++ b/app/templates/views/register-from-invite.html
@@ -12,12 +12,12 @@ Create an account – GOV.UK Notify
   <div class="column-two-thirds">
     <h1 class="heading-large">Create an account</h1>
     <form method="post" autocomplete="nope">
-      {{ textbox(form.email_address, width='3-4', disabled=True ) }}
       {{ textbox(form.name, width='3-4') }}
       {{ textbox(form.mobile_number, width='3-4') }}
       {{ textbox(form.password, hint="Your password must have at least 10 characters", width='3-4') }}
       {{ page_footer("Continue") }}
       {{form.service}}
+      {{form.email_address}}
     </form>
   </div>
 </div>
diff --git a/tests/app/main/test_utils.py b/tests/app/main/test_utils.py
index 6ab9b555f..3356ad7ef 100644
--- a/tests/app/main/test_utils.py
+++ b/tests/app/main/test_utils.py
@@ -58,6 +58,18 @@ def test_user_has_permissions_multiple(app_,
             response = decorated_index()
 
 
+def test_exact_permissions(app_,
+                           api_user_active,
+                           mock_login,
+                           mock_get_user_with_permissions):
+    with app_.test_request_context():
+        with app_.test_client() as client:
+            client.login(api_user_active)
+            decorator = user_has_permissions('manage_users', 'manage_templates', 'manage_settings')
+            decorated_index = decorator(index)
+            response = decorated_index()
+
+
 def test_validate_header_row():
     row = {'bad': '+44 7700 900981'}
     try:
diff --git a/tests/app/main/views/test_accept_invite.py b/tests/app/main/views/test_accept_invite.py
index cfd1abb18..a302def3f 100644
--- a/tests/app/main/views/test_accept_invite.py
+++ b/tests/app/main/views/test_accept_invite.py
@@ -101,13 +101,13 @@ def test_new_user_accept_invite_calls_api_and_views_registration_page(app_,
             assert page.h1.string.strip() == 'Create an account'
 
             form = page.find('form')
-            email = form.find('input', id='email_address')
             name = form.find('input', id='name')
             password = form.find('input', id='password')
             service = form.find('input', type='hidden', id='service')
+            email = form.find('input', type='hidden', id='email_address')
 
             assert email
-            assert email.attrs['disabled']
+            assert email.attrs['value'] == 'invited_user@test.gov.uk'
             assert name
             assert password
             assert service