diff --git a/app/__init__.py b/app/__init__.py
index 77bf25a47..daf382713 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -65,7 +65,6 @@ def create_app(app_name=None):
     from app.job.rest import job as job_blueprint
     from app.notifications.rest import notifications as notifications_blueprint
     from app.invite.rest import invite as invite_blueprint
-    from app.permission.rest import permission as permission_blueprint
     from app.accept_invite.rest import accept_invite
     from app.notifications_statistics.rest import notifications_statistics as notifications_statistics_blueprint
     from app.template_statistics.rest import template_statistics as template_statistics_blueprint
@@ -79,7 +78,6 @@ def create_app(app_name=None):
     application.register_blueprint(notifications_blueprint)
     application.register_blueprint(job_blueprint)
     application.register_blueprint(invite_blueprint)
-    application.register_blueprint(permission_blueprint, url_prefix='/permission')
     application.register_blueprint(accept_invite, url_prefix='/invite')
     application.register_blueprint(notifications_statistics_blueprint)
     application.register_blueprint(template_statistics_blueprint)
diff --git a/app/dao/permissions_dao.py b/app/dao/permissions_dao.py
index 525b39a0f..adb484ff9 100644
--- a/app/dao/permissions_dao.py
+++ b/app/dao/permissions_dao.py
@@ -32,30 +32,6 @@ class PermissionDAO(DAOClass):
     class Meta:
         model = Permission
 
-    # TODO rework this as last filter wins, whereas what is needed is
-    # append to filter so that semantics are 'and'
-    def get_query(self, filter_by_dict=None):
-        if filter_by_dict is None:
-            filter_by_dict = MultiDict()
-        else:
-            filter_by_dict = MultiDict(filter_by_dict)
-        query = self.Meta.model.query
-        if 'id' in filter_by_dict:
-            query = query.filter(Permission.id.in_(filter_by_dict.getlist('id')))
-        if 'service' in filter_by_dict:
-            service_ids = filter_by_dict.getlist('service')
-            if len(service_ids) == 1:
-                query.filter_by(service=Service.query.get(service_ids[0]))
-            # TODO the join method for multiple services
-        if 'user' in filter_by_dict:
-            user_ids = filter_by_dict.getlist('user')
-            if len(user_ids) == 1:
-                query = query.filter_by(user=User.query.get(user_ids[0]))
-            # TODO the join method for multiple users
-        if 'permission' in filter_by_dict:
-            query = query.filter(Permission.permission.in_(filter_by_dict.getlist('permission')))
-        return query
-
     def add_default_service_permissions_for_user(self, user, service):
         for name in default_service_permissions:
             permission = Permission(permission=name, user=user, service=service)
@@ -82,5 +58,8 @@ class PermissionDAO(DAOClass):
             if _commit:
                 db.session.commit()
 
+    def get_permissions_by_user_id(self, user_id):
+        return self.Meta.model.query.filter_by(user_id=user_id).all()
+
 
 permission_dao = PermissionDAO()
diff --git a/app/permission/__init__.py b/app/permission/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/app/permission/rest.py b/app/permission/rest.py
deleted file mode 100644
index 89266b88b..000000000
--- a/app/permission/rest.py
+++ /dev/null
@@ -1,26 +0,0 @@
-
-from flask import (jsonify, request, abort, Blueprint, current_app)
-from app.schemas import permission_schema
-from app.errors import register_errors
-from app.dao.permissions_dao import permission_dao
-
-permission = Blueprint('permission', __name__)
-register_errors(permission)
-
-
-@permission.route('', methods=['GET'])
-def get_permissions():
-    data, errors = permission_schema.dump(
-        permission_dao.get_query(filter_by_dict=request.args), many=True)
-    if errors:
-        abort(500, errors)
-    return jsonify(data=data)
-
-
-@permission.route('/<permission_id>', methods=['GET'])
-def get_permission(permission_id):
-    inst = permission_dao.get_query(filter_by_dict={'id': permission_id}).one()
-    data, errors = permission_schema.dump(inst)
-    if errors:
-        abort(500, errors)
-    return jsonify(data=data)
diff --git a/app/schemas.py b/app/schemas.py
index 7d20012cf..07385df81 100644
--- a/app/schemas.py
+++ b/app/schemas.py
@@ -70,7 +70,7 @@ class UserSchema(BaseSchema):
 
     def user_permissions(self, usr):
         retval = {}
-        for x in permission_dao.get_query({'user': usr.id}):
+        for x in permission_dao.get_permissions_by_user_id(usr.id):
             service_id = str(x.service_id)
             if service_id not in retval:
                 retval[service_id] = []
diff --git a/migrations/versions/0030_service_id_not_null.py b/migrations/versions/0030_service_id_not_null.py
new file mode 100644
index 000000000..0cf223184
--- /dev/null
+++ b/migrations/versions/0030_service_id_not_null.py
@@ -0,0 +1,29 @@
+"""empty message
+
+Revision ID: 0030_service_id_not_null
+Revises: 0029_fix_email_from
+Create Date: 2016-06-15 15:51:41.355149
+
+"""
+
+# revision identifiers, used by Alembic.
+
+from sqlalchemy.dialects import postgresql
+
+revision = '0030_service_id_not_null'
+down_revision = '0029_fix_email_from'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+    op.alter_column('permissions', 'service_id',
+               existing_type=postgresql.UUID(),
+               nullable=True)
+
+
+def downgrade():
+    op.alter_column('permissions', 'service_id',
+               existing_type=postgresql.UUID(),
+               nullable=False)
\ No newline at end of file
diff --git a/tests/app/permissions/__init__.py b/tests/app/permissions/__init__.py
deleted file mode 100644
index e69de29bb..000000000
diff --git a/tests/app/permissions/test_rest.py b/tests/app/permissions/test_rest.py
deleted file mode 100644
index 941fea99f..000000000
--- a/tests/app/permissions/test_rest.py
+++ /dev/null
@@ -1,91 +0,0 @@
-import json
-from flask import url_for
-from app.models import Permission
-from tests import create_authorization_header
-from ..conftest import sample_permission as create_permission
-
-
-def test_get_permission_list(notify_api, notify_db, notify_db_session, sample_permission):
-    """
-    Tests GET endpoint '/' to retrieve entire permission list.
-    """
-    with notify_api.test_request_context():
-        with notify_api.test_client() as client:
-            header = create_authorization_header()
-            response = client.get(
-                url_for('permission.get_permissions'),
-                headers=[header])
-            assert response.status_code == 200
-            json_resp = json.loads(response.get_data(as_text=True))
-            assert len(json_resp['data']) == 8
-            expected = {
-                "permission": sample_permission.permission,
-                "user": str(sample_permission.user.id),
-                "id": str(sample_permission.id),
-                "service": str(sample_permission.service.id)
-            }
-            assert expected in json_resp['data']
-
-
-def test_get_permission_filter(notify_api,
-                               notify_db,
-                               notify_db_session,
-                               sample_permission,
-                               sample_user,
-                               sample_service):
-    """
-    Tests GET endpoint '/' to retrieve filtered permission list.
-    """
-    with notify_api.test_request_context():
-        with notify_api.test_client() as client:
-            header = create_authorization_header()
-            response = client.get(
-                url_for('permission.get_permissions', service=str(sample_service.id)),
-                headers=[header])
-            assert response.status_code == 200
-            json_resp = json.loads(response.get_data(as_text=True))
-            another_permission = Permission.query.filter_by(
-                service_id=str(sample_service.id)).first()
-            expected = {
-                "permission": another_permission.permission,
-                "user": str(sample_user.id),
-                "id": str(another_permission.id),
-                "service": str(sample_service.id)
-            }
-            assert expected in json_resp['data']
-
-
-def test_get_permission(notify_api, notify_db, notify_db_session, sample_permission):
-    """
-    Tests GET endpoint '/<permission_id>' to retrieve a single permission.
-    """
-    with notify_api.test_request_context():
-        with notify_api.test_client() as client:
-            header = create_authorization_header()
-            response = client.get(
-                url_for('permission.get_permission', permission_id=str(sample_permission.id)),
-                headers=[header])
-            assert response.status_code == 200
-            json_resp = json.loads(response.get_data(as_text=True))
-            expected = {
-                "permission": sample_permission.permission,
-                "user": str(sample_permission.user.id),
-                "id": str(sample_permission.id),
-                "service": str(sample_permission.service.id)
-            }
-            assert expected == json_resp['data']
-
-
-def test_get_permission_404(notify_api, notify_db, notify_db_session, sample_permission):
-    """
-    Tests GET endpoint '/<invalid_id>' returns a correct 404
-    """
-    with notify_api.test_request_context():
-        with notify_api.test_client() as client:
-            header = create_authorization_header()
-            response = client.get(
-                url_for('permission.get_permission', permission_id="123"),
-                headers=[header])
-            assert response.status_code == 404
-            json_resp = json.loads(response.get_data(as_text=True))
-            assert json_resp['message'] == 'No result found'