diff --git a/src/main/java/org/olat/admin/user/SystemRolesAndRightsController.java b/src/main/java/org/olat/admin/user/SystemRolesAndRightsController.java
index 87e73f0d015b69b4e2787b39c0424bffc528bc20..23af88426d56847e2b7bb0d036063e1b13bc79be 100644
--- a/src/main/java/org/olat/admin/user/SystemRolesAndRightsController.java
+++ b/src/main/java/org/olat/admin/user/SystemRolesAndRightsController.java
@@ -30,12 +30,14 @@ import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.stream.Collectors;
 
 import org.olat.admin.user.bulkChange.UserBulkChangeManager;
 import org.olat.basesecurity.BaseSecurity;
 import org.olat.basesecurity.BaseSecurityModule;
 import org.olat.basesecurity.OrganisationRoles;
 import org.olat.basesecurity.OrganisationService;
+import org.olat.basesecurity.model.OrganisationRefImpl;
 import org.olat.core.commons.persistence.DB;
 import org.olat.core.gui.UserRequest;
 import org.olat.core.gui.components.form.flexible.FormItem;
@@ -329,6 +331,7 @@ public class SystemRolesAndRightsController extends FormBasicController {
 		for(MultipleSelectionElement roleEl:rolesEls) {
 			rolesCont.remove(roleEl);
 		}
+		rolesEls.clear();
 		initFormRoles();
 		update();
 	}
@@ -395,19 +398,42 @@ public class SystemRolesAndRightsController extends FormBasicController {
 	@Override
 	protected boolean validateFormLogic(UserRequest ureq) {
 		boolean allOk = super.validateFormLogic(ureq);
-		
+
 		if(rolesEls.isEmpty()) {
-			
 			allOk &= false;
 		} else {
+			rolesEls.get(0).clearError();
+			
 			int numOfRoles = 0;
+			Set<String> allSelectedRoles = new HashSet<>();
 			for(MultipleSelectionElement rolesEl:rolesEls) {
-				numOfRoles += rolesEl.getSelectedKeys().size();
+				Collection<String> selectedRoles = rolesEl.getSelectedKeys();
+				numOfRoles += selectedRoles.size();
+				allSelectedRoles.addAll(selectedRoles);
 			}
 			
 			if(numOfRoles == 0) {
 				rolesEls.get(0).setErrorKey("error.roles.atleastone", null);
 				allOk &= false;
+			} else if(!allSelectedRoles.contains(OrganisationRoles.invitee.name()) && !allSelectedRoles.contains(OrganisationRoles.user.name())) {
+				Roles currentRoles = securityManager.getRoles(editedIdentity, false);
+				List<OrganisationRef> userOrgs = currentRoles.getOrganisationsWithRole(OrganisationRoles.user)
+						.stream().map(OrganisationRefImpl::new).collect(Collectors.toList());
+				List<OrganisationRef> inviteeOrgs = currentRoles.getOrganisationsWithRole(OrganisationRoles.invitee)
+						.stream().map(OrganisationRefImpl::new).collect(Collectors.toList());
+				Set<OrganisationRef> allOrgRefs = new HashSet<>();
+				allOrgRefs.addAll(userOrgs);
+				allOrgRefs.addAll(inviteeOrgs);
+				
+				for(MultipleSelectionElement rolesEl:rolesEls) {
+					RolesElement rolesElement = (RolesElement)rolesEl.getUserObject();
+					allOrgRefs.remove(new OrganisationRefImpl(rolesElement.getOrganisation()));
+				}
+				
+				if(allOrgRefs.isEmpty()) {
+					rolesEls.get(0).setErrorKey("error.roles.atleastone.userorinvitee", null);
+					allOk &= false;
+				}
 			}
 		}
 
diff --git a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_de.properties b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_de.properties
index 5c3d2f8056c9e2d8ebf80ae01ba7a94573087205..d1868a1815f7d7a722464f6c236c99751fb7a624 100644
--- a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_de.properties
+++ b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_de.properties
@@ -47,6 +47,7 @@ error.search.form.notempty=F\u00FCllen Sie bitte mindestens ein Feld aus.
 error.search.form.to.short=Suchbegriff ist zu kurz.
 error.search.maxResults=Zuviele Treffer wurde gefunden. Nur die ersten {0} werden angezeigt.
 error.roles.atleastone=Mindestens eine Rolle ist erforderlich
+error.roles.atleastone.userorinvitee=Mindestens eine Rolle "$\:role.user" oder "$\:role.invitee" ist erforderlich.
 export.user.data=Daten exportieren
 export.user.data.title=Benutzerdaten von "{0}" exportieren
 form.password.new1=Neues Passwort
diff --git a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_en.properties b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_en.properties
index c848fcc5d2c75822d5286506a7fc989919320ed6..ca5e7b1706ba0a0e96d75128d140c3ddb710b72f 100644
--- a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_en.properties
+++ b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_en.properties
@@ -42,6 +42,7 @@ error.no.user.found=No user was found with these attributes. Please try again.
 error.noaccess.to.user=You do not have enough rights to edit this user. Please contact {0}.
 error.password.nomatch=The two new passwords do not match.
 error.roles.atleastone=At least one role is mandatory
+error.roles.atleastone.userorinvitee=At least a role "$\:role.user" or "$\:role.invitee" is mandatory.
 error.search.form.no.valid.datechooser=Please indicate a valid date.
 error.search.form.no.wildcard.dublicates=Search terms including `**` are not allowed.
 error.search.form.notempty=Please fill in at least one field.
diff --git a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_fr.properties b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_fr.properties
index 580d2442c4ba8688a8aa105ab9b242cb84558522..44b8617fc155f02d062c27422b3e2f79482bfba2 100644
--- a/src/main/java/org/olat/admin/user/_i18n/LocalStrings_fr.properties
+++ b/src/main/java/org/olat/admin/user/_i18n/LocalStrings_fr.properties
@@ -42,6 +42,7 @@ error.no.user.found=Aucun utilisateur avec ces coordonn\u00E9es n'a pu \u00EAtre
 error.noaccess.to.user=Vous n'avez pas assez de droits pour \u00E9diter cet utilisateur. Adressez-vous \u00E0 {0}.
 error.password.nomatch=Les deux nouveaux mots de passe ne sont pas identiques.
 error.roles.atleastone=Au minimum un r\u00F4le est n\u00E9cessaire
+error.roles.atleastone.userorinvitee=Au minimum le role "$\:role.user" ou "$\:role.invitee" est obligatoire.
 error.search.form.no.valid.datechooser=Indiquez une date valide, svp.
 error.search.form.no.wildcard.dublicates=Les termes de recherche incluant `**` ne sont pas permis.
 error.search.form.notempty=Veuillez remplir au minimum un champ du formulaire SVP. 
diff --git a/src/main/java/org/olat/basesecurity/model/OrganisationRefImpl.java b/src/main/java/org/olat/basesecurity/model/OrganisationRefImpl.java
index b13f83513905a76726c44f21f5b648bd7cabc1b3..5c98c72a8e7159f1e4cfb73cbd09ea8cd7fd1870 100644
--- a/src/main/java/org/olat/basesecurity/model/OrganisationRefImpl.java
+++ b/src/main/java/org/olat/basesecurity/model/OrganisationRefImpl.java
@@ -34,6 +34,10 @@ public class OrganisationRefImpl implements OrganisationRef {
 	public OrganisationRefImpl(Long key) {
 		this.key = key;
 	}
+	
+	public OrganisationRefImpl(OrganisationRef ref) {
+		this(ref.getKey());
+	}
 
 	@Override
 	public Long getKey() {