diff --git a/api4/role.go b/api4/role.go
index 944b290dbb..0ce9ddc4a4 100644
--- a/api4/role.go
+++ b/api4/role.go
@@ -110,8 +110,16 @@ func patchRole(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 	auditRec.AddMeta("role", oldRole)
 
-	if oldRole.Name == model.SYSTEM_ADMIN_ROLE_ID {
-		c.Err = model.NewAppError("Api4.PatchRoles", "api.roles.patch_roles.admin_role.error", nil, "", http.StatusNotImplemented)
+	// manage_system permission is required to patch system_admin
+	requiredPermission := model.PERMISSION_SYSCONSOLE_WRITE_USERMANAGEMENT_PERMISSIONS
+	specialProtectedSystemRoles := append(model.NewSystemRoleIDs, model.SYSTEM_ADMIN_ROLE_ID)
+	for _, roleID := range specialProtectedSystemRoles {
+		if oldRole.Name == roleID {
+			requiredPermission = model.PERMISSION_MANAGE_SYSTEM
+		}
+	}
+	if !c.App.SessionHasPermissionTo(*c.App.Session(), requiredPermission) {
+		c.SetPermissionError(requiredPermission)
 		return
 	}
 
diff --git a/i18n/en.json b/i18n/en.json
index 2da5e9945e..d9ec041e60 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -1954,10 +1954,6 @@
     "id": "api.restricted_system_admin",
     "translation": "This action is forbidden to a restricted system admin."
   },
-  {
-    "id": "api.roles.patch_roles.admin_role.error",
-    "translation": "System Admin role cannot be edited or changed"
-  },
   {
     "id": "api.roles.patch_roles.license.error",
     "translation": "Your license does not support advanced permissions."