diff --git a/packages/server/src/api/controllers/permission.js b/packages/server/src/api/controllers/permission.js
index 286ea5667c..2ecfe806cf 100644
--- a/packages/server/src/api/controllers/permission.js
+++ b/packages/server/src/api/controllers/permission.js
@@ -45,7 +45,7 @@ function getPermissionType(resourceId) {
   }
 }
 
-async function getBasePermissions(resourceId) {
+function getBasePermissions(resourceId) {
   const type = getPermissionType(resourceId)
   const permissions = {}
   for (let [roleId, role] of Object.entries(BUILTIN_ROLES)) {
@@ -153,6 +153,7 @@ exports.fetch = async function(ctx) {
       if (permissions[roleId] == null) {
         permissions[roleId] = {}
       }
+      // TODO: need to work this out
       for (let [resource, level] of Object.entries(role.permissions)) {
         permissions[roleId][resource] = higherPermission(
           permissions[roleId][resource],
@@ -173,16 +174,13 @@ exports.getResourcePerms = async function(ctx) {
     })
   )
   const roles = body.rows.map(row => row.doc)
-  const resourcePerms = {}
+  const resourcePerms = getBasePermissions(resourceId)
   for (let level of SUPPORTED_LEVELS) {
-    for (let role of roles)
     // update the various roleIds in the resource permissions
-    if (role.permissions && role.permissions[resourceId]) {
-      const roleId = getExternalRoleID(role._id)
-      resourcePerms[level] = higherPermission(
-        resourcePerms[roleId],
-        role.permissions[resourceId]
-      )
+    for (let role of roles) {
+      if (role.permissions && role.permissions[resourceId]) {
+        resourcePerms[level] = getExternalRoleID(role._id)
+      }
     }
   }
   ctx.body = resourcePerms
diff --git a/packages/server/src/utilities/security/roles.js b/packages/server/src/utilities/security/roles.js
index 0cd9d0621e..c6336dec97 100644
--- a/packages/server/src/utilities/security/roles.js
+++ b/packages/server/src/utilities/security/roles.js
@@ -56,6 +56,29 @@ function isBuiltin(role) {
   return exports.BUILTIN_ROLE_ID_ARRAY.some(builtin => role.includes(builtin))
 }
 
+/**
+ * Returns whichever builtin roleID is lower.
+ */
+exports.lowerBuiltinRoleID = (roleId1, roleId2) => {
+  const MAX = Object.values(BUILTIN_IDS).length + 1
+  function toNum(id) {
+    if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) {
+      return MAX
+    }
+    let role = exports.BUILTIN_ROLES[id],
+      count = 0
+    do {
+      if (!role) {
+        break
+      }
+      role = exports.BUILTIN_ROLES[role.inherits]
+      count++
+    } while (role !== null)
+    return count
+  }
+  return toNum(roleId1) > toNum(roleId2) ? roleId2 : roleId1
+}
+
 /**
  * Gets the role object, this is mainly useful for two purposes, to check if the level exists and
  * to check if the role inherits any others.
@@ -222,31 +245,6 @@ exports.getExternalRoleID = roleId => {
   return roleId
 }
 
-/**
- * Returns whichever roleID is lower.
- */
-exports.lowerRoleID = async (appId, roleId1, roleId2) => {
-  // TODO: need to make this function work
-  const MAX = Object.values(BUILTIN_IDS).length + 1
-  async function toNum(id) {
-    if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) {
-      return MAX
-    }
-    let role = await exports.getRole(appId, id),
-      count = 0
-    do {
-      if (!role) {
-        break
-      }
-      role = exports.BUILTIN_ROLES[role.inherits]
-      count++
-    } while (role !== null)
-    return count
-  }
-  const [num1, num2] = Promise.all([toNum(roleId1), toNum(roleId2)])
-  return num1 > num2 ? roleId2 : roleId1
-}
-
 exports.AccessController = AccessController
 exports.BUILTIN_ROLE_IDS = BUILTIN_IDS
 exports.isBuiltin = isBuiltin