diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index 0965be35b..bb6c6d8bd 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -229,8 +229,10 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
         throws GuacamoleException {
 
         // Only create object if user has permission to do so
-        if (user.getUser().isAdministrator() || hasCreatePermission(user))
+        if (user.getUser().isAdministrator() || hasCreatePermission(user)) {
             getObjectMapper().insert(object.getModel());
+            return;
+        }
 
         // User lacks permission to create 
         throw new GuacamoleSecurityException("Permission denied.");
@@ -259,8 +261,10 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
         
         // Only delete object if user has permission to do so
         if (user.getUser().isAdministrator()
-                || permissionSet.hasPermission(ObjectPermission.Type.DELETE, identifier))
+                || permissionSet.hasPermission(ObjectPermission.Type.DELETE, identifier)) {
             getObjectMapper().delete(identifier);
+            return;
+        }
 
         // User lacks permission to delete 
         throw new GuacamoleSecurityException("Permission denied.");
@@ -289,8 +293,10 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
         
         // Only update object if user has permission to do so
         if (user.getUser().isAdministrator()
-                || permissionSet.hasPermission(ObjectPermission.Type.UPDATE, object.getIdentifier()))
+                || permissionSet.hasPermission(ObjectPermission.Type.UPDATE, object.getIdentifier())) {
             getObjectMapper().update(object.getModel());
+            return;
+        }
 
         // User lacks permission to update
         throw new GuacamoleSecurityException("Permission denied.");
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
index d5be7d234..fa4f4d375 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
@@ -22,6 +22,7 @@
 
 package net.sourceforge.guacamole.net.auth.mysql.service;
 
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
@@ -57,27 +58,27 @@ public abstract class PermissionService<PermissionType extends Permission, Model
     protected abstract PermissionMapper<ModelType> getPermissionMapper();
 
     /**
-     * Returns an instance of a permission which is backed by the given model
+     * Returns an instance of a permission which is based on the given model
      * object.
      *
      * @param model
-     *     The model object to use to back the returned permission.
+     *     The model object to use to produce the returned permission.
      *
      * @return
-     *     A permission which is backed by the given model object.
+     *     A permission which is based on the given model object.
      */
     protected abstract PermissionType getPermissionInstance(ModelType model);
 
     /**
-     * Returns a collection of permissions which are backed by the models in
+     * Returns a collection of permissions which are based on the models in
      * the given collection.
      *
      * @param models
-     *     The model objects to use to back the permissions within the returned
-     *     set.
+     *     The model objects to use to produce the permissions within the
+     *     returned set.
      *
      * @return
-     *     A set of permissions which are backed by the models in the given
+     *     A set of permissions which are based on the models in the given
      *     collection.
      */
     protected Set<PermissionType> getPermissionInstances(Collection<ModelType> models) {
@@ -91,6 +92,49 @@ public abstract class PermissionService<PermissionType extends Permission, Model
         
     }
 
+    /**
+     * Returns an instance of a model object which is based on the given
+     * permission and target user.
+     *
+     * @param targetUser
+     *     The user to whom this permission is granted.
+     *
+     * @param permission
+     *     The permission to use to produce the returned model object.
+     *
+     * @return
+     *     A model object which is based on the given permission and target
+     *     user.
+     */
+    protected abstract ModelType getModelInstance(MySQLUser targetUser,
+            PermissionType permission);
+    
+    /**
+     * Returns a collection of model objects which are based on the given
+     * permissions and target user.
+     *
+     * @param targetUser
+     *     The user to whom this permission is granted.
+     *
+     * @param permissions
+     *     The permissions to use to produce the returned model objects.
+     *
+     * @return
+     *     A collection of model objects which are based on the given
+     *     permissions and target user.
+     */
+    protected Collection<ModelType> getModelInstances(MySQLUser targetUser,
+            Collection<PermissionType> permissions) {
+
+        // Create new collection of models by manually converting each permission 
+        Collection<ModelType> models = new ArrayList<ModelType>(permissions.size());
+        for (PermissionType permission : permissions)
+            models.add(getModelInstance(targetUser, permission));
+
+        return models;
+
+    }
+    
     /**
      * Retrieves all permissions associated with the given user.
      *
@@ -115,7 +159,7 @@ public abstract class PermissionService<PermissionType extends Permission, Model
             return getPermissionInstances(getPermissionMapper().select(targetUser.getModel()));
 
         // User cannot read this user's permissions
-        throw new GuacamoleSecurityException("Permision denied.");
+        throw new GuacamoleSecurityException("Permission denied.");
         
     }
 
@@ -126,6 +170,9 @@ public abstract class PermissionService<PermissionType extends Permission, Model
      * @param user
      *     The user creating the permissions.
      *
+     * @param targetUser
+     *     The user associated with the permissions to be created.
+     *
      * @param permissions 
      *     The permissions to create.
      *
@@ -134,6 +181,7 @@ public abstract class PermissionService<PermissionType extends Permission, Model
      *     occurs while creating the permissions.
      */
     public abstract void createPermissions(AuthenticatedUser user,
+            MySQLUser targetUser,
             Collection<PermissionType> permissions) throws GuacamoleException;
 
     /**
@@ -143,6 +191,9 @@ public abstract class PermissionService<PermissionType extends Permission, Model
      * @param user
      *     The user deleting the permissions.
      *
+     * @param targetUser
+     *     The user associated with the permissions to be deleted.
+     *
      * @param permissions
      *     The permissions to delete.
      *
@@ -151,6 +202,7 @@ public abstract class PermissionService<PermissionType extends Permission, Model
      *     occurs while deleting the permissions.
      */
     public abstract void deletePermissions(AuthenticatedUser user,
+            MySQLUser targetUser,
             Collection<PermissionType> permissions) throws GuacamoleException;
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
index 4e0579111..5680568fd 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
@@ -25,9 +25,11 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 import com.google.inject.Inject;
 import java.util.Collection;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
 import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 
 /**
@@ -52,21 +54,95 @@ public class SystemPermissionService
 
     @Override
     protected SystemPermission getPermissionInstance(SystemPermissionModel model) {
-        // TODO: Will need an implementation-specific SystemPermission, but this
-        // will suffice for testing
         return new SystemPermission(model.getType());
     }
 
     @Override
-    public void createPermissions(AuthenticatedUser user,
-            Collection<SystemPermission> permissions) throws GuacamoleException {
-        // TODO: Implement, including perm checks
+    protected SystemPermissionModel getModelInstance(final MySQLUser targetUser,
+            final SystemPermission permission) {
+
+        // Populate and return model object
+        return new SystemPermissionModel() {
+
+            /**
+             * The ID of the user to whom this permission is granted.
+             */
+            private Integer userID = targetUser.getModel().getUserID();
+
+            /**
+             * The username of the user to whom this permission is granted.
+             */
+            private String username = targetUser.getModel().getUsername();
+
+            /**
+             * The type of action granted by this permission.
+             */
+            private SystemPermission.Type type = permission.getType();
+            
+            @Override
+            public Integer getUserID() {
+                return userID;
+            }
+
+            @Override
+            public void setUserID(Integer userID) {
+                this.userID = userID;
+            }
+
+            @Override
+            public String getUsername() {
+                return username;
+            }
+
+            @Override
+            public void setUsername(String username) {
+                this.username = username;
+            }
+
+            @Override
+            public SystemPermission.Type getType() {
+                return type;
+            }
+
+            @Override
+            public void setType(SystemPermission.Type type) {
+                this.type = type;
+            }
+
+        };
+        
     }
 
     @Override
-    public void deletePermissions(AuthenticatedUser user,
+    public void createPermissions(AuthenticatedUser user, MySQLUser targetUser,
             Collection<SystemPermission> permissions) throws GuacamoleException {
-        // TODO: Implement, including perm checks
+
+        // Only an admin can create system permissions
+        if (user.getUser().isAdministrator()) {
+            Collection<SystemPermissionModel> models = getModelInstances(targetUser, permissions);
+            systemPermissionMapper.insert(models);
+            return;
+        }
+
+        // User lacks permission to create system permissions
+        throw new GuacamoleSecurityException("Permission denied.");
+        
+    }
+
+    @Override
+    public void deletePermissions(AuthenticatedUser user, MySQLUser targetUser,
+            Collection<SystemPermission> permissions) throws GuacamoleException {
+
+        // Only an admin can delete system permissions
+        if (user.getUser().isAdministrator()) {
+            Collection<SystemPermissionModel> models = getModelInstances(targetUser, permissions);
+            systemPermissionMapper.delete(models);
+            return;
+        }
+
+        // User lacks permission to delete system permissions
+        throw new GuacamoleSecurityException("Permission denied.");
+        
     }
 
 }