diff --git a/src/Controller/APIRoleController.php b/src/Controller/APIRoleController.php
index f842c056..ee6a1bfd 100644
--- a/src/Controller/APIRoleController.php
+++ b/src/Controller/APIRoleController.php
@@ -11,6 +11,7 @@ use Doctrine\ORM\Query;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Validator\Validator\ValidatorInterface;
+use Doctrine\DBAL\Exception\ForeignKeyConstraintViolationException;
 
 use App\Menu\Generator as MenuGenerator;
 use App\Access\Generator as ACLGenerator;
@@ -272,7 +273,19 @@ class APIRoleController extends BaseController
             ], 422);
         } else {
             // validated! save the entity
-            $em->flush();
+            // catch the exception in case user updated the id
+            try 
+            {
+                $em->flush();
+            }
+            catch(ForeignKeyConstraintViolationException $e)
+            {
+                $error_array['id'] = 'Role has already been assigned to user/s and id cannot be updated';
+                return $this->json([
+                    'success' => false,
+                    'errors' => $error_array
+                ], 403);
+            }
 
             // return successful response
             return $this->json([
diff --git a/templates/api-role/form.html.twig b/templates/api-role/form.html.twig
index ae79ba34..d6c90443 100644
--- a/templates/api-role/form.html.twig
+++ b/templates/api-role/form.html.twig
@@ -116,7 +116,7 @@
                     }
                 });
             }).fail(function(response) {
-                if (response.status == 422) {
+                if (response.status == 422 || response.status == 403) {
                     var errors = response.responseJSON.errors;
                     var firstfield = false;