diff --git a/tailbone/forms/core.py b/tailbone/forms/core.py
index 1088ca9b..98d11a45 100644
--- a/tailbone/forms/core.py
+++ b/tailbone/forms/core.py
@@ -1044,12 +1044,22 @@ class FieldList(list):
     """
 
     def insert_before(self, field, newfield):
-        i = self.index(field)
-        self.insert(i, newfield)
+        if field in self:
+            i = self.index(field)
+            self.insert(i, newfield)
+        else:
+            log.warning("field '%s' not found, will append new field: %s",
+                        field, newfield)
+            self.append(newfield)
 
     def insert_after(self, field, newfield):
-        i = self.index(field)
-        self.insert(i + 1, newfield)
+        if field in self:
+            i = self.index(field)
+            self.insert(i + 1, newfield)
+        else:
+            log.warning("field '%s' not found, will append new field: %s",
+                        field, newfield)
+            self.append(newfield)
 
 
 @colander.deferred
diff --git a/tailbone/views/users.py b/tailbone/views/users.py
index ecff3bb9..d9815f50 100644
--- a/tailbone/views/users.py
+++ b/tailbone/views/users.py
@@ -69,6 +69,7 @@ class UserView(PrincipalMasterView):
         'active_sticky',
         'set_password',
         'roles',
+        'permissions',
     ]
 
     row_grid_columns = [
@@ -256,11 +257,12 @@ class UserView(PrincipalMasterView):
 
         if self.viewing:
             permissions = self.request.registry.settings.get('tailbone_permissions', {})
-            f.append('permissions')
             f.set_renderer('permissions', PermissionsRenderer(request=self.request,
                                                               permissions=permissions,
                                                               include_guest=True,
                                                               include_authenticated=True))
+        else:
+            f.remove('permissions')
 
         if self.viewing or self.deleting:
             f.remove('set_password')