diff --git a/tailbone/templates/master/view_row.mako b/tailbone/templates/master/view_row.mako
index f8aa2acb..66756c3e 100644
--- a/tailbone/templates/master/view_row.mako
+++ b/tailbone/templates/master/view_row.mako
@@ -8,7 +8,7 @@
 </%def>
 
 <%def name="context_menu_items()">
-  <li>${h.link_to("Back to {}".format(parent_model_title), index_url)}</li>
+  <li>${h.link_to("Back to {}".format(parent_model_title), instance_url)}</li>
   % if master.rows_editable and instance_editable and request.has_perm('{}.edit'.format(permission_prefix)):
       <li>${h.link_to("Edit this {}".format(model_title), action_url('edit', instance))}</li>
   % endif
diff --git a/tailbone/views/master.py b/tailbone/views/master.py
index a263ffce..b445bf3e 100644
--- a/tailbone/views/master.py
+++ b/tailbone/views/master.py
@@ -3324,6 +3324,9 @@ class MasterView(View):
         """
         self.editing = True
         row = self.get_row_instance()
+        if not self.row_editable(row):
+            raise self.redirect(self.get_row_action_url('view', row))
+
         form = self.make_row_form(row)
 
         if self.request.method == 'POST':
@@ -3407,9 +3410,10 @@ class MasterView(View):
         """
         Desktop view which can "delete" a sub-row from the parent.
         """
-        row = self.Session.query(self.model_row_class).get(self.request.matchdict['row_uuid'])
-        if not row:
-            raise self.notfound()
+        row = self.get_row_instance()
+        if not self.row_deletable(row):
+            raise self.redirect(self.get_row_action_url('view', row))
+
         self.delete_row_object(row)
         return self.redirect(self.get_action_url('view', self.get_parent(row)))