diff --git a/changelog/24660.txt b/changelog/24660.txt
new file mode 100644
index 0000000000..415944299e
--- /dev/null
+++ b/changelog/24660.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: The UI can now be used to create or update database roles by operator without permission on the database connection.
+```
diff --git a/ui/app/adapters/database/role.js b/ui/app/adapters/database/role.js
index 848719e37a..2a3002c1d1 100644
--- a/ui/app/adapters/database/role.js
+++ b/ui/app/adapters/database/role.js
@@ -164,7 +164,7 @@ export default ApplicationAdapter.extend({
         db: db[0],
       });
     } catch (e) {
-      throw new Error('Could not update allowed roles for selected database. Check Vault logs for details');
+      this.checkError(e);
     }
 
     return this.ajax(this.urlFor(backend, id, roleType), 'POST', { data }).then(() => {
@@ -180,12 +180,16 @@ export default ApplicationAdapter.extend({
     const backend = snapshot.attr('backend');
     const id = snapshot.attr('name');
     const db = snapshot.attr('database');
-    await this._updateAllowedRoles(store, {
-      role: id,
-      backend,
-      db: db[0],
-      type: 'remove',
-    });
+    try {
+      await this._updateAllowedRoles(store, {
+        role: id,
+        backend,
+        db: db[0],
+        type: 'remove',
+      });
+    } catch (e) {
+      this.checkError(e);
+    }
 
     return this.ajax(this.urlFor(backend, id, roleType), 'DELETE');
   },
@@ -199,4 +203,14 @@ export default ApplicationAdapter.extend({
 
     return this.ajax(this.urlFor(backend, id, roleType), 'POST', { data }).then(() => data);
   },
+
+  checkError(e) {
+    if (e.httpStatus === 403) {
+      // The user does not have the permission to update the connection. This
+      // can happen if their permissions are limited to the role. In that case
+      // we ignore the error and continue updating the role.
+      return;
+    }
+    throw new Error(`Could not update allowed roles for selected database: ${e.errors.join(', ')}`);
+  },
 });
diff --git a/ui/app/components/database-role-edit.js b/ui/app/components/database-role-edit.js
index 3379650e6e..9672fe6760 100644
--- a/ui/app/components/database-role-edit.js
+++ b/ui/app/components/database-role-edit.js
@@ -27,9 +27,6 @@ export default class DatabaseRoleEdit extends Component {
 
   get warningMessages() {
     const warnings = {};
-    if (this.args.model.canUpdateDb === false) {
-      warnings.database = `You don’t have permissions to update this database connection, so this role cannot be created.`;
-    }
     if (
       (this.args.model.type === 'dynamic' && this.args.model.canCreateDynamic === false) ||
       (this.args.model.type === 'static' && this.args.model.canCreateStatic === false)