diff --git a/src/components/Sidebar.js b/src/components/Sidebar.js
index 541215b50..6700c9145 100644
--- a/src/components/Sidebar.js
+++ b/src/components/Sidebar.js
@@ -13,6 +13,7 @@ import * as React from "react";
 import Spinner from "./Spinner";
 import AdminLink from "./AdminLink";
 import url from "../url";
+import { canCreateBucket } from "../permission";
 
 type SideBarLinkProps = {
   currentPath: string,
@@ -134,6 +135,7 @@ function BucketCollectionsMenu(props) {
 }
 
 type BucketsMenuProps = {
+  canCreateBucket: boolean,
   currentPath: string,
   busy: boolean,
   buckets: BucketEntry[],
@@ -195,6 +197,7 @@ class BucketsMenu extends PureComponent<BucketsMenuProps, BucketsMenuState> {
 
   render() {
     const {
+      canCreateBucket,
       currentPath,
       busy,
       buckets,
@@ -205,17 +208,19 @@ class BucketsMenu extends PureComponent<BucketsMenuProps, BucketsMenuState> {
     const filteredBuckets = filterBuckets(buckets, this.state);
     return (
       <div>
-        <div className="panel panel-default">
-          <div className="list-group">
-            <SideBarLink
-              name="bucket:create"
-              currentPath={currentPath}
-              params={{}}>
-              <i className="glyphicon glyphicon-plus" />
-              Create bucket
-            </SideBarLink>
+        {canCreateBucket && (
+          <div className="panel panel-default bucket-create">
+            <div className="list-group">
+              <SideBarLink
+                name="bucket:create"
+                currentPath={currentPath}
+                params={{}}>
+                <i className="glyphicon glyphicon-plus" />
+                Create bucket
+              </SideBarLink>
+            </div>
           </div>
-        </div>
+        )}
         <div className="panel panel-default sidebar-filters">
           <div className="panel-heading">
             <strong>Filters</strong>
@@ -326,6 +331,7 @@ export default class Sidebar extends PureComponent<SidebarProps> {
         </div>
         {authenticated && (
           <BucketsMenu
+            canCreateBucket={canCreateBucket(session)}
             busy={busy}
             buckets={buckets}
             currentPath={currentPath}
diff --git a/src/permission.js b/src/permission.js
index 62a8c5196..cc635570f 100644
--- a/src/permission.js
+++ b/src/permission.js
@@ -29,6 +29,14 @@ function can(
   return permEntries.length > 0;
 }
 
+export function canCreateBucket(session: SessionState): boolean {
+  return can(session, (perm: PermissionsListEntry) => {
+    return (
+      perm.resource_name == "root" && perm.permissions.includes("bucket:create")
+    );
+  });
+}
+
 export function canEditBucket(
   session: SessionState,
   bucket: BucketState
diff --git a/test/components/Sidebar_test.js b/test/components/Sidebar_test.js
index 4c796beb4..7875693a9 100644
--- a/test/components/Sidebar_test.js
+++ b/test/components/Sidebar_test.js
@@ -2,6 +2,7 @@ import { expect } from "chai";
 
 import { createSandbox, createComponent } from "../test_utils";
 import Sidebar from "../../src/components/Sidebar";
+import { clone } from "../../src/utils";
 
 describe("Sidebar component", () => {
   let sandbox;
@@ -48,12 +49,12 @@ describe("Sidebar component", () => {
       ],
     };
 
-    beforeEach(() => {
-      const params = { bid: "mybuck", cid: "mycoll" };
-      const location = { pathname: "" };
-      const capabilities = { history: {} };
-      const settings = { sidebarMaxListedCollections: 2 };
+    const params = { bid: "mybuck", cid: "mycoll" };
+    const location = { pathname: "" };
+    const capabilities = { history: {} };
+    const settings = { sidebarMaxListedCollections: 2 };
 
+    beforeEach(() => {
       node = createComponent(Sidebar, {
         match: { params },
         location,
@@ -96,5 +97,32 @@ describe("Sidebar component", () => {
 
       expect(targetEntry.classList.contains("active")).eql(true);
     });
+
+    describe("Create bucket", () => {
+      it("should be shown by default", () => {
+        node = createComponent(Sidebar, {
+          match: { params },
+          location,
+          session,
+          settings,
+          capabilities,
+        });
+        expect(node.querySelector(".bucket-create")).to.exist;
+      });
+
+      it("should be hidden if not allowed", () => {
+        const notAllowed = clone(session);
+        notAllowed.permissions = [{ resource_name: "root", permissions: [] }];
+
+        node = createComponent(Sidebar, {
+          match: { params },
+          location,
+          session: notAllowed,
+          settings,
+          capabilities,
+        });
+        expect(node.querySelector(".bucket-create")).to.not.exist;
+      });
+    });
   });
 });
diff --git a/test/permission_test.js b/test/permission_test.js
index 9f6959f1a..85a50d106 100644
--- a/test/permission_test.js
+++ b/test/permission_test.js
@@ -3,6 +3,7 @@ import { expect } from "chai";
 import {
   AUTHENTICATED,
   EVERYONE,
+  canCreateBucket,
   canEditBucket,
   canCreateCollection,
   canEditCollection,
@@ -14,8 +15,34 @@ import {
   permissionsToFormData,
 } from "../src/permission";
 
+describe("canCreateBucket", () => {
+  it("should always return true if no permissions list", () => {
+    const session = { permissions: null };
+    expect(canCreateBucket(session)).eql(true);
+  });
+
+  it("should return false if root perm is not listed", () => {
+    const session = { permissions: [{ bucket_id: "xyz" }] };
+    expect(canCreateBucket(session)).eql(false);
+  });
+
+  it("should return false if perm is not listed", () => {
+    const session = {
+      permissions: [{ resource_name: "root", permissions: [] }],
+    };
+    expect(canCreateBucket(session)).eql(false);
+  });
+
+  it("should return true if perm is listed", () => {
+    const session = {
+      permissions: [{ resource_name: "root", permissions: ["bucket:create"] }],
+    };
+    expect(canCreateBucket(session)).eql(true);
+  });
+});
+
 describe("canEditBucket", () => {
-  it("should always return true if no permisssions list", () => {
+  it("should always return true if no permissions list", () => {
     const session = { permissions: null };
     const bucket = {};
     expect(canEditBucket(session, bucket)).eql(true);