diff --git a/libraries/chain/asset_evaluator.cpp b/libraries/chain/asset_evaluator.cpp
index e8b4b0fe..5b3bde4f 100644
--- a/libraries/chain/asset_evaluator.cpp
+++ b/libraries/chain/asset_evaluator.cpp
@@ -223,10 +223,14 @@ void_result asset_update_evaluator::do_evaluate(const asset_update_operation& o)
       }
    }
 
-   //There must be no bits set in o.permissions which are unset in a.issuer_permissions.
+   // new issuer_permissions must be subset of old issuer permissions
    FC_ASSERT(!(o.new_options.issuer_permissions & ~a.options.issuer_permissions),
              "Cannot reinstate previously revoked issuer permissions on an asset.");
 
+   // changed flags must be subset of old issuer permissions
+   FC_ASSERT(!((o.new_options.flags ^ a.options.flags) & ~a.options.issuer_permissions),
+             "Flag change is forbidden by issuer permissions");
+
    asset_to_update = &a;
    FC_ASSERT( o.issuer == a.issuer, "", ("o.issuer", o.issuer)("a.issuer", a.issuer) );
 
diff --git a/libraries/chain/protocol/asset_ops.cpp b/libraries/chain/protocol/asset_ops.cpp
index 59830be7..ccc68093 100644
--- a/libraries/chain/protocol/asset_ops.cpp
+++ b/libraries/chain/protocol/asset_ops.cpp
@@ -168,8 +168,6 @@ void asset_options::validate()const
    FC_ASSERT( max_market_fee >= 0 && max_market_fee <= GRAPHENE_MAX_SHARE_SUPPLY );
    // There must be no high bits in permissions whose meaning is not known.
    FC_ASSERT( !(issuer_permissions & ~ASSET_ISSUER_PERMISSION_MASK) );
-   // There must be no high bits in flags which are not also high in permissions.
-   FC_ASSERT( !(flags & ~issuer_permissions ) );
    // The global_settle flag may never be set (this is a permission only)
    FC_ASSERT( !(flags & global_settle) );
    core_exchange_rate.validate();