diff --git a/core/model/DatabaseAdmin.php b/core/model/DatabaseAdmin.php
index 1264e34cc..03f2b9a08 100644
--- a/core/model/DatabaseAdmin.php
+++ b/core/model/DatabaseAdmin.php
@@ -19,6 +19,26 @@ class DatabaseAdmin extends Controller {
 		'testinstall',
 		'import'
 	);
+	
+	function init() {
+		parent::init();
+		
+		// We allow access to this controller regardless of live-status or ADMIN permission only
+		// if on CLI or with the database not ready. The latter makes it less errorprone to do an
+		// initial schema build without requiring a default-admin login.
+		// Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
+		$canAccess = (
+			Director::isDev() 
+			|| !Security::database_is_ready() 
+			|| Director::is_cli() 
+			|| Permission::check("ADMIN")
+		);
+		if(!$canAccess) {
+			return Security::permissionFailure($this,
+				"This page is secured and you need administrator rights to access it. " .
+				"Enter your credentials below and we will send you right along.");
+		}
+	}
 
 	/**
 	 * Get the data classes, grouped by their root class
@@ -62,13 +82,6 @@ class DatabaseAdmin extends Controller {
 	 * Updates the database schema, creating tables & fields as necessary.
 	 */
 	function build() {
-		if(Director::isLive() && Security::database_is_ready() && !Director::is_cli() && !Permission::check("ADMIN")) {
-			Security::permissionFailure($this,
-				"This page is secured and you need administrator rights to access it. " .
-				"Enter your credentials below and we will send you right along.");
-			return;
-		}
-
 		// The default time limit of 30 seconds is normally not enough
 		if(ini_get("safe_mode") != "1") {
 			set_time_limit(600);
diff --git a/dev/DevelopmentAdmin.php b/dev/DevelopmentAdmin.php
index a40eb3b98..8fe8ba74b 100644
--- a/dev/DevelopmentAdmin.php
+++ b/dev/DevelopmentAdmin.php
@@ -16,10 +16,22 @@ class DevelopmentAdmin extends Controller {
 		'$Action//$Action/$ID' => 'handleAction',
 	);
 	
-	
 	function init() {
 		parent::init();
 		
+		// We allow access to this controller regardless of live-status or ADMIN permission only
+		// if on CLI.  Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
+		$canAccess = (
+			Director::isDev() 
+			|| Director::is_cli() 
+			|| Permission::check("ADMIN")
+		);
+		if(!$canAccess) {
+			return Security::permissionFailure($this,
+				"This page is secured and you need administrator rights to access it. " .
+				"Enter your credentials below and we will send you right along.");
+		}
+		
 		// check for valid url mapping
 		// lacking this information can cause really nasty bugs,
 		// e.g. when running Director::test() from a FunctionalTest instance