diff --git a/code/extensions/FileSubsites.php b/code/extensions/FileSubsites.php
index 0c5a438..6c898df 100644
--- a/code/extensions/FileSubsites.php
+++ b/code/extensions/FileSubsites.php
@@ -113,7 +113,7 @@ class FileSubsites extends DataExtension {
 			return true;
 		} else {
 			Session::set('SubsiteID', $this->owner->SubsiteID);
-			$access = Permission::check('CMS_ACCESS_AssetAdmin');
+			$access = Permission::check(array('CMS_ACCESS_AssetAdmin', 'CMS_ACCESS_LeftAndMain'));
 			Session::set('SubsiteID', $subsiteID);
 
 			return $access;
diff --git a/code/extensions/LeftAndMainSubsites.php b/code/extensions/LeftAndMainSubsites.php
index 7a1fb69..dd4fc20 100644
--- a/code/extensions/LeftAndMainSubsites.php
+++ b/code/extensions/LeftAndMainSubsites.php
@@ -165,10 +165,16 @@ class LeftAndMainSubsites extends Extension {
 	function canAccess() {
 		// Admin can access everything, no point in checking.
 		$member = Member::currentUser();
-		if($member && Permission::checkMember($member, 'ADMIN')) return true;
+		if($member &&
+		(
+			Permission::checkMember($member, 'ADMIN') || // 'Full administrative rights' in SecurityAdmin
+			Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain') // 'Access to all CMS sections' in SecurityAdmin
+		)) {
+			return true;
+		}
 
 		// Check if we have access to current section on the current subsite.
-		$accessibleSites = $this->owner->sectionSites($member);
+		$accessibleSites = $this->owner->sectionSites(true, "Main site", $member);
 		if ($accessibleSites->count() && $accessibleSites->find('ID', Subsite::currentSubsiteID())) {
 			// Current section can be accessed on the current site, all good.
 			return true;
diff --git a/code/model/Subsite.php b/code/model/Subsite.php
index aa19bae..5be9c62 100644
--- a/code/model/Subsite.php
+++ b/code/model/Subsite.php
@@ -308,7 +308,7 @@ class Subsite extends DataObject implements PermissionProvider {
 			->leftJoin('Group_Subsites', "\"Group_Subsites\".\"SubsiteID\" = \"Subsite\".\"ID\"")
 			->innerJoin('Group', "\"Group\".\"ID\" = \"Group_Subsites\".\"GroupID\" OR \"Group\".\"AccessAllSubsites\" = 1")
 			->innerJoin('Group_Members', "\"Group_Members\".\"GroupID\"=\"Group\".\"ID\" AND \"Group_Members\".\"MemberID\" = $member->ID")
-			->innerJoin('Permission', "\"Group\".\"ID\"=\"Permission\".\"GroupID\" AND \"Permission\".\"Code\" IN ($SQL_codes, 'ADMIN')");
+			->innerJoin('Permission', "\"Group\".\"ID\"=\"Permission\".\"GroupID\" AND \"Permission\".\"Code\" IN ($SQL_codes, 'CMS_ACCESS_LeftAndMain', 'ADMIN')");
 
 		if(!$subsites) $subsites = new ArrayList();
 
@@ -319,7 +319,7 @@ class Subsite extends DataObject implements PermissionProvider {
 			->innerJoin('Group_Members', "\"Group_Members\".\"GroupID\"=\"Group\".\"ID\" AND \"Group_Members\".\"MemberID\" = $member->ID")
 			->innerJoin('Group_Roles', "\"Group_Roles\".\"GroupID\"=\"Group\".\"ID\"")
 			->innerJoin('PermissionRole', "\"Group_Roles\".\"PermissionRoleID\"=\"PermissionRole\".\"ID\"")
-			->innerJoin('PermissionRoleCode', "\"PermissionRole\".\"ID\"=\"PermissionRoleCode\".\"RoleID\" AND \"PermissionRoleCode\".\"Code\" IN ($SQL_codes, 'ADMIN')");
+			->innerJoin('PermissionRoleCode', "\"PermissionRole\".\"ID\"=\"PermissionRoleCode\".\"RoleID\" AND \"PermissionRoleCode\".\"Code\" IN ($SQL_codes, 'CMS_ACCESS_LeftAndMain', 'ADMIN')");
 
 		if(!$subsites && $rolesSubsites) return $rolesSubsites;