diff --git a/code/forms/GridFieldSortableRows.php b/code/forms/GridFieldSortableRows.php
index 29bdd59..a8b2263 100644
--- a/code/forms/GridFieldSortableRows.php
+++ b/code/forms/GridFieldSortableRows.php
@@ -25,6 +25,11 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
 			$state->sortableToggle = false;
 		}
 		
+		//Ensure user can edit
+		if(!singleton($gridField->getModelClass())->canEdit()){
+			return array();
+		}
+		
 		
 		//Sort order toggle
 		$sortOrderToggle = Object::create(
@@ -122,6 +127,10 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
 	 * @param Array $data Data submitted in the request
 	 */
 	private function saveGridRowSort(GridField $gridField, $data) {
+		if(!singleton($gridField->getModelClass())->canEdit()){
+			throw new ValidationException(_t('GridFieldSortableRows.EditPermissionsFailure', "No edit permissions"),0);
+		}
+		
 		if (empty($data['Items'])) {
 			user_error('No items to sort', E_USER_ERROR);
 		}
@@ -138,6 +147,11 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
 		}
 		
 		
+		//Start transaction if supported
+		if(DB::getConn()->supportsTransactions()) {
+			DB::getConn()->transactionStart();
+		}
+		
 		$data['Items'] = explode(',', $data['Items']);
 		for($sort = 0;$sort<count($data['Items']);$sort++) {
 			$id = intval($data['Items'][$sort]);
@@ -151,6 +165,11 @@ class GridFieldSortableRows implements GridField_HTMLProvider, GridField_ActionP
 				$obj->write();
 			}
 		}
+		
+		//End transaction if supported
+		if(DB::getConn()->supportsTransactions()) {
+			DB::getConn()->transactionEnd();
+		}
 	}
 }
 ?>
\ No newline at end of file
diff --git a/lang/en.yml b/lang/en.yml
index 44f2f4e..728e0be 100644
--- a/lang/en.yml
+++ b/lang/en.yml
@@ -1,4 +1,5 @@
 en:
   GridFieldSortableRows:
     ALLOW_DRAG_DROP: "Allow Drag and Drop"
-    DISABLE_PAGINATOR: "Disable Pagenator"
\ No newline at end of file
+    DISABLE_PAGINATOR: "Disable Pagenator"
+    EditPermissionsFailure: "No edit permissions"
\ No newline at end of file
diff --git a/tests/forms/GridFieldSortableRowsTest.php b/tests/forms/GridFieldSortableRowsTest.php
new file mode 100644
index 0000000..5cf7fcd
--- /dev/null
+++ b/tests/forms/GridFieldSortableRowsTest.php
@@ -0,0 +1,65 @@
+<?php
+class GridFieldSortableRowsTest extends SapphireTest {
+
+	/** @var ArrayList */
+	protected $list;
+	
+	/** @var GridField */
+	protected $gridField;
+	
+	/** @var Form */
+	protected $form;
+	
+	/** @var string */
+	public static $fixture_file = 'GridFieldSortableRowsTest.yml';
+
+	/** @var array */
+	protected $extraDataObjects = array('GridFieldAction_SortOrder_Team');
+	
+	public function setUp() {
+		parent::setUp();
+		$this->list = DataList::create('GridFieldAction_SortOrder_Team');
+		$config = GridFieldConfig::create()->addComponent(new GridFieldSortableRows('SortOrder'));
+		$this->gridField = new GridField('testfield', 'testfield', $this->list, $config);
+		$this->form = new Form(new Controller(), 'mockform', new FieldList(array($this->gridField)), new FieldList());
+	}
+	
+	public function testSortActionWithoutCorrectPermission() {
+		if(Member::currentUser()) { Member::currentUser()->logOut(); }
+		$this->setExpectedException('ValidationException');
+		
+		$stateID = 'testGridStateActionField';
+		Session::set($stateID, array('grid'=>'', 'actionName'=>'saveGridRowSort', 'args'=>array('GridFieldSortableRows'=>array('sortableToggle'=>true))));
+		$request = new SS_HTTPRequest('POST', 'url', array('Items'=>'1,3,2'), array('action_gridFieldAlterAction?StateID='.$stateID=>true));
+		$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
+		$this->assertEquals(3, $this->list->count(), 'User should\'t be able to sort records without correct permissions.');
+	}
+	
+	public function testSortActionWithAdminPermission() {
+		$this->logInWithPermission('ADMIN');
+		$stateID = 'testGridStateActionField';
+		Session::set($stateID, array('grid'=>'', 'actionName'=>'saveGridRowSort', 'args'=>array('GridFieldSortableRows'=>array('sortableToggle'=>true))));
+		$request = new SS_HTTPRequest('POST', 'url', array('Items'=>'1,3,2'), array('action_gridFieldAlterAction?StateID='.$stateID=>true));
+		$this->gridField->gridFieldAlterAction(array('StateID'=>$stateID), $this->form, $request);
+		$this->assertEquals(3, $this->list->count(), 'User should be able to sort records with ADMIN permission.');
+	}
+}
+
+class GridFieldAction_SortOrder_Team extends DataObject implements TestOnly {
+	static $db = array(
+		'Name' => 'Varchar',
+		'City' => 'Varchar',
+		'SortOrder' => 'Int'
+	);
+	
+	static $default_sort='SortOrder';
+	
+	public function canView($member = null) {
+		return true;
+	}
+	
+	public function canDelete($member = null) {
+		return parent::canDelete($member);
+	}
+}
+?>
\ No newline at end of file
diff --git a/tests/forms/GridFieldSortableRowsTest.yml b/tests/forms/GridFieldSortableRowsTest.yml
new file mode 100644
index 0000000..b51da39
--- /dev/null
+++ b/tests/forms/GridFieldSortableRowsTest.yml
@@ -0,0 +1,13 @@
+GridFieldAction_SortOrder_Team:
+	team1:
+		Name: Team 1
+		City: Cologne
+		SortOrder: 1
+	team2:
+		Name: Team 2
+		City: Wellington
+		SortOrder: 2
+	team3:
+		Name: Team 3
+		City: Auckland
+		SortOrder: 3
\ No newline at end of file