diff --git a/src/wp-admin/network/site-users.php b/src/wp-admin/network/site-users.php
index b3041176d3376..5ba5be29f95bc 100644
--- a/src/wp-admin/network/site-users.php
+++ b/src/wp-admin/network/site-users.php
@@ -139,13 +139,27 @@
 
 		case 'promote':
 			check_admin_referer( 'bulk-users' );
+
+			if ( ! current_user_can( 'promote_users' ) ) {
+				wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
+			}
+
 			$editable_roles = get_editable_roles();
 			$role           = $_REQUEST['new_role'];
 
+			// Mock the `none` role as editable.
+			$editable_roles['none'] = array(
+				'name' => __( '— No role for this site —' ),
+			);
+
 			if ( empty( $editable_roles[ $role ] ) ) {
 				wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
 			}
 
+			if ( 'none' === $role ) {
+				$role = '';
+			}
+
 			if ( isset( $_REQUEST['users'] ) ) {
 				$userids = $_REQUEST['users'];
 				$update  = 'promote';