diff --git a/src/routes/test/users-test.js b/src/routes/test/users-test.js
index 8db872690..d5148ea92 100644
--- a/src/routes/test/users-test.js
+++ b/src/routes/test/users-test.js
@@ -640,15 +640,5 @@ describe('Users API', function () {
             expect(response.statusCode).to.equal(409);
         });
     });
-
-    describe('transfer ownership', function () {
-        it('succeeds', async function () {
-            const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}/make_owner`)
-                .query({ access_token: owner.token })
-                .send({});
-
-            expect(response.statusCode).to.equal(204);
-        });
-    });
 });
 
diff --git a/src/routes/users.js b/src/routes/users.js
index d595e62dc..f869e83ac 100644
--- a/src/routes/users.js
+++ b/src/routes/users.js
@@ -10,7 +10,6 @@ exports = module.exports = {
     verifyPassword,
     setGroups,
     setGhost,
-    makeOwner,
     makeLocal,
 
     getPasswordResetLink,
@@ -202,20 +201,6 @@ async function setPassword(req, res, next) {
     next(new HttpSuccess(204));
 }
 
-// This route transfers ownership from token user to user specified in path param
-async function makeOwner(req, res, next) {
-    assert.strictEqual(typeof req.resource, 'object');
-
-    // first make new one owner, then demote current one
-    let [error] = await safe(users.update(req.resource, { role: users.ROLE_OWNER }, AuditSource.fromRequest(req)));
-    if (error) return next(BoxError.toHttpError(error));
-
-    [error] = await safe(users.update(req.user, { role: users.ROLE_USER }, AuditSource.fromRequest(req)));
-    if (error) return next(BoxError.toHttpError(error));
-
-    next(new HttpSuccess(204));
-}
-
 async function makeLocal(req, res, next) {
     assert.strictEqual(typeof req.resource, 'object');
 
diff --git a/src/server.js b/src/server.js
index 0884292ee..46b2aa7fc 100644
--- a/src/server.js
+++ b/src/server.js
@@ -179,7 +179,6 @@ function initializeExpressSync() {
     router.post('/api/v1/users/:userId/password',      json, token, authorizeUserManager, routes.users.load, routes.users.setPassword);
     router.post('/api/v1/users/:userId/ghost',         json, token, authorizeAdmin,       routes.users.load, routes.users.setGhost);
     router.put ('/api/v1/users/:userId/groups',        json, token, authorizeUserManager, routes.users.load, routes.users.setGroups);
-    router.post('/api/v1/users/:userId/make_owner',    json, token, authorizeOwner,       routes.users.load, routes.users.makeOwner);
     router.post('/api/v1/users/:userId/twofactorauthentication_disable', json, token, authorizeUserManager, routes.users.load, routes.users.disableTwoFactorAuthentication);
     router.get ('/api/v1/users/:userId/password_reset_link',   json, token, authorizeUserManager, routes.users.load, routes.users.getPasswordResetLink);
     router.post('/api/v1/users/:userId/send_password_reset_email',   json, token, authorizeUserManager, routes.users.load, routes.users.sendPasswordResetEmail);