diff --git a/src/routes/users.js b/src/routes/users.js
index 644f7dcda..f311b316e 100644
--- a/src/routes/users.js
+++ b/src/routes/users.js
@@ -43,7 +43,7 @@ function create(req, res, next) {
     if ('password' in req.body && typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be string'));
     if ('role' in req.body) {
         if (typeof req.body.role !== 'string') return next(new HttpError(400, 'role must be string'));
-        if (users.compareRoles(req.user.role, req.body.role) < 0) return next(new HttpError(403, `role '${req.body.role}' is required but user has only '${req.user.role}'`));
+        if (users.compareRoles(req.user.role, req.body.role) < 0) return next(new HttpError(403, `role '${req.body.role}' is required but you are only '${req.user.role}'`));
     }
 
     var password = req.body.password || null;
@@ -72,7 +72,7 @@ function update(req, res, next) {
         if (typeof req.body.role !== 'string') return next(new HttpError(400, 'role must be a string'));
         if (req.user.id === req.resource.id) return next(new HttpError(409, 'Cannot set role flag on self'));
 
-        if (users.compareRoles(req.user.role, req.body.role) < 0) return next(new HttpError(403, `role '${req.body.role}' is required but user has only '${req.user.role}'`));
+        if (users.compareRoles(req.user.role, req.body.role) < 0) return next(new HttpError(403, `role '${req.body.role}' is required but you are only '${req.user.role}'`));
     }
 
     if ('active' in req.body) {