diff --git a/mcc/resources/queries/mcc/animalRequests.js b/mcc/resources/queries/mcc/animalRequests.js
index e069b428..0a3f8ec3 100644
--- a/mcc/resources/queries/mcc/animalRequests.js
+++ b/mcc/resources/queries/mcc/animalRequests.js
@@ -36,9 +36,18 @@ function beforeUpsert(row, oldRow, errors) {
 
     row.status = row.status || 'Draft'
 
-    if (!triggerHelper.hasPermission(row.status)) {
-        errors._form = 'Insufficient permissions to update request with status: ' + row.status;
+    // This logic here is that the user needs update permissions on the original status, and insert permissions to the new one:
+    if (oldRow) {
+        if (oldRow.status && !triggerHelper.hasUpdatePermission(oldRow.status)) {
+            errors._form = 'Insufficient permissions to update request with status: ' + row.status;
+        }
+        else if (!oldRow.status) {
+            console.error('MCC request being submitted without a value for oldRow.status!')
+        }
+    }
 
+    if (!triggerHelper.hasInsertPermission(row.status)) {
+        errors._form = 'Insufficient permissions to create request with status: ' + row.status;
     }
 }
 
@@ -72,6 +81,7 @@ function beforeDelete(row, errors){
         return;
     }
 
+    //
     if (!triggerHelper.hasPermission(row.status)) {
         errors._form = 'Insufficient permissions to delete this request';
         return;
diff --git a/mcc/src/org/labkey/mcc/MccManager.java b/mcc/src/org/labkey/mcc/MccManager.java
index 9ce036ca..0fe8763b 100644
--- a/mcc/src/org/labkey/mcc/MccManager.java
+++ b/mcc/src/org/labkey/mcc/MccManager.java
@@ -50,26 +50,38 @@ public enum RequestStatus
         Submitted(2, "Submitted", MccRequestorPermission.class),
         RabReview(3, "RAB Review", MccRequestAdminPermission.class),
         PendingDecision(4, "Decision Pending", MccFinalReviewPermission.class),
-        Approved(5, "Approved", MccRequestAdminPermission.class),
-        Rejected(6, "Rejected", MccRequestAdminPermission.class),
+        Approved(5, "Approved", MccRequestAdminPermission.class, MccFinalReviewPermission.class),
+        Rejected(6, "Rejected", MccRequestAdminPermission.class, MccFinalReviewPermission.class),
         Processing(7, "Processing", MccRequestAdminPermission.class),
         Fulfilled(8, "Fulfilled", MccRequestAdminPermission.class),
         Withdrawn(9, "Withdrawn", MccRequestorPermission.class);
 
         int sortOrder;
         String label;
-        Class<? extends Permission> editPermission;
+        Class<? extends Permission> updatePermission;
+        Class<? extends Permission> insertPermission;
 
         RequestStatus(int sortOrder, String label, Class<? extends Permission> editPermission)
+        {
+            this(sortOrder, label, editPermission, editPermission);
+        }
+
+        RequestStatus(int sortOrder, String label, Class<? extends Permission> updatePermission, Class<? extends Permission> insertPermission)
         {
             this.sortOrder = sortOrder;
             this.label = label;
-            this.editPermission = editPermission;
+            this.updatePermission = updatePermission;
+            this.insertPermission= insertPermission;
+        }
+
+        public boolean canUpdate(User u, Container c)
+        {
+            return c.hasPermission(u, this.updatePermission);
         }
 
-        public boolean canEdit(User u, Container c)
+        public boolean canInsert(User u, Container c)
         {
-            return c.hasPermission(u, this.editPermission);
+            return c.hasPermission(u, this.insertPermission);
         }
 
         public String getLabel()
diff --git a/mcc/src/org/labkey/mcc/query/TriggerHelper.java b/mcc/src/org/labkey/mcc/query/TriggerHelper.java
index f36e999e..9df99ae2 100644
--- a/mcc/src/org/labkey/mcc/query/TriggerHelper.java
+++ b/mcc/src/org/labkey/mcc/query/TriggerHelper.java
@@ -212,11 +212,30 @@ public void cascadeDelete(String schemaName, String queryName, String keyField,
         }
     }
 
-    public boolean hasPermission(String status)
+    public boolean hasUpdatePermission(String status)
+    {
+        return hasPermission(status, false);
+    }
+
+    public boolean hasInsertPermission(String status)
+    {
+        return hasPermission(status, true);
+    }
+
+    private boolean hasPermission(String status, boolean forInsert)
     {
         try
         {
-            return MccManager.RequestStatus.resolveStatus(status).canEdit(_user, _container);
+            MccManager.RequestStatus s = MccManager.RequestStatus.resolveStatus(status);
+            if (forInsert)
+            {
+                return MccManager.RequestStatus.resolveStatus(status).canInsert(_user, _container);
+            }
+            else
+            {
+                return MccManager.RequestStatus.resolveStatus(status).canUpdate(_user, _container);
+            }
+
         }
         catch (IllegalArgumentException e)
         {