diff --git a/lib/open_food_network/permissions.rb b/lib/open_food_network/permissions.rb
index 28e5ef274c..795bd3cf68 100644
--- a/lib/open_food_network/permissions.rb
+++ b/lib/open_food_network/permissions.rb
@@ -49,13 +49,10 @@ module OpenFoodNetwork
            map { |child_id, ers| [child_id, ers.map { |er| er.parent_id }] }
           ]
 
-      # We have permission to create variant overrides for any producers we manage, for any
-      # hub we can add to an order cycle
-      managed_producer_ids = managed_enterprises.is_primary_producer.pluck(:id)
-      if managed_producer_ids.any?
-        hubs.each do |hub|
-          permissions[hub.id] = ((permissions[hub.id] || []) + managed_producer_ids).uniq
-        end
+      # Allow a producer hub to override it's own products without explicit permission
+      hubs.is_primary_producer.each do |hub|
+        permissions[hub.id] ||= []
+        permissions[hub.id] |= [hub.id]
       end
 
       permissions
diff --git a/spec/features/admin/variant_overrides_spec.rb b/spec/features/admin/variant_overrides_spec.rb
index 46445c1c63..fe74d9eb2d 100644
--- a/spec/features/admin/variant_overrides_spec.rb
+++ b/spec/features/admin/variant_overrides_spec.rb
@@ -12,13 +12,20 @@ feature %q{
   let!(:hub) { create(:distributor_enterprise) }
   let!(:hub2) { create(:distributor_enterprise) }
   let!(:producer) { create(:supplier_enterprise) }
+  let!(:producer_managed) { create(:supplier_enterprise) }
+  let!(:producer_related) { create(:supplier_enterprise) }
+  let!(:producer_unrelated) { create(:supplier_enterprise) }
+  let!(:er1) { create(:enterprise_relationship, parent: producer, child: hub,
+                      permissions_list: [:create_variant_overrides]) }
+  let!(:er2) { create(:enterprise_relationship, parent: producer_related, child: hub,
+                      permissions_list: [:create_variant_overrides]) }
 
   context "as an enterprise user" do
-    let(:user) { create_enterprise_user enterprises: [hub, producer] }
+    let(:user) { create_enterprise_user enterprises: [hub, producer_managed] }
     before { quick_login_as user }
 
     describe "selecting a hub" do
-      let!(:er1) { create(:enterprise_relationship, parent: hub2, child: producer,
+      let!(:er1) { create(:enterprise_relationship, parent: hub2, child: producer_managed,
                           permissions_list: [:add_to_order_cycle]) } # This er should not confer ability to create VOs for hub2
 
       it "displays a list of hub choices (ie. only those managed by the user)" do
@@ -33,14 +40,14 @@ feature %q{
       let!(:variant) { create(:variant, product: product, unit_value: 1, price: 1.23, on_hand: 12) }
       let!(:inventory_item) { create(:inventory_item, enterprise: hub, variant: variant ) }
 
-      let!(:producer_related) { create(:supplier_enterprise) }
+      let!(:product_managed) { create(:simple_product, supplier: producer_managed, variant_unit: 'weight', variant_unit_scale: 1) }
+      let!(:variant_managed) { create(:variant, product: product_managed, unit_value: 3, price: 3.65, on_hand: 2) }
+      let!(:inventory_item_managed) { create(:inventory_item, enterprise: hub, variant: variant_managed ) }
+
       let!(:product_related) { create(:simple_product, supplier: producer_related) }
       let!(:variant_related) { create(:variant, product: product_related, unit_value: 2, price: 2.34, on_hand: 23) }
       let!(:inventory_item_related) { create(:inventory_item, enterprise: hub, variant: variant_related ) }
-      let!(:er2) { create(:enterprise_relationship, parent: producer_related, child: hub,
-                          permissions_list: [:create_variant_overrides]) }
 
-      let!(:producer_unrelated) { create(:supplier_enterprise) }
       let!(:product_unrelated) { create(:simple_product, supplier: producer_unrelated) }
 
 
@@ -67,6 +74,8 @@ feature %q{
             page.should have_input "variant-overrides-#{variant_related.id}-count_on_hand", placeholder: '23'
 
             # filters the products to those the hub can override
+            page.should_not have_content producer_managed.name
+            page.should_not have_content product_managed.name
             page.should_not have_content producer_unrelated.name
             page.should_not have_content product_unrelated.name
 
diff --git a/spec/lib/open_food_network/permissions_spec.rb b/spec/lib/open_food_network/permissions_spec.rb
index 5300333111..a26db2aa98 100644
--- a/spec/lib/open_food_network/permissions_spec.rb
+++ b/spec/lib/open_food_network/permissions_spec.rb
@@ -119,7 +119,7 @@ module OpenFoodNetwork
           {hub.id => [producer.id]}
       end
 
-      it "returns only permissions relating to managed enterprises" do
+      it "returns only permissions relating to managed hubs" do
         create(:enterprise_relationship, parent: e1, child: e2,
                          permissions_list: [:create_variant_overrides])
 
@@ -150,12 +150,17 @@ module OpenFoodNetwork
         end
       end
 
-      it "also returns managed producers" do
+      it "does not return managed producers (ie. only uses explicitly granted VO permissions)" do
         producer2 = create(:supplier_enterprise)
         permissions.stub(:managed_enterprises) { Enterprise.where(id: [hub, producer2]) }
 
-        permissions.variant_override_enterprises_per_hub.should ==
-          {hub.id => [producer.id, producer2.id]}
+        expect(permissions.variant_override_enterprises_per_hub[hub.id]).to_not include producer2.id
+      end
+
+      it "returns itself if self is also a primary producer (even when no explicit permission exists)" do
+        hub.update_attribute(:is_primary_producer, true)
+
+        expect(permissions.variant_override_enterprises_per_hub[hub.id]).to include hub.id
       end
     end