diff --git a/alembic/versions/ad30159ef19b_add_view_workspace_members_permission.py b/alembic/versions/ad30159ef19b_add_view_workspace_members_permission.py
index 25b5a4f2..de5546c1 100644
--- a/alembic/versions/ad30159ef19b_add_view_workspace_members_permission.py
+++ b/alembic/versions/ad30159ef19b_add_view_workspace_members_permission.py
@@ -7,7 +7,6 @@ Create Date: 2018-09-05 11:17:17.204089
 """
 from alembic import op
 from sqlalchemy.orm.session import Session
-from sqlalchemy.orm.attributes import flag_modified
 
 from atst.models.role import Role
 from atst.models.permissions import Permissions
@@ -24,13 +23,10 @@ def upgrade():
     session = Session(bind=op.get_bind())
 
     owner_role = session.query(Role).filter_by(name="owner").one()
-    owner_role.permissions.append(Permissions.VIEW_WORKSPACE_MEMBERS)
+    owner_role.add_permission(Permissions.VIEW_WORKSPACE_MEMBERS)
 
     ccpo_role = session.query(Role).filter_by(name="ccpo").one()
-    ccpo_role.permissions.append(Permissions.VIEW_WORKSPACE_MEMBERS)
-
-    flag_modified(owner_role, "permissions")
-    flag_modified(ccpo_role, "permissions")
+    ccpo_role.add_permission(Permissions.VIEW_WORKSPACE_MEMBERS)
 
     session.add_all((ccpo_role, owner_role))
     session.commit()
@@ -40,13 +36,10 @@ def downgrade():
     session = Session(bind=op.get_bind())
 
     owner_role = session.query(Role).filter_by(name="owner").one()
-    owner_role.permissions.append(Permissions.VIEW_WORKSPACE_MEMBERS)
+    owner_role.remove_permission(Permissions.VIEW_WORKSPACE_MEMBERS)
 
     ccpo_role = session.query(Role).filter_by(name="ccpo").one()
-    ccpo_role.permissions.append(Permissions.VIEW_WORKSPACE_MEMBERS)
-
-    flag_modified(owner_role, "permissions")
-    flag_modified(ccpo_role, "permissions")
+    ccpo_role.remove_permission(Permissions.VIEW_WORKSPACE_MEMBERS)
 
     session.add_all((ccpo_role, owner_role))
     session.commit()
diff --git a/atst/models/role.py b/atst/models/role.py
index 1205dedd..8833d3e3 100644
--- a/atst/models/role.py
+++ b/atst/models/role.py
@@ -1,5 +1,6 @@
 from sqlalchemy import String, Column
 from sqlalchemy.dialects.postgresql import ARRAY
+from sqlalchemy.orm.attributes import flag_modified
 
 from atst.models import Base
 from .types import Id
@@ -12,3 +13,15 @@ class Role(Base):
     name = Column(String, index=True, unique=True)
     description = Column(String)
     permissions = Column(ARRAY(String), index=True, server_default="{}")
+
+    def add_permission(self, permission):
+        perms_set = set(self.permissions)
+        perms_set.add(permission)
+        self.permissions = list(perms_set)
+        flag_modified(self, "permissions")
+
+    def remove_permission(self, permission):
+        perms_set = set(self.permissions)
+        perms_set.discard(permission)
+        self.permissions = list(perms_set)
+        flag_modified(self, "permissions")