diff --git a/templates/fragments/admin/portfolio_members.html b/templates/fragments/admin/portfolio_members.html
index 9b50df74..5c7032a7 100644
--- a/templates/fragments/admin/portfolio_members.html
+++ b/templates/fragments/admin/portfolio_members.html
@@ -40,7 +40,7 @@
       <tbody>
         {% if user_can(permissions.EDIT_PORTFOLIO_USERS) %}
           {% include "fragments/admin/members_edit.html" %}
-        {% else %}
+        {% elif user_can(permissions.VIEW_PORTFOLIO_USERS) %}
           {% include "fragments/admin/members_view.html" %}
         {% endif %}
       </tbody>
diff --git a/tests/routes/portfolios/test_admin.py b/tests/routes/portfolios/test_admin.py
new file mode 100644
index 00000000..7f141fe8
--- /dev/null
+++ b/tests/routes/portfolios/test_admin.py
@@ -0,0 +1,28 @@
+from flask import url_for
+
+from atst.domain.permission_sets import PermissionSets
+
+from tests.factories import PortfolioFactory, PortfolioRoleFactory, UserFactory
+
+
+def test_member_table_access(client, user_session):
+    admin = UserFactory.create()
+    portfolio = PortfolioFactory.create(owner=admin)
+    rando = UserFactory.create()
+    PortfolioRoleFactory.create(
+        user=rando,
+        portfolio=portfolio,
+        permission_sets=[PermissionSets.get(PermissionSets.VIEW_PORTFOLIO_ADMIN)],
+    )
+
+    url = url_for("portfolios.portfolio_admin", portfolio_id=portfolio.id)
+
+    # editable
+    user_session(admin)
+    edit_resp = client.get(url)
+    assert "<select" in edit_resp.data.decode()
+
+    # not editable
+    user_session(rando)
+    view_resp = client.get(url)
+    assert "<select" not in view_resp.data.decode()