diff --git a/pillar/auth/__init__.py b/pillar/auth/__init__.py
index 9f9e3168..28b2c475 100644
--- a/pillar/auth/__init__.py
+++ b/pillar/auth/__init__.py
@@ -18,7 +18,7 @@ log = logging.getLogger(__name__)
 CAPABILITIES = collections.defaultdict(**{
     'subscriber': {'subscriber', 'home-project'},
     'demo': {'subscriber', 'home-project'},
-    'admin': {'subscriber', 'home-project', 'video-encoding', 'admin',
+    'admin': {'video-encoding', 'admin',
               'view-pending-nodes', 'edit-project-node-types'},
 }, default_factory=frozenset)
 
diff --git a/pillar/config.py b/pillar/config.py
index eb168fa7..10602ac4 100644
--- a/pillar/config.py
+++ b/pillar/config.py
@@ -200,7 +200,7 @@ CELERY_BEAT_SCHEDULE = {
 USER_CAPABILITIES = defaultdict(**{
     'subscriber': {'subscriber', 'home-project'},
     'demo': {'subscriber', 'home-project'},
-    'admin': {'subscriber', 'home-project', 'video-encoding', 'admin',
+    'admin': {'video-encoding', 'admin',
               'view-pending-nodes', 'edit-project-node-types', 'create-organization'},
     'org-subscriber': {'subscriber', 'home-project'},
 }, default_factory=frozenset)
diff --git a/tests/test_api/test_auth.py b/tests/test_api/test_auth.py
index 5c600cbb..13191454 100644
--- a/tests/test_api/test_auth.py
+++ b/tests/test_api/test_auth.py
@@ -677,7 +677,7 @@ class RequireRolesTest(AbstractPillarTest):
         self.assertFalse(called[0])
 
         with self.app.test_request_context():
-            self.login_api_as(ObjectId(24 * 'a'), ['admin'])
+            self.login_api_as(ObjectId(24 * 'a'), ['demo'])
             call_me()
         self.assertTrue(called[0])
 
diff --git a/tests/test_api/test_project_management.py b/tests/test_api/test_project_management.py
index 04ada87a..d35126a1 100644
--- a/tests/test_api/test_project_management.py
+++ b/tests/test_api/test_project_management.py
@@ -95,7 +95,7 @@ class ProjectCreationTest(AbstractProjectTest):
     def test_project_creation_access_admin(self):
         """Admin-created projects should be public"""
 
-        proj = self._create_user_and_project(roles={'admin'})
+        proj = self._create_user_and_project(roles={'admin', 'demo'})
         self.assertEqual(['GET'], proj['permissions']['world'])
 
     def test_project_creation_access_subscriber(self):
@@ -311,13 +311,14 @@ class ProjectEditTest(AbstractProjectTest):
 
     def test_delete_by_admin(self):
         # Create public test project.
-        project_info = self._create_user_and_project(['admin'])
+        project_info = self._create_user_and_project(['admin', 'demo'])
         project_id = project_info['_id']
         project_url = '/api/projects/%s' % project_id
 
         # Create admin user that doesn't own the project, to check that
         # non-owner admins can delete projects too.
-        self._create_user_with_token(['admin'], 'admin-token', user_id='cafef00dbeefcafef00dbeef')
+        self._create_user_with_token(['admin'], 'admin-token',
+                                     user_id='cafef00dbeefcafef00dbeef')
 
         # Admin user should be able to DELETE.
         resp = self.client.delete(project_url,