diff --git a/plugins/tasklist/drivers/database/tasklist_database_driver.php b/plugins/tasklist/drivers/database/tasklist_database_driver.php
index 48a33278..023b6dec 100644
--- a/plugins/tasklist/drivers/database/tasklist_database_driver.php
+++ b/plugins/tasklist/drivers/database/tasklist_database_driver.php
@@ -6,7 +6,7 @@
  * @version @package_version@
  * @author Thomas Bruederli <bruederli@kolabsys.com>
  *
- * Copyright (C) 2012, Kolab Systems AG <contact@kolabsys.com>
+ * Copyright (C) 2012-2015, Kolab Systems AG <contact@kolabsys.com>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -78,6 +78,7 @@ class tasklist_database_driver extends tasklist_driver
           $arr['name'] = html::quote($arr['name']);
           $arr['listname'] = html::quote($arr['name']);
           $arr['editable'] = true;
+          $arr['rights'] = 'lrswikxtea';
           $this->lists[$arr['id']] = $arr;
           $list_ids[] = $this->rc->db->quote($arr['id']);
         }
diff --git a/plugins/tasklist/drivers/kolab/tasklist_kolab_driver.php b/plugins/tasklist/drivers/kolab/tasklist_kolab_driver.php
index c445b0ad..65e7fc5f 100644
--- a/plugins/tasklist/drivers/kolab/tasklist_kolab_driver.php
+++ b/plugins/tasklist/drivers/kolab/tasklist_kolab_driver.php
@@ -6,7 +6,7 @@
  * @version @package_version@
  * @author Thomas Bruederli <bruederli@kolabsys.com>
  *
- * Copyright (C) 2012, Kolab Systems AG <contact@kolabsys.com>
+ * Copyright (C) 2012-2015, Kolab Systems AG <contact@kolabsys.com>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -107,15 +107,18 @@ class tasklist_kolab_driver extends tasklist_driver
     {
         if ($folder->get_namespace() == 'personal') {
             $norename = false;
-            $readonly = false;
+            $editable = true;
+            $rights = 'lrswikxtea';
             $alarms = true;
         }
         else {
             $alarms = false;
-            $readonly = true;
-            if (($rights = $folder->get_myrights()) && !PEAR::isError($rights)) {
-                if (strpos($rights, 'i') !== false)
-                  $readonly = false;
+            $rights = 'lr';
+            $editable = false;
+            if (($myrights = $folder->get_myrights()) && !PEAR::isError($myrights)) {
+                $rights = $myrights;
+                if (strpos($rights, 't') !== false || strpos($rights, 'd') !== false)
+                    $editable = strpos($rights, 'i');
             }
             $info = $folder->get_folder_info();
             $norename = $readonly || $info['norename'] || $info['protected'];
@@ -135,7 +138,8 @@ class tasklist_kolab_driver extends tasklist_driver
             'editname' => $folder->get_foldername(),
             'color' => $folder->get_color('0000CC'),
             'showalarms' => isset($prefs[$list_id]['showalarms']) ? $prefs[$list_id]['showalarms'] : $alarms,
-            'editable' => !$readonly,
+            'editable' => $editable,
+            'rights'    => $rights,
             'norename' => $norename,
             'active' => $folder->is_active(),
             'parentfolder' => $folder->get_parent(),
@@ -206,6 +210,7 @@ class tasklist_kolab_driver extends tasklist_driver
                     'title'    => $folder->get_title(),
                     'virtual'  => true,
                     'editable' => false,
+                    'rights'   => 'l',
                     'group'    => 'other virtual',
                     'class'    => 'user',
                     'parent'   => $parent_id,
@@ -218,6 +223,7 @@ class tasklist_kolab_driver extends tasklist_driver
                     'listname' => $listname,
                     'virtual'  => true,
                     'editable' => false,
+                    'rights'   => 'l',
                     'group'    => $folder->get_namespace(),
                     'class'    => 'folder',
                     'parent'   => $parent_id,
diff --git a/plugins/tasklist/tasklist.js b/plugins/tasklist/tasklist.js
index 7adf608d..2de279a9 100644
--- a/plugins/tasklist/tasklist.js
+++ b/plugins/tasklist/tasklist.js
@@ -6,7 +6,7 @@
  * @licstart  The following is the entire license notice for the
  * JavaScript code in this file.
  *
- * Copyright (C) 2012, Kolab Systems AG <contact@kolabsys.com>
+ * Copyright (C) 2012-2015, Kolab Systems AG <contact@kolabsys.com>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -168,7 +168,9 @@ function rcube_tasklist_ui(settings)
         });
         tasklists_widget.addEventListener('select', function(node) {
             var id = $(this).data('id');
-            rcmail.enable_command('list-edit', 'list-delete', 'list-import', me.tasklists[node.id].editable);
+            rcmail.enable_command('list-edit', has_permission(me.tasklists[node.id], 'wa'));
+            rcmail.enable_command('list-delete', has_permission(me.tasklists[node.id], 'xa'));
+            rcmail.enable_command('list-import', has_permission(me.tasklists[node.id], 'i'));
             rcmail.enable_command('list-remove', me.tasklists[node.id] && me.tasklists[node.id].removable);
             me.selected_list = node.id;
         });
@@ -714,6 +716,27 @@ function rcube_tasklist_ui(settings)
       });
     }
 
+    /**
+     * Check permissions on the given list object
+     */
+    function has_permission(list, perm)
+    {
+        // multiple chars means "either of"
+        if (String(perm).length > 1) {
+            for (var i=0; i < perm.length; i++) {
+                if (has_permission(list, perm[i])) {
+                    return true;
+                }
+            }
+        }
+
+        if (list.rights && String(list.rights).indexOf(perm) >= 0) {
+            return true;
+        }
+
+        return (perm == 'i' && list.editable);
+    }
+
     /**
      * Request counts from the server
      */
@@ -1024,8 +1047,8 @@ function rcube_tasklist_ui(settings)
             drop_rec = listdata[drop_id],
             list = drop_rec && me.tasklists[drop_rec.list] ? me.tasklists[drop_rec.list] : { editable:true };
 
-        // target is not writeable or already has this tag assigned
-        if (!drop_rec || drop_rec.readonly || !list.editable || (drop_rec.tags && $.inArray(tag, drop_rec.tags) >= 0)) {
+        // target is not editable or already has this tag assigned
+        if (!drop_rec || drop_rec.readonly || !has_permission(list, 'i') || (drop_rec.tags && $.inArray(tag, drop_rec.tags) >= 0)) {
             return false;
         }
 
@@ -1986,7 +2009,9 @@ function rcube_tasklist_ui(settings)
                 },
                 disabled: rcmail.busy
             });
+        }
 
+        if (has_permission(list, 'td') && !rec.readonly) {
             buttons.push({
                 text: rcmail.gettext('delete','tasklist'),
                 'class': 'delete',
@@ -2048,9 +2073,9 @@ function rcube_tasklist_ui(settings)
             $dialog = $('<div>'),
             editform = $('#taskedit'),
             list = rec.list && me.tasklists[rec.list] ? me.tasklists[rec.list] :
-                (me.selected_list ? me.tasklists[me.selected_list] : { editable: action=='new' });
+                (me.selected_list ? me.tasklists[me.selected_list] : { editable: action == 'new', rights: action == 'new' ? 'rwitd' : 'r' });
 
-        if (rcmail.busy || !list.editable || (action == 'edit' && (!rec || rec.readonly)))
+        if (rcmail.busy || !has_permission(list, 'i') || (action == 'edit' && (!rec || rec.readonly)))
             return false;
 
         me.selected_task = $.extend({ valarms:[] }, rec);  // clone task object
@@ -2081,6 +2106,12 @@ function rcube_tasklist_ui(settings)
         invite.checked = settings.itip_notify & 1 > 0;
         notify.checked = has_attendees(rec) && invite.checked;
 
+        // set tasklist selection according to permissions
+        tasklist.find('option').each(function(i, opt) {
+            var l = me.tasklists[opt.value] || {};
+            $(opt).prop('disabled', !(l.editable || (action == 'new' && has_permission(l, 'i'))));
+        });
+
         // tag-edit line
         var tagline = $(rcmail.gui_objects.edittagline).empty();
         $.each(typeof rec.tags == 'object' && rec.tags.length ? rec.tags : [''], function(i,val){
@@ -2658,7 +2689,7 @@ function rcube_tasklist_ui(settings)
             $dialog.dialog('close');
 
         if (!list)
-            list = { name:'', editable:true, showalarms:true };
+            list = { name:'', editable:true, rights:'riwt', showalarms:true };
 
         var editform, name, alarms;
 
diff --git a/plugins/tasklist/tasklist_ui.php b/plugins/tasklist/tasklist_ui.php
index 2308d462..cb00b0f4 100644
--- a/plugins/tasklist/tasklist_ui.php
+++ b/plugins/tasklist/tasklist_ui.php
@@ -5,7 +5,7 @@
  * @version @package_version@
  * @author Thomas Bruederli <bruederli@kolabsys.com>
  *
- * Copyright (C) 2012, Kolab Systems AG <contact@kolabsys.com>
+ * Copyright (C) 2012-2015, Kolab Systems AG <contact@kolabsys.com>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as
@@ -309,7 +309,7 @@ class tasklist_ui
         $default = null;
 
         foreach ((array)$this->plugin->driver->get_lists() as $id => $prop) {
-            if ($prop['editable']) {
+            if ($prop['editable'] || strpos($prop['rights'], 'i') !== false) {
                 $select->add($prop['name'], $id);
                 if (!$default || $prop['default'])
                     $default = $id;