diff --git a/app/models/ability.rb b/app/models/ability.rb
index 685928413..fd6118a6b 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -31,6 +31,7 @@ class Ability
         can :read, Project, :visibility => 'open'
         can :read, Group
         can :read, User
+        cannot :index, User
         can :manage_collaborators, Project do |project|
           project.relations.exists? :object_id => user.id, :object_type => 'User', :role => 'admin'
         end
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index c2e720bdf..986235b65 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -53,6 +53,9 @@ describe UsersController do
       set_session_for(@simple_user)
     end
 
-    it_should_behave_like 'user with users list viewer rights'
+    it 'should not be able to perform index action' do
+      get :index
+      response.should redirect_to(forbidden_path)
+    end
   end
 end