diff --git a/packages/rocketchat-api/server/v1/users.js b/packages/rocketchat-api/server/v1/users.js
index 234e73e83ac6..a740d2640bcd 100644
--- a/packages/rocketchat-api/server/v1/users.js
+++ b/packages/rocketchat-api/server/v1/users.js
@@ -51,6 +51,10 @@ RocketChat.API.v1.addRoute('users.delete', { authRequired: true }, {
 
 		const user = this.getUserFromParams();
 
+		if (RocketChat.authz.hasRole(user._id, 'admin') && !RocketChat.authz.hasRole(this.userId, 'admin')) {
+			return RocketChat.API.v1.unauthorized();
+		}
+
 		Meteor.runAsUser(this.userId, () => {
 			Meteor.call('deleteUser', user._id);
 		});
diff --git a/server/methods/deleteUser.js b/server/methods/deleteUser.js
index 84a65ba0d8dc..53f2a75a3031 100644
--- a/server/methods/deleteUser.js
+++ b/server/methods/deleteUser.js
@@ -14,7 +14,14 @@ Meteor.methods({
 			});
 		}
 
+		if (RocketChat.authz.hasRole(userId, 'admin') && !RocketChat.authz.hasRole(Meteor.userId(), 'admin')) {
+			throw new Meteor.Error('error-not-allowed', 'Not allowed', {
+				method: 'deleteUser'
+			});
+		}
+
 		const user = RocketChat.models.Users.findOneById(userId);
+
 		if (!user) {
 			throw new Meteor.Error('error-invalid-user', 'Invalid user', {
 				method: 'deleteUser'