diff --git a/keyserver/src/creators/thread-creator.js b/keyserver/src/creators/thread-creator.js
--- a/keyserver/src/creators/thread-creator.js
+++ b/keyserver/src/creators/thread-creator.js
@@ -62,6 +62,7 @@
   +forceAddMembers: boolean,
   +updatesForCurrentSession: UpdatesForCurrentSession,
   +silentlyFailMembers: boolean,
+  +dontCheckJoinPermissions: boolean,
 }>;
 
 // If forceAddMembers is set, we will allow the viewer to add random users who
@@ -363,7 +364,9 @@
     ghostMembersChangeset,
     recalculatePermissionsChangeset,
   ] = await Promise.all([
-    changeRole(id, [viewer.userID], newRoles.creator.id),
+    changeRole(id, [viewer.userID], newRoles.creator.id, {
+      dontCheckJoinPermissions: !!options?.dontCheckJoinPermissions,
+    }),
     initialMemberPromise,
     ghostMemberPromise,
     recalculateThreadPermissions(id),
diff --git a/keyserver/src/updaters/thread-permission-updaters.js b/keyserver/src/updaters/thread-permission-updaters.js
--- a/keyserver/src/updaters/thread-permission-updaters.js
+++ b/keyserver/src/updaters/thread-permission-updaters.js
@@ -90,6 +90,7 @@
   // This will only be set if the user is joining or leaving the thread
   // Joined means role > 0
   +defaultSubscription?: ThreadSubscription,
+  +dontCheckJoinPermissions?: boolean,
 };
 type ChangeRoleMemberInfo = {
   permissionsFromParent?: ?ThreadPermissionsBlob,
@@ -265,9 +266,12 @@
     const newRole = getRoleForPermissions(targetRole, permissions);
     const userBecameMember = Number(oldRole) <= 0 && Number(newRole) > 0;
     const userLostMembership = Number(oldRole) > 0 && Number(newRole) <= 0;
+    const dontCheckJoinPermissions = options?.dontCheckJoinPermissions;
 
     if (
-      (intent === 'join' && Number(newRole) <= 0) ||
+      (intent === 'join' &&
+        Number(newRole) <= 0 &&
+        !dontCheckJoinPermissions) ||
       (intent === 'leave' && Number(newRole) > 0)
     ) {
       throw new ServerError('invalid_parameters');