diff --git a/app/services/issuable_base_service.rb b/app/services/issuable_base_service.rb
index 1d99223cfe685d5b14fbb94620e3195b78e30582..cb544eaf89b941fc0dc9dae1d8721ea581fea68e 100644
--- a/app/services/issuable_base_service.rb
+++ b/app/services/issuable_base_service.rb
@@ -26,4 +26,18 @@ class IssuableBaseService < BaseService
       issuable, issuable.project, current_user, branch_type,
       old_branch, new_branch)
   end
+
+  def filter_params
+    unless can?(current_user, :set_milestone, project)
+      params.delete(:milestone_id)
+    end
+
+    unless can?(current_user, :set_label, project)
+      params.delete(:label_ids)
+    end
+
+    unless can?(current_user, :set_assignee, project)
+      params.delete(:assignee_id)
+    end
+  end
 end
diff --git a/app/services/issues/create_service.rb b/app/services/issues/create_service.rb
index d5c17906a553f6fea262f1e83792b1dff2911dc0..1ea4b72216c6a2e9edeaa682c43b4da8b1e21686 100644
--- a/app/services/issues/create_service.rb
+++ b/app/services/issues/create_service.rb
@@ -1,6 +1,7 @@
 module Issues
   class CreateService < Issues::BaseService
     def execute
+      filter_params
       label_params = params[:label_ids]
       issue = project.issues.new(params.except(:label_ids))
       issue.author = current_user
diff --git a/app/services/issues/update_service.rb b/app/services/issues/update_service.rb
index 6af942a5ca436fb8efaaec579b52ba3dab17d9ac..3220facaf7c2f76d308a2513f1d20e1c8d5ed690 100644
--- a/app/services/issues/update_service.rb
+++ b/app/services/issues/update_service.rb
@@ -17,6 +17,7 @@ module Issues
       params[:assignee_id]  = "" if params[:assignee_id] == IssuableFinder::NONE
       params[:milestone_id] = "" if params[:milestone_id] == IssuableFinder::NONE
 
+      filter_params
       old_labels = issue.labels.to_a
 
       if params.present? && issue.update_attributes(params.except(:state_event,
diff --git a/app/services/merge_requests/create_service.rb b/app/services/merge_requests/create_service.rb
index ca8d80f6c0c128a3049f451f4a83399c7f8e4351..f431c5d55343eee2d6931f77ed75bf2ed6262de3 100644
--- a/app/services/merge_requests/create_service.rb
+++ b/app/services/merge_requests/create_service.rb
@@ -1,6 +1,7 @@
 module MergeRequests
   class CreateService < MergeRequests::BaseService
     def execute
+      filter_params
       label_params = params[:label_ids]
       merge_request = MergeRequest.new(params.except(:label_ids))
       merge_request.source_project = project
diff --git a/app/services/merge_requests/update_service.rb b/app/services/merge_requests/update_service.rb
index 4f6c6cba9a90dde625cd992a9bad89f169765f4e..f6570f52241e728e72453bf661d34edd81945b09 100644
--- a/app/services/merge_requests/update_service.rb
+++ b/app/services/merge_requests/update_service.rb
@@ -27,6 +27,7 @@ module MergeRequests
       params[:assignee_id]  = "" if params[:assignee_id] == IssuableFinder::NONE
       params[:milestone_id] = "" if params[:milestone_id] == IssuableFinder::NONE
 
+      filter_params
       old_labels = merge_request.labels.to_a
 
       if params.present? && merge_request.update_attributes(