diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index a21120b313f0055f7cbd5cdc40119d19d16d6416..935dffbabe60f7d5eebac97b3bb3d11339071824 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -222,6 +222,13 @@ class Auth(object):
             elif target_in_room:  # the target is already in the room.
                 raise AuthError(403, "%s is already in the room." %
                                      target_user_id)
+            else:
+                invite_level = self._get_named_level(auth_events, "invite", 0)
+
+                if user_level < invite_level:
+                    raise AuthError(
+                        403, "You cannot invite user %s." % target_user_id
+                    )
         elif Membership.JOIN == membership:
             # Joins are valid iff caller == target and they were:
             # invited: They are accepting the invitation
@@ -561,6 +568,7 @@ class Auth(object):
             ("ban", []),
             ("redact", []),
             ("kick", []),
+            ("invite", []),
         ]
 
         old_list = current_state.content.get("users")
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index f9fc4a9c98746d95f706b4d83af9c2a55da17d27..1226b23bc70fa0a20c8478bd3b8be84e93a450c1 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -213,7 +213,8 @@ class RoomCreationHandler(BaseHandler):
                 "state_default": 50,
                 "ban": 50,
                 "kick": 50,
-                "redact": 50
+                "redact": 50,
+                "invite": 0,
             },
         )