diff --git a/data/config.ini b/data/config.ini
index 62016ba5..9d627cb0 100644
--- a/data/config.ini
+++ b/data/config.ini
@@ -21,6 +21,7 @@ maxCustomThumbnailSize = 1048576 ;1mb
 secret = change
 minPasswordLength = 5
 needEmailActivationToRegister = 1
+defaultAccessRank = restrictedUser
 
 [security.privileges]
 register                = anonymous
@@ -41,8 +42,8 @@ changeAccessRank        = administrator
 viewAllEmailAddresses   = moderator, administrator
 ban                     = moderator, administrator
 
-listPosts               = anonymous, regularUser, powerUser, moderator, administrator
-viewPosts               = anonymous, regularUser, powerUser, moderator, administrator
+listPosts               = regularUser, powerUser, moderator, administrator
+viewPosts               = regularUser, powerUser, moderator, administrator
 uploadPosts             = regularUser, powerUser, moderator, administrator
 uploadPostsAnonymously  = regularUser, powerUser, moderator, administrator
 deletePosts             = moderator, administrator
@@ -55,18 +56,18 @@ changePostThumbnail     = powerUser, moderator, administrator
 changePostRelations     = regularUser, powerUser, moderator, administrator
 changePostFlags         = regularUser, powerUser, moderator, administrator
 
-listTags                = anonymous, regularUser, powerUser, moderator, administrator
+listTags                = regularUser, powerUser, moderator, administrator
 massTag                 = powerUser, moderator, administrator
 changeTagName           = moderator, administrator
 
-listComments            = anonymous, regularUser, powerUser, moderator, administrator
+listComments            = regularUser, powerUser, moderator, administrator
 addComments             = regularUser, powerUser, moderator, administrator
 editOwnComments         = regularUser, powerUser, moderator, administrator
 editAllComments         = moderator, administrator
 deleteOwnComments       = regularUser, powerUser, moderator, administrator
 deleteAllComments       = moderator, administrator
 
-viewHistory             = anonymous, regularUser, powerUser, moderator, administrator
+viewHistory             = regularUser, powerUser, moderator, administrator
 
 [users]
 minUserNameLength = 1
diff --git a/public_html/templates/account-settings.tpl b/public_html/templates/account-settings.tpl
index 83157b15..13bd3462 100644
--- a/public_html/templates/account-settings.tpl
+++ b/public_html/templates/account-settings.tpl
@@ -87,6 +87,7 @@
 				<%
 					var accessRanks = {
 						anonymous: 'Anonymous',
+						restrictedUser: 'Restricted user',
 						regularUser: 'Regular user',
 						powerUser: 'Power user',
 						moderator: 'Moderator',
diff --git a/src/Helpers/EnumHelper.php b/src/Helpers/EnumHelper.php
index 68e02cea..2fb4bd69 100644
--- a/src/Helpers/EnumHelper.php
+++ b/src/Helpers/EnumHelper.php
@@ -9,6 +9,7 @@ class EnumHelper
 	private static $accessRankMap =
 	[
 		'anonymous' => User::ACCESS_RANK_ANONYMOUS,
+		'restrictedUser' => User::ACCESS_RANK_RESTRICTED_USER,
 		'regularUser' => User::ACCESS_RANK_REGULAR_USER,
 		'powerUser' => User::ACCESS_RANK_POWER_USER,
 		'moderator' => User::ACCESS_RANK_MODERATOR,
diff --git a/src/Services/UserService.php b/src/Services/UserService.php
index 0fb9b052..b95919ea 100644
--- a/src/Services/UserService.php
+++ b/src/Services/UserService.php
@@ -8,6 +8,7 @@ use Szurubooru\Entities\User;
 use Szurubooru\FormData\RegistrationFormData;
 use Szurubooru\FormData\UserEditFormData;
 use Szurubooru\Helpers\MimeHelper;
+use Szurubooru\Helpers\EnumHelper;
 use Szurubooru\SearchServices\Filters\UserFilter;
 use Szurubooru\Services\EmailService;
 use Szurubooru\Services\PasswordService;
@@ -106,7 +107,7 @@ class UserService
 			$user->setRegistrationTime($this->timeService->getCurrentTime());
 			$user->setLastLoginTime(null);
 			$user->setAccessRank($this->userDao->hasAnyUsers()
-				? User::ACCESS_RANK_REGULAR_USER
+				? $this->getDefaultAccessRank()
 				: User::ACCESS_RANK_ADMINISTRATOR);
 			$user->setPasswordSalt($this->passwordService->getRandomPassword());
 
@@ -324,4 +325,9 @@ class UserService
 		if ($userWithThisEmail and $userWithThisEmail->getId() !== $owner->getId())
 			throw new \DomainException('User with this e-mail already exists.');
 	}
+
+	private function getDefaultAccessRank()
+	{
+		return EnumHelper::accessRankFromString($this->config->security->defaultAccessRank);
+	}
 }
diff --git a/tests/Services/UserServiceTest.php b/tests/Services/UserServiceTest.php
index d2cc112d..26d8ded4 100644
--- a/tests/Services/UserServiceTest.php
+++ b/tests/Services/UserServiceTest.php
@@ -81,6 +81,7 @@ final class UserServiceTest extends AbstractTestCase
 		$formData->email = 'human@people.gov';
 
 		$this->configMock->set('security/needEmailActivationToRegister', false);
+		$this->configMock->set('security/defaultAccessRank', 'regularUser');
 		$this->passwordServiceMock->expects($this->once())->method('getRandomPassword')->willReturn('salt');
 		$this->passwordServiceMock->expects($this->once())->method('getHash')->with('password', 'salt')->willReturn('hash');
 		$this->timeServiceMock->expects($this->once())->method('getCurrentTime')->willReturn('now');
@@ -108,6 +109,7 @@ final class UserServiceTest extends AbstractTestCase
 		$formData->email = 'human@people.gov';
 
 		$this->configMock->set('security/needEmailActivationToRegister', true);
+		$this->configMock->set('security/defaultAccessRank', 'powerUser');
 		$this->passwordServiceMock->expects($this->once())->method('getRandomPassword')->willReturn('salt');
 		$this->passwordServiceMock->expects($this->once())->method('getHash')->with('password', 'salt')->willReturn('hash');
 		$this->timeServiceMock->expects($this->once())->method('getCurrentTime')->willReturn('now');
@@ -127,7 +129,7 @@ final class UserServiceTest extends AbstractTestCase
 		$this->assertNull($savedUser->getEmail());
 		$this->assertEquals('human@people.gov', $savedUser->getEmailUnconfirmed());
 		$this->assertEquals('hash', $savedUser->getPasswordHash());
-		$this->assertEquals(User::ACCESS_RANK_REGULAR_USER, $savedUser->getAccessRank());
+		$this->assertEquals(User::ACCESS_RANK_POWER_USER, $savedUser->getAccessRank());
 		$this->assertEquals('now', $savedUser->getRegistrationTime());
 		$this->assertFalse($savedUser->isAccountConfirmed());
 	}
@@ -158,6 +160,7 @@ final class UserServiceTest extends AbstractTestCase
 
 		$otherUser = new User('yes, i exist in database');
 
+		$this->configMock->set('security/defaultAccessRank', 'restrictedUser');
 		$this->userDaoMock->expects($this->once())->method('hasAnyUsers')->willReturn(true);
 		$this->userDaoMock->expects($this->once())->method('findByName')->willReturn($otherUser);
 		$this->userDaoMock->expects($this->never())->method('save');