diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index f0967266f8457a53a7c1b2ce399c9c4f7365ad4a..7630596161c422190318d4edea74facb4f3f2e48 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -61,6 +61,7 @@ Fixed
 * [Dev] Allow activating more frequent polling for Celery task progress.
 * [OIDC] Custom additional claims were not present in userinfo 
 * Synchronisation of AlekSIS and Django groups caused permissions issues
+* Permission checks for dashboard widget creation and person invitations were invalid
 
 Removed
 ~~~~~~~
diff --git a/aleksis/core/rules.py b/aleksis/core/rules.py
index 2c7a6adff8e9e7b680c71ea2a91a67dbbff39160..20e108bb09aa3481a78354145169b3331c763f33 100644
--- a/aleksis/core/rules.py
+++ b/aleksis/core/rules.py
@@ -421,7 +421,7 @@ create_personal_event_predicate = has_person
 rules.add_perm("core.create_personal_event_rule", create_personal_event_predicate)
 
 create_personal_event_with_invitations_predicate = has_person & has_global_perm(
-    "core.create_personalevent"
+    "core.add_personalevent"
 )
 rules.add_perm(
     "core.create_personal_event_with_invitations_rule",
diff --git a/aleksis/core/schema/person.py b/aleksis/core/schema/person.py
index 3e2af57c2ea06317135e82d00aa0c149e0ecfa60..b501eba425dc36814cfc23826cb1781befcbab6a 100644
--- a/aleksis/core/schema/person.py
+++ b/aleksis/core/schema/person.py
@@ -241,7 +241,7 @@ class PersonType(PermissionsTypeMixin, DjangoFilterMixin, DjangoObjectType):
         return root.user and info.context.user.has_perm("core.impersonate_rule", root)
 
     def resolve_can_invite_person(root, info, **kwargs):  # noqa
-        return (not root.user) and info.context.user.has_perm("core.can_invite_rule", root)
+        return (not root.user) and info.context.user.has_perm("core.invite_rule", root)
 
 
 class PersonMutation(DjangoModelFormMutation):
diff --git a/aleksis/core/views.py b/aleksis/core/views.py
index 635e4d85405c376c8183632ad7aba95443a930eb..6c63e88620d6b8a45f92b49212b2751bd5f3870f 100644
--- a/aleksis/core/views.py
+++ b/aleksis/core/views.py
@@ -785,7 +785,7 @@ class DashboardWidgetCreateView(PermissionRequiredMixin, AdvancedCreateView):
         return super().post(request, *args, **kwargs)
 
     fields = "__all__"
-    permission_required = "core.add_dashboardwidget_rule"
+    permission_required = "core.create_dashboardwidget_rule"
     template_name = "core/dashboard_widget/create.html"
     success_url = reverse_lazy("dashboard_widgets")
     success_message = _("The dashboard widget has been created.")