diff --git a/client/public/version.js b/client/public/version.js
index 6113b76..d4e0725 100644
--- a/client/public/version.js
+++ b/client/public/version.js
@@ -1,5 +1,5 @@
 // Maintainer-controlled web client version.
 // Format: YYYY.MM.DD Rn (example: 2026.02.20 R2)
-window.CHGRID_WEB_VERSION = "2026.02.27 R287";
+window.CHGRID_WEB_VERSION = "2026.02.27 R288";
 // Optional display timezone for timestamps. Falls back to America/Detroit if unset/invalid.
 window.CHGRID_TIME_ZONE = "America/Detroit";
diff --git a/client/src/main.ts b/client/src/main.ts
index 1165572..97e999f 100644
--- a/client/src/main.ts
+++ b/client/src/main.ts
@@ -1588,7 +1588,7 @@ function handleAdminRolesList(message: Extract<IncomingMessage, { type: 'admin_r
     adminRoleIndex = 0;
     const first = adminRoles[0];
     if (first) {
-      updateStatus(`Set ${adminSelectedUsername} role. ${first.name}.`);
+      updateStatus(first.name);
       audio.sfxUiBlip();
     } else {
       updateStatus('No roles available.');
@@ -1629,6 +1629,9 @@ function handleAdminUsersList(message: Extract<IncomingMessage, { type: 'admin_u
 
 /** Handles structured admin action result packets. */
 function handleAdminActionResult(message: Extract<IncomingMessage, { type: 'admin_action_result' }>): void {
+  if (message.action === 'role_update_permissions') {
+    return;
+  }
   updateStatus(message.message);
   if (message.ok) {
     audio.sfxUiConfirm();
@@ -2409,8 +2412,8 @@ function handleEffectSelectModeInput(code: string, key: string): void {
   }
 
   if (control.type === 'cancel') {
-    state.mode = 'normal';
-    updateStatus('Cancelled.');
+    state.mode = 'adminMenu';
+    updateStatus('Admin menu.');
     audio.sfxUiCancel();
   }
 }
@@ -2872,7 +2875,7 @@ function handleAdminUserRoleSelectModeInput(code: string, key: string): void {
   const control = handleListControlKey(code, key, adminRoles, adminRoleIndex, (entry) => entry.name);
   if (control.type === 'move') {
     adminRoleIndex = control.index;
-    updateStatus(`${adminSelectedUsername}: ${adminRoles[adminRoleIndex].name}.`);
+    updateStatus(adminRoles[adminRoleIndex].name);
     audio.sfxUiBlip();
     return;
   }
diff --git a/server/app/auth_service.py b/server/app/auth_service.py
index 5e2cc54..bf9b0f6 100644
--- a/server/app/auth_service.py
+++ b/server/app/auth_service.py
@@ -55,6 +55,7 @@ DEFAULT_ROLE_PERMISSIONS: dict[str, set[str]] = {
         "item.delete.own",
         "item.delete.any",
         "item.use",
+        "item.pickup_drop.own",
         "item.pickup_drop.any",
         "chat.send",
         "voice.send",
@@ -855,6 +856,12 @@ class AuthService:
             else:
                 existing = self._db_fetchall("SELECT permission_key FROM role_permissions WHERE role_id = ?", (role_id,))
                 if existing:
+                    if role_name == "editor":
+                        # Keep existing editor customizations but ensure own pickup/drop is present.
+                        self._db_execute(
+                            "INSERT OR IGNORE INTO role_permissions (role_id, permission_key) VALUES (?, ?)",
+                            (role_id, "item.pickup_drop.own"),
+                        )
                     # Preserve existing customizations for non-admin defaults.
                     continue
                 allowed = DEFAULT_ROLE_PERMISSIONS.get(role_name, set())