diff --git a/masquerade.module b/masquerade.module
index b4311ef..f03252f 100644
--- a/masquerade.module
+++ b/masquerade.module
@@ -216,6 +216,13 @@ function masquerade_admin_settings() {
     '#default_value' => variable_get('masquerade_admin_roles', array()),
   );
 
+  $form['masquerade_block_roles'] = array(
+    '#type' => 'checkboxes',
+    '#title' => t('Roles that block masquerading.  Users with these roles are protected from masquerading.'),
+    '#options' => $rids,
+    '#default_value' => variable_get('masquerade_block_roles', array()),
+  );
+
   $test_name = _masquerade_user_load(variable_get('masquerade_test_user', ''));
 
   $form['masquerade_test_user'] = array(
@@ -337,7 +344,11 @@ function masquerade_user($op, &$edit, &$edit_user, $category = NULL) {
         'masquerade as user';
 
       global $user;
-      if (user_access($perm) && empty($edit_user->masquerading) && $user->uid != $edit_user->uid) {
+
+      $block_roles = array_keys(array_filter(variable_get('masquerade_block_roles', array())));
+      $blocked = ($user->uid > 1) && array_intersect(array_keys($edit_user->roles), $block_roles);
+
+      if (!$blocked && user_access($perm) && empty($edit_user->masquerading) && $user->uid != $edit_user->uid) {
         $edit_user->content['Masquerade'] = array('#value' => l(t('Masquerade as !user', array('!user' => $edit_user->name)), 'masquerade/switch/'. $edit_user->uid, array('query' => array('token' => drupal_get_token('masquerade/switch/'. $edit_user->uid)), 'destination' => $_GET['q'], 'attributes' => array('class' => 'masquerade-switch'))),
           '#weight' => 10
         );
@@ -658,6 +669,13 @@ function masquerade_switch_user($uid) {
     'masquerade as admin' :
     'masquerade as user';
 
+  $block_roles = array_keys(array_filter(variable_get('masquerade_block_roles', array())));
+  if( ($user->uid > 1) && array_intersect(array_keys($new_user->roles), $block_roles) ) {
+    drupal_set_message('You cannot masquerade as this user.  Your actions have been logged.', 'error');
+    watchdog('masquerade', 'User %user tried to masquerade as %new_user.', array('%user' => $user->name, '%new_user' => $new_user->name), WATCHDOG_ERROR);
+    return FALSE;
+  }
+
   // Check to see if we need admin permission.
   if (!user_access($perm) && !isset($_SESSION['masquerading']) && !db_result(db_query("SELECT TRUE FROM {masquerade_users} WHERE uid_from = %d AND uid_to = %d", $user->uid, $new_user->uid))) {
     watchdog('masquerade', 'This user requires administrative permissions to switch to the user %user.', array('%user' => $new_user->name), WATCHDOG_ERROR);