diff --git a/modules/user/user.install b/modules/user/user.install
index 2867b97..9d855ea 100644
--- a/modules/user/user.install
+++ b/modules/user/user.install
@@ -598,13 +598,6 @@ function user_update_7006(&$sandbox) {
     // Add a new field for the fid.
     db_add_field('role_permission', 'module', $module_field);
   }
-  $permissions = user_permission_get_modules();
-  foreach ($permissions as $key => $value) {
-    db_update('role_permission')
-      ->fields(array('module' => $value))
-      ->condition('permission', $key)
-      ->execute();
-  }
 }
 
 /**
diff --git a/modules/user/user.module b/modules/user/user.module
index 044ad46..89795ff 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -3931,3 +3931,21 @@ function user_system_info_alter(&$info, $file, $type) {
     $info['hidden'] = FALSE;
   }
 }
+
+/**
+ * Implements hook_flush_caches().
+ */
+function user_flush_caches() {
+  // Detect permissions that are not associated with modules, and attempt to
+  // match them. Since permissions may be dynamic, and hook_flush_caches() can
+  // be invoked from update.php, ensure this does not run there.
+  if (!defined('MAINTENANCE_MODE') && (bool) db_query_range('SELECT 1 FROM {role_permission} WHERE module = :empty', 0, 1, array(':empty' => ''))->fetchField()) {
+    $permissions = user_permission_get_modules();
+    foreach ($permissions as $key => $value) {
+      db_update('role_permission')
+        ->fields(array('module' => $value))
+        ->condition('permission', $key)
+        ->execute();
+    }
+  }
+}