diff --git a/disk/disk.go b/disk/disk.go
index 6454344..e32111b 100644
--- a/disk/disk.go
+++ b/disk/disk.go
@@ -53,6 +53,10 @@ func (client *Client) Credentials() group.ClientCredentials {
 	return group.ClientCredentials{"RECORDING", ""}
 }
 
+func (client *Client) OverridePermissions(g *group.Group) bool {
+	return true
+}
+
 func (client *Client) SetPermissions(perms group.ClientPermissions) {
 	return
 }
diff --git a/group/client.go b/group/client.go
index 5068c42..13e291d 100644
--- a/group/client.go
+++ b/group/client.go
@@ -20,6 +20,7 @@ type Client interface {
 	Id() string
 	Credentials() ClientCredentials
 	SetPermissions(ClientPermissions)
+	OverridePermissions(*Group) bool
 	PushConn(id string, conn conn.Up, tracks []conn.UpTrack, label string) error
 	PushClient(id, username string, add bool) error
 }
diff --git a/group/group.go b/group/group.go
index 8d5cc52..b2ab024 100644
--- a/group/group.go
+++ b/group/group.go
@@ -271,29 +271,34 @@ func AddClient(name string, c Client) (*Group, error) {
 		return nil, err
 	}
 
+	override := c.OverridePermissions(g)
+
 	g.mu.Lock()
 	defer g.mu.Unlock()
 
 	perms, err := g.description.GetPermission(c.Credentials())
-	if err != nil {
+	if !override && err != nil {
 		return nil, err
 	}
 
 	c.SetPermissions(perms)
 
-	if !perms.Op && g.locked != nil {
-		m := *g.locked
-		if m == "" {
-			m = "group is locked"
+	if !override {
+		if !perms.Op && g.locked != nil {
+			m := *g.locked
+			if m == "" {
+				m = "group is locked"
+			}
+			return nil, UserError(m)
+		}
+
+		if !perms.Op && g.description.MaxClients > 0 {
+			if len(g.clients) >= g.description.MaxClients {
+				return nil, UserError("too many users")
+			}
 		}
-		return nil, UserError(m)
 	}
 
-	if !perms.Op && g.description.MaxClients > 0 {
-		if len(g.clients) >= g.description.MaxClients {
-			return nil, UserError("too many users")
-		}
-	}
 	if g.clients[c.Id()] != nil {
 		return nil, ProtocolError("duplicate client id")
 	}
diff --git a/rtpconn/webclient.go b/rtpconn/webclient.go
index 1f69a5d..a010d66 100644
--- a/rtpconn/webclient.go
+++ b/rtpconn/webclient.go
@@ -73,6 +73,10 @@ func (c *webClient) SetPermissions(perms group.ClientPermissions) {
 	c.permissions = perms
 }
 
+func (c *webClient) OverridePermissions(g *group.Group) bool {
+	return false
+}
+
 func (c *webClient) PushClient(id, username string, add bool) error {
 	kind := "add"
 	if !add {