diff --git a/administrator/components/com_config/src/Model/ComponentModel.php b/administrator/components/com_config/src/Model/ComponentModel.php
index 17554c5791631..3fc3691d3b383 100644
--- a/administrator/components/com_config/src/Model/ComponentModel.php
+++ b/administrator/components/com_config/src/Model/ComponentModel.php
@@ -160,11 +160,12 @@ public function save($data)
         $context    = $this->option . '.' . $this->name;
         PluginHelper::importPlugin('extension');
 
-        // Check super user group.
+        // Check super user group and individual preference tab access
         if (isset($data['params']) && !$this->getCurrentUser()->authorise('core.admin')) {
             $form = $this->getForm([], false);
 
             foreach ($form->getFieldsets() as $fieldset) {
+                $hasAccess = $this->getCurrentUser()->authorise("core.options.$fieldset");
                 foreach ($form->getFieldset($fieldset->name) as $field) {
                     if (
                         $field->type === 'UserGroupList' && isset($data['params'][$field->fieldname])
@@ -173,6 +174,9 @@ public function save($data)
                     ) {
                         throw new \RuntimeException(Text::_('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'));
                     }
+                    if (!$hasAccess && isset($data['params'][$field->fieldname])) {
+                        unset($data['params'][$field->fieldname]);
+                    }
                 }
             }
         }
@@ -212,6 +216,13 @@ public function save($data)
 
         unset($data['id']);
 
+        // If the user only has access to a subset of preferences,
+        // merge these with the full preference set
+        $previous = (array)json_decode($table->params);
+        if (\count($data['params'], COUNT_RECURSIVE) != \count($previous, COUNT_RECURSIVE)) {
+            $data['params'] = array_merge($previous, $data['params']);
+        }
+
         // Bind the data.
         if (!$table->bind($data)) {
             throw new \RuntimeException($table->getError());
diff --git a/administrator/components/com_config/src/View/Component/HtmlView.php b/administrator/components/com_config/src/View/Component/HtmlView.php
index 42fff2b7bf92f..6d96d9ab1a5c4 100644
--- a/administrator/components/com_config/src/View/Component/HtmlView.php
+++ b/administrator/components/com_config/src/View/Component/HtmlView.php
@@ -108,9 +108,20 @@ public function display($tpl = null)
         $this->fieldsets   = $this->form ? $this->form->getFieldsets() : null;
         $this->formControl = $this->form ? $this->form->getFormControl() : null;
 
-        // Don't show permissions fieldset if not authorised.
-        if (!$user->authorise('core.admin', $this->component->option) && isset($this->fieldsets['permissions'])) {
-            unset($this->fieldsets['permissions']);
+        // Remove unauthorised preference tabs.
+        foreach ($this->fieldsets as $key => $value) {
+            if ($key === 'permissions') {
+                if (
+                    (!$user->authorise('core.admin', $this->component->option) || !$user->authorise('core.options.permission', $this->component->option))
+                    && isset($this->fieldsets['permissions'])
+                ) {
+                    unset($this->fieldsets['permissions']);
+                }
+            } else {
+                if (!$user->authorise("core.options.$key", $this->component->option) && isset($this->fieldsets[$key])) {
+                    unset($this->fieldsets[$key]);
+                }
+            }
         }
 
         $this->components = ConfigHelper::getComponentsWithConfig();