diff --git a/src/registrar/admin.py b/src/registrar/admin.py
index be7913040..36169f003 100644
--- a/src/registrar/admin.py
+++ b/src/registrar/admin.py
@@ -138,8 +138,8 @@ class MyUserAdmin(BaseUserAdmin):
         "first_group",
         "status",
     )
-    
-    # First group (which should by theory be the only group)
+
+    # First group (which should in theory be the ONLY group)
     def first_group(self, obj):
         return f"{obj.groups.first()}"
 
@@ -195,8 +195,6 @@ class MyUserAdmin(BaseUserAdmin):
         "email",
         "Permissions",
         "is_active",
-        "is_staff",
-        "is_superuser",
         "groups",
         "Important dates",
         "last_login",
@@ -217,8 +215,7 @@ class MyUserAdmin(BaseUserAdmin):
             "email",
             "first_name",
             "last_name",
-            "is_staff",
-            "is_superuser",
+            "first_group",
             "status",
         )
 
@@ -840,7 +837,9 @@ class DomainAdmin(ListHeaderAdmin):
         # Fixes a bug wherein users which are only is_staff
         # can access 'change' when GET,
         # but cannot access this page when it is a request of type POST.
-        if request.user.is_staff:
+        if request.user.has_perm(
+            "registrar.full_access_permission"
+        ) or request.user.has_perm("registrar.analyst_access_permission"):
             return True
         return super().has_change_permission(request, obj)
 
diff --git a/src/registrar/tests/test_admin.py b/src/registrar/tests/test_admin.py
index f59767636..2b9447c2d 100644
--- a/src/registrar/tests/test_admin.py
+++ b/src/registrar/tests/test_admin.py
@@ -18,6 +18,7 @@ from registrar.models import (
     DomainInformation,
     User,
     DomainInvitation,
+    UserGroup,
 )
 from .common import (
     completed_application,
@@ -51,7 +52,7 @@ class TestDomainAdmin(MockEppLib):
         self.staffuser = create_user()
         super().setUp()
 
-    @skip("EPP sabotage")
+    @skip("Why did this test stop working, and is is a good test")
     def test_place_and_remove_hold(self):
         domain = create_ready_domain()
         # get admin page and assert Place Hold button
@@ -61,7 +62,7 @@ class TestDomainAdmin(MockEppLib):
             "/admin/registrar/domain/{}/change/".format(domain.pk),
             follow=True,
         )
-        self.assertEqual(response.status_code, 200)    
+        self.assertEqual(response.status_code, 200)
         self.assertContains(response, domain.name)
         self.assertContains(response, "Place hold")
         self.assertNotContains(response, "Remove hold")
@@ -786,8 +787,7 @@ class MyUserAdminTest(TestCase):
             "email",
             "first_name",
             "last_name",
-            "is_staff",
-            "is_superuser",
+            "first_group",
             "status",
         )
 
@@ -801,14 +801,14 @@ class MyUserAdminTest(TestCase):
         expected_fieldsets = super(MyUserAdmin, self.admin).get_fieldsets(request)
         self.assertEqual(fieldsets, expected_fieldsets)
 
-    def test_get_fieldsets_non_superuser(self):
+    def test_get_fieldsets_cisa_analyst(self):
         request = self.client.request().wsgi_request
         request.user = create_user()
         fieldsets = self.admin.get_fieldsets(request)
         expected_fieldsets = (
             (None, {"fields": ("password", "status")}),
             ("Personal Info", {"fields": ("first_name", "last_name", "email")}),
-            ("Permissions", {"fields": ("is_active", "is_staff", "is_superuser")}),
+            ("Permissions", {"fields": ("is_active", "groups")}),
             ("Important dates", {"fields": ("last_login", "date_joined")}),
         )
         self.assertEqual(fieldsets, expected_fieldsets)