diff --git a/pagure/templates/add_token.html b/pagure/templates/add_token.html
index 3ddae6e..11e9b31 100644
--- a/pagure/templates/add_token.html
+++ b/pagure/templates/add_token.html
@@ -37,8 +37,8 @@
           </table>
           <div class="p-t-2">
             <input type="submit" class="btn btn-primary" value="Create">
-            <input type="button" value="Cancel" class="btn btn-secondary"
-             onclick="history.back();">
+            <a class="btn btn-secondary" href="{{ url_for('.view_settings',
+                username=username, repo=repo.name, namespace=repo.namespace) }}">Cancel</a>
             {{ form.csrf_token }}
           </div>
         </form>
diff --git a/pagure/ui/repo.py b/pagure/ui/repo.py
index 60d354c..9c7c14c 100644
--- a/pagure/ui/repo.py
+++ b/pagure/ui/repo.py
@@ -1805,6 +1805,10 @@ def add_token(repo, username=None, namespace=None):
             APP.logger.exception(err)
             flask.flash('User could not be added', 'error')
 
+    # When form is displayed after an empty submission, show an error.
+    if form.errors.get('acls'):
+        flask.flash('You must select atleast one permission.', 'error')
+
     return flask.render_template(
         'add_token.html',
         select='settings',