diff --git a/gracedb/superevents/mixins.py b/gracedb/superevents/mixins.py
index a7cf26adb4997d18e7b520a8648b42a824e5d26e..db645c46784e6447a658b1b7174f337297f40a09 100644
--- a/gracedb/superevents/mixins.py
+++ b/gracedb/superevents/mixins.py
@@ -178,18 +178,23 @@ class ExposeHideMixin(ContextMixin):
             # Object is hidden and user can expose
             can_modify_permissions = True
             button_text = 'Make this superevent publicly visible'
+            confirmation_text = 'Warning: You are attempting to make this \
+                                 event publicly visible. Continue?'
             action = 'expose'
         elif (self.request.user.has_perm(self.hide_perm_name) and
               self.object.is_exposed):
             # Object is visible and user can hide
             can_modify_permissions = True
             button_text = 'Make this superevent internal-only'
+            confirmation_text = 'Warning: You are attempting to make this \
+                                 event internal only. Continue?'
             action = 'hide'
 
         # Update context
         context['can_modify_permissions'] = can_modify_permissions
         if can_modify_permissions:
             context['permissions_form_button_text'] = button_text
+            context['confirmation_dialog_text'] = confirmation_text
             context['permissions_action'] = action
 
         return context
diff --git a/gracedb/templates/superevents/detail.html b/gracedb/templates/superevents/detail.html
index e529337d7d6129e327a7da698ab5ec291baca495..8da74e0d1fe7a2c28df66ff681fcdd5b931b402a 100644
--- a/gracedb/templates/superevents/detail.html
+++ b/gracedb/templates/superevents/detail.html
@@ -35,6 +35,12 @@
 {% include "superevents/superevent_detail_script.js" %}
 </script>
 
+<script>
+ function clickConfirm() {
+   return confirm(" {{confirmation_dialog_text}} ");
+}
+</script>
+
 {% endblock %}
 
 {% block content %}
@@ -68,9 +74,11 @@
 {#-- XXX This next bit is super hacky. #}
 {% if can_modify_permissions %}
 <div class="content-area">
-<form action="{% url "legacy_apiweb:default:superevents:superevent-permission-modify" superevent.superevent_id %}" method="POST" id="permissions_form">
+<form action="{% url "legacy_apiweb:default:superevents:superevent-permission-modify" superevent.superevent_id %}" 
+               method="POST" 
+               id="permissions_form">
     <input type="hidden" name="action" value="{{ permissions_action }}">
-    <input type="submit" value="{{ permissions_form_button_text }}" class="permButtonClass" disabled>
+    <input type="submit" value="{{ permissions_form_button_text }}" class="permButtonClass" id="permissions_submit_link"  onclick="return clickConfirm()">
 </form>
 </div>
 {% endif %}