diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 8ad68b43edd..c118da47ca2 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,6 +1,9 @@
 
 Drupal 7.30, xxxx-xx-xx (development version)
 -----------------------
+- Added a warning on the permissions page to recommend restricting access to
+  the "View site reports" permission to trusted administrators. See
+  DRUPAL-PSA-2014-002.
 
 Drupal 7.29, 2014-07-16
 ----------------------
diff --git a/modules/system/system.module b/modules/system/system.module
index d4f3bc47a01..18d8a887075 100644
--- a/modules/system/system.module
+++ b/modules/system/system.module
@@ -242,6 +242,7 @@ function system_permission() {
     ),
     'access site reports' => array(
       'title' => t('View site reports'),
+      'restrict access' => TRUE,
     ),
     'block IP addresses' => array(
       'title' => t('Block IP addresses'),