diff --git a/repo.go b/repo.go
index d11def25..e4992fe3 100644
--- a/repo.go
+++ b/repo.go
@@ -741,10 +741,6 @@ func (r *Repo) setMeta(roleFilename string, meta interface{}) error {
 // It returns the total number of keys used for signing, 0 (along with
 // ErrNoKeys) if no keys were found, or -1 (along with an error) in error cases.
 func (r *Repo) SignPayload(role string, payload *data.Signed) (int, error) {
-	if !roles.IsTopLevelRole(role) {
-		return -1, ErrInvalidRole{role, "only signing top-level metadata supported"}
-	}
-
 	keys, err := r.signersForRole(role)
 	if err != nil {
 		return -1, err
@@ -1550,12 +1546,6 @@ func (r *Repo) timestampFileMeta(roleFilename string) (data.TimestampFileMeta, e
 }
 
 func (r *Repo) Payload(roleFilename string) ([]byte, error) {
-	role := strings.TrimSuffix(roleFilename, ".json")
-	if !roles.IsTopLevelRole(role) {
-		// TODO: handle payloads with delegated roles
-		return nil, ErrInvalidRole{role, "only signing top-level metadata supported"}
-	}
-
 	s, err := r.SignedMeta(roleFilename)
 	if err != nil {
 		return nil, err
diff --git a/repo_test.go b/repo_test.go
index 19409c85..089cf8f6 100644
--- a/repo_test.go
+++ b/repo_test.go
@@ -2566,7 +2566,7 @@ func (rs *RepoSuite) TestOfflineFlow(c *C) {
 
 	// Get the payload to sign
 	_, err = r.Payload("badrole.json")
-	c.Assert(err, Equals, ErrInvalidRole{"badrole", "only signing top-level metadata supported"})
+	c.Assert(err, Equals, ErrMissingMetadata{"badrole.json"})
 	_, err = r.Payload("root")
 	c.Assert(err, Equals, ErrMissingMetadata{"root"})
 	payload, err := r.Payload("root.json")
@@ -2582,8 +2582,6 @@ func (rs *RepoSuite) TestOfflineFlow(c *C) {
 
 	// Sign the payload
 	signed := data.Signed{Signed: payload}
-	_, err = r.SignPayload("badrole", &signed)
-	c.Assert(err, Equals, ErrInvalidRole{"badrole", "only signing top-level metadata supported"})
 	_, err = r.SignPayload("targets", &signed)
 	c.Assert(err, Equals, ErrNoKeys{"targets"})
 	numKeys, err := r.SignPayload("root", &signed)