diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index a159f7b..51b7535 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -11,9 +11,9 @@
   def admin_index
     authorize User
     if current_user.can_super_admin?
-      @users = User.includes(:roles).page(1)
+      @users = User.page(1)
     else
-      @users = current_user.org.users.includes(:roles).page(1)
+      @users = current_user.org.users.page(1)
     end
   end
 
@@ -22,17 +22,22 @@
   # Permissions which the user already has are pre-selected
   # Selecting new permissions and saving calls the admin_update_permissions action
   def admin_grant_permissions
-    @user = User.includes(:perms, :roles).find(params[:id])
-    authorize @user
-    user_perms = current_user.perms
-    @perms = user_perms & [Perm.grant_permissions, Perm.modify_templates, Perm.modify_guidance, 
-                           Perm.use_api, Perm.change_org_details, Perm.add_orgs, 
-                           Perm.change_affiliation, Perm.grant_api]
+    user = User.find(params[:id])
+    authorize user
+    
+    # Super admin can grant any Perm, org admins can only grant Perms they
+    # themselves have access to
+    if current_user.can_super_admin?
+      perms = Perm.all
+    else
+      perms = current_user.perms
+    end
+
     render json: {
       "user" => {
-        "id" => @user.id,
+        "id" => user.id,
         "html" => render_to_string(partial: 'users/admin_grant_permissions', 
-                                   locals: { user: @user, perms: @perms }, 
+                                   locals: { user: user, perms: perms }, 
                                    formats: [:html])
       }
     }.to_json
@@ -43,7 +48,7 @@
   # redirects to the admin_index action
   # should add validation that the perms given are current perms of the current_user
   def admin_update_permissions
-    @user = User.includes(:perms).find(params[:id])
+    @user = User.find(params[:id])
     authorize @user
     perms_ids = params[:perm_ids].blank? ? [] : params[:perm_ids].map(&:to_i)
     perms = Perm.where( id: perms_ids)
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index cd85bb9..070e52f 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -16,11 +16,11 @@
   end
 
   def admin_grant_permissions?
-    @user.can_grant_permissions? && (@users.org_id == @user.org_id)
+    @user.can_grant_permissions? && ((@users.org_id == @user.org_id) || @user.can_super_admin?)
   end
 
   def admin_update_permissions?
-    @user.can_grant_permissions?  && (@users.org_id == @user.org_id)
+    @user.can_grant_permissions?  && ((@users.org_id == @user.org_id) || @user.can_super_admin?)
   end
 
   # Allows the user to swap their org affiliation on the fly
diff --git a/app/views/paginable/users/_index.html.erb b/app/views/paginable/users/_index.html.erb
index 65da84d..377b95f 100644
--- a/app/views/paginable/users/_index.html.erb
+++ b/app/views/paginable/users/_index.html.erb
@@ -39,7 +39,9 @@
                     <%= render partial: 'users/current_privileges', locals: { user: user } %>
                   </td>
                   <td class="text-center">
-                    <% unless current_user == user %>
+                    <%# Do not allow a user to change their own permissions or a super admin's permissions if they are not a super admin %>
+                    <% unless current_user == user || 
+                        !current_user.can_super_admin? && user.can_super_admin? %>
                       <% b_label = _('Edit') %>
                       <%= link_to( b_label, admin_grant_permissions_user_path(user)) %>
                     <% end %>
diff --git a/app/views/users/_admin_grant_permissions.html.erb b/app/views/users/_admin_grant_permissions.html.erb
index 82273a8..9d3c407 100644
--- a/app/views/users/_admin_grant_permissions.html.erb
+++ b/app/views/users/_admin_grant_permissions.html.erb
@@ -1,71 +1,70 @@
-<% namesHash = name_and_text %>
-  <div class="modal-dialog" role="document">
-    <div class="modal-content">
+<div class="modal-dialog" role="document">
+  <div class="modal-content">
 
-      <div class="modal-header">
-        <button type="button" class="close" 
-                data-dismiss="modal" 
-                aria-label="Close">
-                <span aria-hidden="true">&times;</span></button>
-        <h1 class="modal-title"><%= _('Edit user privileges') %></h1>
-      </div>
-      
-      <%= form_tag( admin_update_permissions_user_path(@user), method: :put, remote: true, class: 'admin_update_permissions' ) do %>
-        <div class="modal-body" style="text-align: left">
-          <p><%= @user.name(false) %><%= _(' current user privileges are: ') %></p>
-          <ul class="list-group">
-           <input type="checkbox" name="org_admin_privileges" id="org_admin_privileges" />
-            <%= label_tag :organisational_admin_privileges %>
-            <% @perms.each do |perm| %>           
-              <% case perm.name when 'grant_permissions' %>
-                <li class="list-group-item" style="border: none" title="<%= _('Allows the user to assign permissions to other users within the same organisation. Users can only assign permissions they own themselves') %>">
-                  <%= check_box_tag "perm_ids[]", perm.id, @user.perms.include?(perm), class: 'org_grant_privileges' %>
-                  <%= _('Manage user privileges') %></li>
-              <% when 'modify_templates' %>
-                <li class="list-group-item" style="border: none" title="<%= _('Allows the user to create new organisational templates, edit existing ones and customise funder templates') %>">
-                  <%= check_box_tag "perm_ids[]", perm.id, @user.perms.include?(perm), class: 'org_grant_privileges' %>
-                  <%= _('Manage templates') %></li>
-              <% when 'modify_guidance' %>
-                <li class="list-group-item" style="border: none" title="<%= _('Allows the user to create and edit guidance') %>">
-                  <%= check_box_tag "perm_ids[]", perm.id, @user.perms.include?(perm), class: 'org_grant_privileges' %>
-                  <%= _('Manage guidance') %></li>
-              <% when 'use_api' %>
-                <li class="list-group-item" style="border: none" title="<%= _('Provides the user with an API token and grants rights to harvest information from the tool') %>">
-                  <%= check_box_tag "perm_ids[]", perm.id, @user.perms.include?(perm), class: 'org_grant_privileges' %>
-                  <%= _('Use API') %></li>
-              <% when 'change_org_details' %>
-                <li class="list-group-item" style="border: none" title="<%= _('Allows the user to amend the organisation details (name, URL etc) and add basic branding such as the logo') %>">
-                  <%= check_box_tag "perm_ids[]", perm.id, @user.perms.include?(perm), class: 'org_grant_privileges' %>
-                  <%= _('Manage organisation details') %></li>
-              <% end %>
-            <% end %>
-
-
-            <% if current_user.can_super_admin? %>
-              <input type="checkbox" name="super_admin_privileges" id="super_admin_privileges" />
-              <%= label_tag :super_admin_privileges %> 
-              <% @perms.each do |perm| %>
-                <% case perm.name when 'add_organisations' %>
-                  <li class="list-group-item" style="border: none" title="<%= _('Allows the user to create new organisations') %>">
-                    <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'super_grant_privileges' %>
-                    <%= _('Add Organisations') %></li>
-                <% when 'change_org_affiliation' %>
-                  <li class="list-group-item" style="border: none" title="<%= _('Allows the user to manage organisation affiliation') %>">
-                    <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'super_grant_privileges' %>
-                    <%= _('Manage organisation affiliation') %></li>
-                <% when 'grant_api_to_orgs' %>
-                  <li class="list-group-item" style="border: none" title="<%= _('Allows the user to grant API access to organisations.') %>">
-                    <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'super_grant_privileges' %>
-                    <%= _('Grant API access') %></li>
-                <% end %>
-              <% end %>
-            <% end %>
-          </ul>
-        </div>
-        <div class="modal-footer">
-          <%= submit_tag _('Save'), class: "btn btn-primary" %>
-          <%= button_tag(_('Cancel'), class: 'btn btn-primary', 'data-dismiss': 'modal') %>      
-        </div>
-      <% end %>
+    <div class="modal-header">
+      <button type="button" class="close" 
+              data-dismiss="modal" 
+              aria-label="Close">
+              <span aria-hidden="true">&times;</span></button>
+      <h1 class="modal-title"><%= _('Edit user privileges') %></h1>
     </div>
-  </div>
\ No newline at end of file
+    
+    <%= form_tag( admin_update_permissions_user_path(user), method: :put, remote: true, class: 'admin_update_permissions' ) do %>
+      <div class="modal-body" style="text-align: left">
+        <p><%= user.name(false) %><%= _(' current user privileges are: ') %></p>
+        <ul class="list-group">
+         <input type="checkbox" name="org_admin_privileges" id="org_admin_privileges" />
+          <%= label_tag :organisational_admin_privileges %>
+          <% perms.each do |perm| %>           
+            <% case perm.name when 'grant_permissions' %>
+              <li class="list-group-item" style="border: none" title="<%= _('Allows the user to assign permissions to other users within the same organisation. Users can only assign permissions they own themselves') %>">
+                <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'org_grant_privileges' %>
+                <%= _('Manage user privileges') %></li>
+            <% when 'modify_templates' %>
+              <li class="list-group-item" style="border: none" title="<%= _('Allows the user to create new organisational templates, edit existing ones and customise funder templates') %>">
+                <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'org_grant_privileges' %>
+                <%= _('Manage templates') %></li>
+            <% when 'modify_guidance' %>
+              <li class="list-group-item" style="border: none" title="<%= _('Allows the user to create and edit guidance') %>">
+                <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'org_grant_privileges' %>
+                <%= _('Manage guidance') %></li>
+            <% when 'use_api' %>
+              <li class="list-group-item" style="border: none" title="<%= _('Provides the user with an API token and grants rights to harvest information from the tool') %>">
+                <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'org_grant_privileges' %>
+                <%= _('Use API') %></li>
+            <% when 'change_org_details' %>
+              <li class="list-group-item" style="border: none" title="<%= _('Allows the user to amend the organisation details (name, URL etc) and add basic branding such as the logo') %>">
+                <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'org_grant_privileges' %>
+                <%= _('Manage organisation details') %></li>
+            <% end %>
+          <% end %>
+
+
+          <% if current_user.can_super_admin? %>
+            <input type="checkbox" name="super_admin_privileges" id="super_admin_privileges" />
+            <%= label_tag :super_admin_privileges %> 
+            <% perms.each do |perm| %>
+              <% case perm.name when 'add_organisations' %>
+                <li class="list-group-item" style="border: none" title="<%= _('Allows the user to create new organisations') %>">
+                  <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'super_grant_privileges' %>
+                  <%= _('Add Organisations') %></li>
+              <% when 'change_org_affiliation' %>
+                <li class="list-group-item" style="border: none" title="<%= _('Allows the user to manage organisation affiliation') %>">
+                  <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'super_grant_privileges' %>
+                  <%= _('Manage organisation affiliation') %></li>
+              <% when 'grant_api_to_orgs' %>
+                <li class="list-group-item" style="border: none" title="<%= _('Allows the user to grant API access to organisations.') %>">
+                  <%= check_box_tag "perm_ids[]", perm.id, user.perms.include?(perm), class: 'super_grant_privileges' %>
+                  <%= _('Grant API access') %></li>
+              <% end %>
+            <% end %>
+          <% end %>
+        </ul>
+      </div>
+      <div class="modal-footer">
+        <%= submit_tag _('Save'), class: "btn btn-primary" %>
+        <%= button_tag(_('Cancel'), class: 'btn btn-primary', 'data-dismiss': 'modal') %>      
+      </div>
+    <% end %>
+  </div>
+</div>
\ No newline at end of file
diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb
index a27ac36..c6c7a98 100644
--- a/test/functional/users_controller_test.rb
+++ b/test/functional/users_controller_test.rb
@@ -47,8 +47,6 @@
     
     get admin_grant_permissions_user_path(@user.org.users.first)
     assert_response :success
-    assert assigns(:user)
-    assert assigns(:perms)
   end
 
   # PUT /org/admin/users/:id/admin_update_permissions (admin_update_permissions_user_path)