diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 761ea19..530bf0f 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -81,34 +81,40 @@
     end
   end
 
-  def admin_api_update
-    authorize User
-    @users = current_user.organisation.users.includes(:roles, :project_groups)
-    #iterate through all org users
-    user_ids = params[:api_user_ids].blank? ? [] : params[:api_user_ids].map(&:to_i)
-    admin_user_ids = params[:org_admin_ids].blank? ? [] : params[:org_admin_ids].map(&:to_i)
-    current_user.organisation.users.each do |user|
-      # if user_id in passed params
-      if user_ids.include? user.id
-        # run generate_or_keep
-        user.keep_or_generate_token!
-      # if not in passed params
+  def admin_grant_permissions
+    @user = User.includes(:roles).find(params[:id])
+    authorize @user
+    user_roles = current_user.roles
+    @roles = user_roles & Role.where(name: [constant("user_role_types.change_org_details"),constant("user_role_types.use_api"), constant("user_role_types.modify_guidance"), constant("user_role_types.modify_templates"), constant("user_role_types.grant_permissions")])
+  end
+
+  def admin_update_permissions
+    @user = User.includes(:roles).find(params[:id])
+    authorize @user
+    roles_ids = params[:role_ids].blank? ? [] : params[:role_ids].map(&:to_i)
+    roles = Role.where( id: roles_ids)
+    current_user.roles.each do |role|
+      if @user.roles.include? role
+        if ! roles.include? role
+          @user.roles.delete(role)
+          if role.name == constant("user_role_types.use_api")
+            @user.remove_token!
+          end
+        end
       else
-        # remove the token
-        user.remove_token!
-      end
-      # ORG_ADMINS
-      if admin_user_ids.include?( user.id) && !user.can_org_admin?
-        # add admin privleges
-        # MAGIC_STRING
-        user.roles << Role.find_by(name: constant("user_role_types.organisational_admin"))
-      # if user_id not in passed, but user is an admin
-      elsif !admin_user_ids.include?(user.id) && user.can_org_admin?
-        # strip admin privleges
-        user.roles.delete(Role.find_by(name: constant("user_role_types.organisational_admin")))
+        if roles.include? role
+          @user.roles << role
+          if role.name == constant("user_role_types.use_api")
+            @user.keep_or_generate_token!
+          end
+        end
       end
     end
-      #redirect_to admin_index
+    @user.save!
+    respond_to do |format|
+      format.html { redirect_to({controller: 'users', action: 'admin_index'}, {notice: I18n.t('helpers.success')})}
+      format.json { head :no_content }
+    end
   end
 
 end
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index 94ee8f6..bb44ae5 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -4,14 +4,19 @@
   def initialize(user, users)
     raise Pundit::NotAuthorizedError, "must be logged in" unless user
     @user = user
+    @users = users
   end
 
   def admin_index?
-    user.can_use_api? && user.can_grant_permissions?
+    @user.can_grant_permissions?
   end
 
-  def admin_api_update?
-    user.can_use_api? && user.can_grant_permissions?
+  def admin_grant_permissions?
+    @user.can_grant_permissions? && (@users.organisation_id == @user.organisation_id)
+  end
+
+  def admin_update_permissions?
+    @user.can_grant_permissions?  && (@users.organisation_id == @user.organisation_id)
   end
 
   class Scope < Scope
diff --git a/app/views/users/admin_api_update.html.erb b/app/views/users/admin_api_update.html.erb
deleted file mode 100644
index 2881667..0000000
--- a/app/views/users/admin_api_update.html.erb
+++ /dev/null
@@ -1,59 +0,0 @@
-<%= stylesheet_link_tag "admin" %>
-
-<h1>
-    <%= t('org_admin.users_list') %>
-</h1>
-
-<%= raw t('org_admin.user_text_html')%>
-  <table id="dmp_table" class="dmp_table tablesorter">
-    <thead>
-      <tr>
-          <th class="dmp_th_big"><%= t('org_admin.user_full_name') %></th>
-          <th class="dmp_th_medium"><%= t('org_admin.user_name') %></th>
-          <th class="dmp_th_small"><%= t('org_admin.last_logged_in') %></th>
-          <th class="dmp_th_small"><%= t('org_admin.how_many_plans') %></th>
-          <th class="dmp_th_small"><%= t('org_admin.is_org_admin') %></th>
-          <% if current_user.organisation.token_permission_types.count > 0 %>
-          <th class="dmp_th_small"><%= t('org_admin.api_privleges') %></th>
-          <% end %>
-      </tr>
-    </thead>
-
-    <tbody>
-    <%= form_tag( admin_api_update_users_path, method: :put) do %>
-      <% @users.each do |user| %>
-          <% if !user.nil? then%>
-            <tr>
-              <td class="dmp_td_big">
-                  <% if !user.name.nil? then%>
-                      <%= user.name %>
-                  <% end %>
-              </td>
-              <td class="dmp_td_medium">
-                  <%= user.email %>
-              </td>
-              <td class="dmp_td_small">
-                  <% if !user.last_sign_in_at.nil? then%>
-                  <%= l user.last_sign_in_at.to_date, :formats => :short %>
-                  <% end %>
-              </td>
-              <td class="dmp_td_small">
-                  <% if !user.project_groups.nil? then%>
-                  <%= user.project_groups.length %>
-                  <% end %>
-              </td>
-              <td class="dmp_td_small">
-                  <%= check_box_tag "org_admin_ids[]", user.id, user.can_org_admin? %>
-              </td>
-              <% if current_user.organisation.token_permission_types.count > 0 %>
-              <td class="dmp_td_small">
-                  <%= check_box_tag "api_user_ids[]", user.id, user.api_token !="" %>
-              </td>
-              <% end %>
-            </tr>
-          <% end %>
-      <% end %>
-    </tbody>
-    <%= submit_tag "Update Users" %>
-    <% end %>
-  </table>
\ No newline at end of file
diff --git a/app/views/users/admin_grant_permissions.html.erb b/app/views/users/admin_grant_permissions.html.erb
new file mode 100644
index 0000000..ee27a6d
--- /dev/null
+++ b/app/views/users/admin_grant_permissions.html.erb
@@ -0,0 +1,29 @@
+<%= stylesheet_link_tag "admin" %>
+
+<h1>
+    <%= t('org_admin.edit_user_privleges') %>
+</h1>
+
+<div class="white_background">
+  <%= form_tag( admin_update_permissions_user_path(@user), method: :put) do %>
+    <table id="dmp_table" class="dmp_table tablesorter">
+      <thead>
+        <tr>
+          <% @roles.each do |role| %>
+          <th class="dmp_th_medium"> <%= role.name %> </th>
+          <% end %>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <% @roles.each do |role| %>
+            <td class="dmp_td_medium">
+              <%= check_box_tag "role_ids[]", role.id, @user.roles.include?(role) %>
+            </td>
+          <% end %>
+        </tr>
+      </tbody>
+    </table>
+    <%= submit_tag t('helpers.submit.save') %>
+  <% end %>
+</div>
\ No newline at end of file
diff --git a/app/views/users/admin_index.html.erb b/app/views/users/admin_index.html.erb
index 2881667..9bf9300 100644
--- a/app/views/users/admin_index.html.erb
+++ b/app/views/users/admin_index.html.erb
@@ -13,14 +13,10 @@
           <th class="dmp_th_small"><%= t('org_admin.last_logged_in') %></th>
           <th class="dmp_th_small"><%= t('org_admin.how_many_plans') %></th>
           <th class="dmp_th_small"><%= t('org_admin.is_org_admin') %></th>
-          <% if current_user.organisation.token_permission_types.count > 0 %>
-          <th class="dmp_th_small"><%= t('org_admin.api_privleges') %></th>
-          <% end %>
       </tr>
     </thead>
 
     <tbody>
-    <%= form_tag( admin_api_update_users_path, method: :put) do %>
       <% @users.each do |user| %>
           <% if !user.nil? then%>
             <tr>
@@ -43,17 +39,11 @@
                   <% end %>
               </td>
               <td class="dmp_td_small">
-                  <%= check_box_tag "org_admin_ids[]", user.id, user.can_org_admin? %>
+                <% b_label = t('helpers.submit.edit')%>
+                <%= link_to b_label, admin_grant_permissions_user_path(user), :class => "dmp_table_link"%>
               </td>
-              <% if current_user.organisation.token_permission_types.count > 0 %>
-              <td class="dmp_td_small">
-                  <%= check_box_tag "api_user_ids[]", user.id, user.api_token !="" %>
-              </td>
-              <% end %>
             </tr>
           <% end %>
       <% end %>
     </tbody>
-    <%= submit_tag "Update Users" %>
-    <% end %>
   </table>
\ No newline at end of file
diff --git a/config/locales/en-UK.yml b/config/locales/en-UK.yml
index 6d07ede..d1999ec 100644
--- a/config/locales/en-UK.yml
+++ b/config/locales/en-UK.yml
@@ -173,6 +173,7 @@
     user_org_created: 'User org role was successfully created.'
     user_org_updated: 'User org role was successfully updated.'
     api_privleges: 'API Privleges?'
+    edit_user_privleges: 'Edit User Privleges'
 
     guidance:
       guidance_list: "Guidance list"
diff --git a/config/routes.rb b/config/routes.rb
index 154efc8..1d59a2b 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -20,7 +20,10 @@
   resources :users, :path => 'org/admin/users', only: [] do
     collection do
       get 'admin_index'
-      put 'admin_api_update'
+    end
+    member do
+      get 'admin_grant_permissions'
+      put 'admin_update_permissions'
     end
   end