diff --git a/.vscode/settings.json b/.vscode/settings.json
index a3751e321dc608271925968ad1a5dbeade88e3c6..31e372af7da02febb95f17918ae1eadd515aec44 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,8 +1,10 @@
 {
   "python.formatting.provider": "black",
   "python.formatting.blackPath": "black",
+  "editor.tabSize": 2,
   "editor.formatOnSave": true,
   "[python]": {
-    "editor.defaultFormatter": null
+    "editor.defaultFormatter": null,
+    "editor.tabSize": 4
   }
 }
diff --git a/bam/routes.py b/bam/routes.py
index 7c301b2886ccf292bc4953bc03a050edc4ec678f..6f4368af3e87377d754c568c4a3d8058af0ca774 100644
--- a/bam/routes.py
+++ b/bam/routes.py
@@ -97,3 +97,19 @@ def deleteBook(bookid):
         db.session.delete(book)
         db.session.commit()
     return redirect(url_for("home"))
+
+
+@app.route("/manage")
+@login_required
+def manageUsers():
+    return render_template("manage.html", users=User.query.all())
+
+
+@app.route("/toggleRole/<int:userid>")
+@login_required
+def toggleRole(userid):
+    user = User.query.get(userid)
+    if user and current_user.is_admin():
+        user.role = "user" if user.is_admin() else "admin"
+        db.session.commit()
+    return redirect(url_for("manageUsers"))
\ No newline at end of file
diff --git a/bam/static/manageUsers.css b/bam/static/manageUsers.css
new file mode 100644
index 0000000000000000000000000000000000000000..563a8b15682369d2e0c4a1c80a9749e0f059609b
--- /dev/null
+++ b/bam/static/manageUsers.css
@@ -0,0 +1,39 @@
+.content {
+  width: var(--content-width);
+}
+
+.item {
+  font-size: 2rem;
+  margin-bottom: 5px;
+  font-weight: 400;
+  color: #ddd;
+  opacity: 0.85;
+  transition: all 0.3s ease;
+}
+
+.item:hover {
+  opacity: 1;
+}
+
+.italicize {
+  font-style: oblique;
+  font-weight: 300;
+  color: #aaa;
+}
+
+.heading {
+  font-size: 2.5rem;
+  padding: 30px 0 10px;
+  font-weight: 500;
+}
+
+.item a {
+  text-decoration: underline 1px dotted grey;
+  font-weight: 300;
+  color: #aaa;
+  transition: all 0.3s ease;
+}
+
+.item a:hover {
+  color: #ccc;
+}
diff --git a/bam/templates/dash.html b/bam/templates/dash.html
index f5e6510c6a25362128711a76dce1b5863d902e8a..a2abedc8e9d3f217a6d39ddab50ce97a1c79b616 100644
--- a/bam/templates/dash.html
+++ b/bam/templates/dash.html
@@ -33,7 +33,11 @@
           >Add a book</a
         >
         <div class="space"></div>
-        <a href="#">Settings</a>
+        <a
+          href="{{ url_for('manageUsers') }}"
+          class="{{ 'active' if active_page == 'manage' else '' }}"
+          >Manage users</a
+        >
         <a href="{{ url_for('logout') }}">Logout</a>
       </div>
       <div class="content">{% block content %}{% endblock %}</div>
diff --git a/bam/templates/manage.html b/bam/templates/manage.html
new file mode 100644
index 0000000000000000000000000000000000000000..3a465a619ba2dc308a1469aa44d27d3e3cdd3509
--- /dev/null
+++ b/bam/templates/manage.html
@@ -0,0 +1,20 @@
+{% extends "dash.html" %} {% set active_page = "manage" %} {% block head %}
+<link
+  rel="stylesheet"
+  href="{{ url_for('static', filename='manageUsers.css') }}"
+/>
+{% endblock %} {% block content %} {% if current_user.is_admin() %}
+<div class="heading">User List</div>
+{% for user in users %}
+<div class="item">
+  {{ user.username|e }} {% if user.username != current_user.username %} –
+  <a href="{{ url_for('toggleRole', userid=user.id) }}">
+    {{ "Demote to user" if user.is_admin() else "Promote to Administrator" }}
+  </a>
+  {% else %} <span class="italicize">(You)</span> {% endif %}
+</div>
+{% endfor %} {% else %}
+<div class="heading">
+  Unauthorized. Request an existing admin to upgrade your account.
+</div>
+{% endif %} {% endblock %}
diff --git a/create_db.py b/create_db.py
index 58a9a343551a017e5eaaf9957276f215451c8b1f..139beebe776c09c18a38d4a852ffd3603728eecf 100644
--- a/create_db.py
+++ b/create_db.py
@@ -12,12 +12,17 @@ def main():
     users = [
         ["bookmaster", "bookmaster@example.com", "masterofbooks", "user"],
         ["root", "root@example.com", "toor", "admin"],
+        ["Jake", "jake@example.com", "justin", "user"],
+        ["Anuj", "anuj@example.com", "youcan'tguessme", "admin"],
     ]
 
     books = [
-        ["Harry Potter", "JK Rowling", None, "400", 1],
+        ["Harry Potter", "JK Rowling", None, "400", 3],
         ["Lord of the Rings", "JRR Tolkien", None, "700.50", 2],
         ["Artemis Fowl", "Eoin Colfer", None, "356", 1],
+        ["Percy Jackson", "Rick Riordan", None, "499", 3],
+        ["The Thief Lord", "Cornelia Funke", None, "375.25", 1],
+        ["Sherlock Holmes", "Arthur Conan Doyle", None, "800", 3],
     ]
 
     for username, email, passwd, role in users: