diff --git a/src/model/user.rs b/src/model/user.rs
index ca421b8..6f25d7c 100644
--- a/src/model/user.rs
+++ b/src/model/user.rs
@@ -1001,6 +1001,7 @@ special_user!(SchnupperBetreuerUser, +"schnupper-betreuer");
 special_user!(VorstandUser, +"Vorstand");
 special_user!(EventUser, +"manage_events");
 special_user!(AllowedToEditPaymentStatusUser, +"kassier", +"admin");
+special_user!(ManageUserUser, +"admin", +"schriftfuehrer");
 
 #[derive(FromRow, Serialize, Deserialize, Clone, Debug)]
 pub struct UserWithRolesAndMembershipPdf {
diff --git a/src/tera/admin/user.rs b/src/tera/admin/user.rs
index 3c5db86..3a98508 100644
--- a/src/tera/admin/user.rs
+++ b/src/tera/admin/user.rs
@@ -7,7 +7,7 @@ use crate::{
         logbook::Logbook,
         role::Role,
         user::{
-            AdminUser, AllowedToEditPaymentStatusUser, SchnupperBetreuerUser, User,
+            AdminUser, AllowedToEditPaymentStatusUser, ManageUserUser, SchnupperBetreuerUser, User,
             UserWithDetails, UserWithMembershipPdf, UserWithRolesAndMembershipPdf, VorstandUser,
         },
     },
@@ -56,7 +56,7 @@ async fn index(
         .collect();
 
     let user: User = user.into_inner();
-    let allowed_to_edit = user.has_role(db, "admin").await;
+    let allowed_to_edit = ManageUserUser::new(db, user.clone()).await.is_some();
 
     let users: Vec<UserWithRolesAndMembershipPdf> = join_all(user_futures).await;
 
@@ -90,7 +90,7 @@ async fn index_admin(
     let users: Vec<UserWithRolesAndMembershipPdf> = join_all(user_futures).await;
 
     let user: User = user.user;
-    let allowed_to_edit = user.has_role(db, "admin").await;
+    let allowed_to_edit = ManageUserUser::new(db, user.clone()).await.is_some();
 
     let roles = Role::all(db).await;
     let families = Family::all_with_members(db).await;
@@ -215,7 +215,7 @@ async fn fees_paid(
 #[get("/user/<user>/send-welcome-mail")]
 async fn send_welcome_mail(
     db: &State<SqlitePool>,
-    _admin: AdminUser,
+    _admin: ManageUserUser,
     config: &State<Config>,
     user: i32,
 ) -> Flash<Redirect> {
@@ -233,7 +233,7 @@ async fn send_welcome_mail(
 }
 
 #[get("/user/<user>/reset-pw")]
-async fn resetpw(db: &State<SqlitePool>, admin: AdminUser, user: i32) -> Flash<Redirect> {
+async fn resetpw(db: &State<SqlitePool>, admin: ManageUserUser, user: i32) -> Flash<Redirect> {
     let user = User::find_by_id(db, user).await;
     match user {
         Some(user) => {
@@ -253,7 +253,7 @@ async fn resetpw(db: &State<SqlitePool>, admin: AdminUser, user: i32) -> Flash<R
 }
 
 #[get("/user/<user>/delete")]
-async fn delete(db: &State<SqlitePool>, admin: AdminUser, user: i32) -> Flash<Redirect> {
+async fn delete(db: &State<SqlitePool>, admin: ManageUserUser, user: i32) -> Flash<Redirect> {
     let user = User::find_by_id(db, user).await;
     Log::create(db, format!("{} deleted user: {user:?}", admin.user.name)).await;
     match user {
@@ -290,7 +290,7 @@ pub struct UserEditForm<'a> {
 async fn update(
     db: &State<SqlitePool>,
     data: Form<UserEditForm<'_>>,
-    admin: AdminUser,
+    admin: ManageUserUser,
 ) -> Flash<Redirect> {
     let user = User::find_by_id(db, data.id).await;
     Log::create(
@@ -313,7 +313,7 @@ async fn update(
 #[get("/user/<user>/membership")]
 async fn download_membership_pdf(
     db: &State<SqlitePool>,
-    admin: AdminUser,
+    admin: ManageUserUser,
     user: i32,
 ) -> (ContentType, Vec<u8>) {
     let user = User::find_by_id(db, user).await.unwrap();
@@ -339,7 +339,7 @@ struct UserAddForm<'r> {
 async fn create(
     db: &State<SqlitePool>,
     data: Form<UserAddForm<'_>>,
-    admin: AdminUser,
+    admin: ManageUserUser,
 ) -> Flash<Redirect> {
     if User::create(db, data.name).await {
         Log::create(