diff --git a/components/pages/settings/users/UserEditForm.js b/components/pages/settings/users/UserEditForm.js
index e746b18b..49df4b24 100644
--- a/components/pages/settings/users/UserEditForm.js
+++ b/components/pages/settings/users/UserEditForm.js
@@ -16,7 +16,9 @@ import useMessages from 'hooks/useMessages';
 export default function UserEditForm({ userId, data, onSave }) {
   const { formatMessage, labels, messages } = useMessages();
   const { post, useMutation } = useApi();
-  const { mutate, error } = useMutation(({ username }) => post(`/users/${userId}`, { username }));
+  const { mutate, error } = useMutation(({ username, password, role }) =>
+    post(`/users/${userId}`, { username, password, role }),
+  );
 
   const handleSubmit = async data => {
     mutate(data, {
diff --git a/lib/types.ts b/lib/types.ts
index 034326f0..5db5a586 100644
--- a/lib/types.ts
+++ b/lib/types.ts
@@ -43,6 +43,7 @@ export interface User {
   id: string;
   username: string;
   password?: string;
+  role: string;
   createdAt?: Date;
 }
 
diff --git a/pages/api/auth/login.ts b/pages/api/auth/login.ts
index 97c43ca7..9bdfec22 100644
--- a/pages/api/auth/login.ts
+++ b/pages/api/auth/login.ts
@@ -45,7 +45,10 @@ export default async (
 
       const token = createSecureToken({ userId: user.id }, secret());
 
-      return ok(res, { token, user });
+      return ok(res, {
+        token,
+        user: { id: user.id, username: user.username, createdAt: user.createdAt },
+      });
     }
 
     return unauthorized(res, 'message.incorrect-username-password');
diff --git a/pages/api/users/[id]/index.ts b/pages/api/users/[id]/index.ts
index c7106d95..8219c4a7 100644
--- a/pages/api/users/[id]/index.ts
+++ b/pages/api/users/[id]/index.ts
@@ -1,4 +1,4 @@
-import { NextApiRequestQueryBody, User } from 'lib/types';
+import { NextApiRequestQueryBody, Roles, User } from 'lib/types';
 import { canDeleteUser, canUpdateUser, canViewUser } from 'lib/auth';
 import { useAuth } from 'lib/middleware';
 import { NextApiResponse } from 'next';
@@ -12,6 +12,7 @@ export interface UserRequestQuery {
 export interface UserRequestBody {
   username: string;
   password: string;
+  role: Roles;
 }
 
 export default async (
@@ -40,17 +41,20 @@ export default async (
       return unauthorized(res);
     }
 
-    const { username, password } = req.body;
+    const { username, password, role } = req.body;
 
     const user = await getUser({ id });
 
     const data: any = {};
 
-    // Only admin can change these fields
-    if (password && isAdmin) {
+    if (password) {
       data.password = hashPassword(password);
     }
 
+    if (role && isAdmin) {
+      data.role = role;
+    }
+
     // Only admin can change these fields
     if (username && isAdmin) {
       data.username = username;
diff --git a/queries/admin/user.ts b/queries/admin/user.ts
index 1f3a2bd0..412c7785 100644
--- a/queries/admin/user.ts
+++ b/queries/admin/user.ts
@@ -17,6 +17,7 @@ export async function getUser(
       username: true,
       password: includePassword,
       role: true,
+      createdAt: true,
     },
   });
 }