diff --git a/server/client.js b/server/client.js
index 72f0a4e8e2..0890ec8bef 100644
--- a/server/client.js
+++ b/server/client.js
@@ -19,9 +19,7 @@ async function sendNotificationList(socket) {
     const timeLogger = new TimeLogger();
 
     let result = [];
-    let list = await R.find("notification", " user_id = ? ", [
-        socket.userID,
-    ]);
+    let list = await R.findAll("notification");
 
     for (let bean of list) {
         let notificationObject = bean.export();
@@ -102,7 +100,7 @@ async function sendImportantHeartbeatList(socket, monitorID, toUser = false, ove
 async function sendProxyList(socket) {
     const timeLogger = new TimeLogger();
 
-    const list = await R.find("proxy", " user_id = ? ", [ socket.userID ]);
+    const list = await R.findAll("proxy");
     io.to(socket.userID).emit("proxyList", list.map(bean => bean.export()));
 
     timeLogger.print("Send Proxy List");
@@ -174,9 +172,7 @@ async function sendDockerHostList(socket) {
     const timeLogger = new TimeLogger();
 
     let result = [];
-    let list = await R.find("docker_host", " user_id = ? ", [
-        socket.userID,
-    ]);
+    let list = await R.findAll("docker_host");
 
     for (let bean of list) {
         result.push(bean.toJSON());
diff --git a/server/docker.js b/server/docker.js
index ee6051dfae..8330c2019e 100644
--- a/server/docker.js
+++ b/server/docker.js
@@ -23,7 +23,7 @@ class DockerHost {
         let bean;
 
         if (dockerHostID) {
-            bean = await R.findOne("docker_host", " id = ? AND user_id = ? ", [ dockerHostID, userID ]);
+            bean = await R.findOne("docker_host", " id = ? ", [ dockerHostID ]);
 
             if (!bean) {
                 throw new Error("docker host not found");
@@ -46,11 +46,10 @@ class DockerHost {
     /**
      * Delete a Docker host
      * @param {number} dockerHostID ID of the Docker host to delete
-     * @param {number} userID ID of the user who created the Docker host
      * @returns {Promise<void>}
      */
-    static async delete(dockerHostID, userID) {
-        let bean = await R.findOne("docker_host", " id = ? AND user_id = ? ", [ dockerHostID, userID ]);
+    static async delete(dockerHostID) {
+        let bean = await R.findOne("docker_host", " id = ? ", [ dockerHostID ]);
 
         if (!bean) {
             throw new Error("docker host not found");
diff --git a/server/model/user.js b/server/model/user.js
index 329402ff5d..f3897fd0ba 100644
--- a/server/model/user.js
+++ b/server/model/user.js
@@ -43,6 +43,7 @@ class User extends BeanModel {
      */
     static createJWT(user, jwtSecret) {
         return jwt.sign({
+            userID: user.id,
             username: user.username,
             h: shake256(user.password, SHAKE256_LENGTH),
         }, jwtSecret);
diff --git a/server/notification.js b/server/notification.js
index 26daeb0428..6ed6f60530 100644
--- a/server/notification.js
+++ b/server/notification.js
@@ -194,10 +194,7 @@ class Notification {
         let bean;
 
         if (notificationID) {
-            bean = await R.findOne("notification", " id = ? AND user_id = ? ", [
-                notificationID,
-                userID,
-            ]);
+            bean = await R.findOne("notification", " id = ? ", [ notificationID ]);
 
             if (! bean) {
                 throw new Error("notification not found");
@@ -223,14 +220,10 @@ class Notification {
     /**
      * Delete a notification
      * @param {number} notificationID ID of notification to delete
-     * @param {number} userID ID of user who created notification
      * @returns {Promise<void>}
      */
-    static async delete(notificationID, userID) {
-        let bean = await R.findOne("notification", " id = ? AND user_id = ? ", [
-            notificationID,
-            userID,
-        ]);
+    static async delete(notificationID) {
+        let bean = await R.findOne("notification", " id = ? ", [ notificationID ]);
 
         if (! bean) {
             throw new Error("notification not found");
@@ -254,13 +247,10 @@ class Notification {
 /**
  * Apply the notification to every monitor
  * @param {number} notificationID ID of notification to apply
- * @param {number} userID ID of user who created notification
  * @returns {Promise<void>}
  */
-async function applyNotificationEveryMonitor(notificationID, userID) {
-    let monitors = await R.getAll("SELECT id FROM monitor WHERE user_id = ?", [
-        userID
-    ]);
+async function applyNotificationEveryMonitor(notificationID) {
+    let monitors = await R.getAll("SELECT id FROM monitor");
 
     for (let i = 0; i < monitors.length; i++) {
         let checkNotification = await R.findOne("monitor_notification", " monitor_id = ? AND notification_id = ? ", [
diff --git a/server/proxy.js b/server/proxy.js
index 3f3771ab98..2100b3e9c3 100644
--- a/server/proxy.js
+++ b/server/proxy.js
@@ -22,7 +22,7 @@ class Proxy {
         let bean;
 
         if (proxyID) {
-            bean = await R.findOne("proxy", " id = ? AND user_id = ? ", [ proxyID, userID ]);
+            bean = await R.findOne("proxy", " id = ? ", [ proxyID ]);
 
             if (!bean) {
                 throw new Error("proxy not found");
@@ -67,11 +67,10 @@ class Proxy {
     /**
      * Deletes proxy with given id and removes it from monitors
      * @param {number} proxyID ID of proxy to delete
-     * @param {number} userID ID of proxy owner
      * @returns {Promise<void>}
      */
-    static async delete(proxyID, userID) {
-        const bean = await R.findOne("proxy", " id = ? AND user_id = ? ", [ proxyID, userID ]);
+    static async delete(proxyID) {
+        const bean = await R.findOne("proxy", " id = ? ", [ proxyID ]);
 
         if (!bean) {
             throw new Error("proxy not found");
@@ -182,12 +181,11 @@ class Proxy {
 /**
  * Applies given proxy id to monitors
  * @param {number} proxyID ID of proxy to apply
- * @param {number} userID ID of proxy owner
  * @returns {Promise<void>}
  */
-async function applyProxyEveryMonitor(proxyID, userID) {
+async function applyProxyEveryMonitor(proxyID) {
     // Find all monitors with id and proxy id
-    const monitors = await R.getAll("SELECT id, proxy_id FROM monitor WHERE user_id = ?", [ userID ]);
+    const monitors = await R.getAll("SELECT id, proxy_id FROM monitor");
 
     // Update proxy id not match with given proxy id
     for (const monitor of monitors) {
diff --git a/server/server.js b/server/server.js
index db58ae8291..05d1f5b867 100644
--- a/server/server.js
+++ b/server/server.js
@@ -150,6 +150,7 @@ const { resetChrome } = require("./monitor-types/real-browser-monitor-type");
 const { EmbeddedMariaDB } = require("./embedded-mariadb");
 const { SetupDatabase } = require("./setup-database");
 const { chartSocketHandler } = require("./socket-handlers/chart-socket-handler");
+const { sendUserList, getUser, saveUser } = require("./user");
 
 app.use(express.json());
 
@@ -493,8 +494,8 @@ let needSetup = false;
                     return;
                 }
 
-                checkLogin(socket);
-                await doubleCheckPassword(socket, currentPassword);
+                await checkLogin(socket);
+                await doubleCheckPassword(socket.userID, currentPassword);
 
                 let user = await R.findOne("user", " id = ? AND active = 1 ", [
                     socket.userID,
@@ -543,8 +544,8 @@ let needSetup = false;
                     return;
                 }
 
-                checkLogin(socket);
-                await doubleCheckPassword(socket, currentPassword);
+                await checkLogin(socket);
+                await doubleCheckPassword(socket.userID, currentPassword);
 
                 await R.exec("UPDATE `user` SET twofa_status = 1 WHERE id = ? ", [
                     socket.userID,
@@ -576,8 +577,8 @@ let needSetup = false;
                     return;
                 }
 
-                checkLogin(socket);
-                await doubleCheckPassword(socket, currentPassword);
+                await checkLogin(socket);
+                await doubleCheckPassword(socket.userID, currentPassword);
                 await TwoFA.disable2FA(socket.userID);
 
                 log.info("auth", `Disabled 2FA token. IP=${clientIP}`);
@@ -600,8 +601,8 @@ let needSetup = false;
 
         socket.on("verifyToken", async (token, currentPassword, callback) => {
             try {
-                checkLogin(socket);
-                await doubleCheckPassword(socket, currentPassword);
+                await checkLogin(socket);
+                await doubleCheckPassword(socket.userID, currentPassword);
 
                 let user = await R.findOne("user", " id = ? AND active = 1 ", [
                     socket.userID,
@@ -633,7 +634,7 @@ let needSetup = false;
 
         socket.on("twoFAStatus", async (callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 let user = await R.findOne("user", " id = ? AND active = 1 ", [
                     socket.userID,
@@ -668,10 +669,6 @@ let needSetup = false;
                     throw new Error("Password is too weak. It should contain alphabetic and numeric characters. It must be at least 6 characters in length.");
                 }
 
-                if ((await R.knex("user").count("id as count").first()).count !== 0) {
-                    throw new Error("Uptime Kuma has been initialized. If you want to run setup again, please delete the database.");
-                }
-
                 let user = R.dispense("user");
                 user.username = username;
                 user.password = passwordHash.generate(password);
@@ -697,10 +694,65 @@ let needSetup = false;
         // Auth Only API
         // ***************************
 
+        socket.on("getUsers", async callback => {
+            try {
+                await checkLogin(socket);
+
+                const users = await sendUserList(socket);
+
+                callback({
+                    ok: true,
+                    users
+                });
+            } catch (e) {
+                callback({
+                    ok: false,
+                    msg: e.message,
+                });
+            }
+        });
+
+        socket.on("getUser", async (userID, callback) => {
+            try {
+                await checkLogin(socket);
+
+                const user = await getUser(userID);
+
+                callback({
+                    ok: true,
+                    user
+                });
+            } catch (e) {
+                callback({
+                    ok: false,
+                    msg: e.message,
+                });
+            }
+        });
+
+        socket.on("saveUser", async (user, callback) => {
+            try {
+                await checkLogin(socket);
+
+                await saveUser(socket, user);
+                await sendUserList(socket);
+
+                callback({
+                    ok: true,
+                    msg: "Saved Successfully.",
+                });
+            } catch (e) {
+                callback({
+                    ok: false,
+                    msg: e.message,
+                });
+            }
+        });
+
         // Add a new monitor
         socket.on("add", async (monitor, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
                 let bean = R.dispense("monitor");
 
                 let notificationIDList = monitor.notificationIDList;
@@ -757,14 +809,10 @@ let needSetup = false;
         socket.on("editMonitor", async (monitor, callback) => {
             try {
                 let removeGroupChildren = false;
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 let bean = await R.findOne("monitor", " id = ? ", [ monitor.id ]);
 
-                if (bean.user_id !== socket.userID) {
-                    throw new Error("Permission denied.");
-                }
-
                 // Check if Parent is Descendant (would cause endless loop)
                 if (monitor.parent !== null) {
                     const childIDs = await Monitor.getAllChildrenIDs(monitor.id);
@@ -904,7 +952,7 @@ let needSetup = false;
 
         socket.on("getMonitorList", async (callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
                 await server.sendMonitorList(socket);
                 callback({
                     ok: true,
@@ -920,14 +968,11 @@ let needSetup = false;
 
         socket.on("getMonitor", async (monitorID, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 log.info("monitor", `Get Monitor: ${monitorID} User ID: ${socket.userID}`);
 
-                let monitor = await R.findOne("monitor", " id = ? AND user_id = ? ", [
-                    monitorID,
-                    socket.userID,
-                ]);
+                let monitor = await R.findOne("monitor", " id = ? ", [ monitorID ]);
                 const monitorData = [{ id: monitor.id,
                     active: monitor.active
                 }];
@@ -947,7 +992,7 @@ let needSetup = false;
 
         socket.on("getMonitorBeats", async (monitorID, period, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 log.info("monitor", `Get Monitor Beats: ${monitorID} User ID: ${socket.userID}`);
 
@@ -983,7 +1028,7 @@ let needSetup = false;
         // Start or Resume the monitor
         socket.on("resumeMonitor", async (monitorID, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
                 await startMonitor(socket.userID, monitorID);
                 await server.sendUpdateMonitorIntoList(socket, monitorID);
 
@@ -1003,7 +1048,7 @@ let needSetup = false;
 
         socket.on("pauseMonitor", async (monitorID, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
                 await pauseMonitor(socket.userID, monitorID);
                 await server.sendUpdateMonitorIntoList(socket, monitorID);
 
@@ -1023,7 +1068,7 @@ let needSetup = false;
 
         socket.on("deleteMonitor", async (monitorID, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 log.info("manage", `Delete Monitor: ${monitorID} User ID: ${socket.userID}`);
 
@@ -1034,10 +1079,7 @@ let needSetup = false;
 
                 const startTime = Date.now();
 
-                await R.exec("DELETE FROM monitor WHERE id = ? AND user_id = ? ", [
-                    monitorID,
-                    socket.userID,
-                ]);
+                await R.exec("DELETE FROM monitor WHERE id = ? ", [ monitorID ]);
 
                 // Fix #2880
                 apicache.clear();
@@ -1063,7 +1105,7 @@ let needSetup = false;
 
         socket.on("getTags", async (callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 const list = await R.findAll("tag");
 
@@ -1082,7 +1124,7 @@ let needSetup = false;
 
         socket.on("addTag", async (tag, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 let bean = R.dispense("tag");
                 bean.name = tag.name;
@@ -1104,7 +1146,7 @@ let needSetup = false;
 
         socket.on("editTag", async (tag, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 let bean = await R.findOne("tag", " id = ? ", [ tag.id ]);
                 if (bean == null) {
@@ -1136,7 +1178,7 @@ let needSetup = false;
 
         socket.on("deleteTag", async (tagID, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 await R.exec("DELETE FROM tag WHERE id = ? ", [ tagID ]);
 
@@ -1156,7 +1198,7 @@ let needSetup = false;
 
         socket.on("addMonitorTag", async (tagID, monitorID, value, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 await R.exec("INSERT INTO monitor_tag (tag_id, monitor_id, value) VALUES (?, ?, ?)", [
                     tagID,
@@ -1180,7 +1222,7 @@ let needSetup = false;
 
         socket.on("editMonitorTag", async (tagID, monitorID, value, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 await R.exec("UPDATE monitor_tag SET value = ? WHERE tag_id = ? AND monitor_id = ?", [
                     value,
@@ -1204,7 +1246,7 @@ let needSetup = false;
 
         socket.on("deleteMonitorTag", async (tagID, monitorID, value, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 await R.exec("DELETE FROM monitor_tag WHERE tag_id = ? AND monitor_id = ? AND value = ?", [
                     tagID,
@@ -1292,9 +1334,9 @@ let needSetup = false;
             }
         });
 
-        socket.on("changePassword", async (password, callback) => {
+        socket.on("changePassword", async (userID, password, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 if (!password.newPassword) {
                     throw new Error("Invalid new password");
@@ -1304,7 +1346,7 @@ let needSetup = false;
                     throw new Error("Password is too weak. It should contain alphabetic and numeric characters. It must be at least 6 characters in length.");
                 }
 
-                let user = await doubleCheckPassword(socket, password.currentPassword);
+                let user = await doubleCheckPassword(userID, password.currentPassword);
                 await user.resetPassword(password.newPassword);
 
                 server.disconnectAllSocketClients(user.id, socket.id);
@@ -1326,7 +1368,7 @@ let needSetup = false;
 
         socket.on("getSettings", async (callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
                 const data = await getSettings("general");
 
                 if (!data.serverTimezone) {
@@ -1348,7 +1390,7 @@ let needSetup = false;
 
         socket.on("setSettings", async (data, currentPassword, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 // If currently is disabled auth, don't need to check
                 // Disabled Auth + Want to Disable Auth => No Check
@@ -1412,7 +1454,7 @@ let needSetup = false;
         // Add or Edit
         socket.on("addNotification", async (notification, notificationID, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 let notificationBean = await Notification.save(notification, notificationID, socket.userID);
                 await sendNotificationList(socket);
@@ -1434,7 +1476,7 @@ let needSetup = false;
 
         socket.on("deleteNotification", async (notificationID, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 await Notification.delete(notificationID, socket.userID);
                 await sendNotificationList(socket);
@@ -1455,7 +1497,7 @@ let needSetup = false;
 
         socket.on("testNotification", async (notification, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 let msg = await Notification.send(notification, notification.name + " Testing");
 
@@ -1476,7 +1518,7 @@ let needSetup = false;
 
         socket.on("checkApprise", async (callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
                 callback(Notification.checkApprise());
             } catch (e) {
                 callback(false);
@@ -1485,7 +1527,7 @@ let needSetup = false;
 
         socket.on("clearEvents", async (monitorID, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 log.info("manage", `Clear Events Monitor: ${monitorID} User ID: ${socket.userID}`);
 
@@ -1509,7 +1551,7 @@ let needSetup = false;
 
         socket.on("clearHeartbeats", async (monitorID, callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 log.info("manage", `Clear Heartbeats Monitor: ${monitorID} User ID: ${socket.userID}`);
 
@@ -1533,7 +1575,7 @@ let needSetup = false;
 
         socket.on("clearStatistics", async (callback) => {
             try {
-                checkLogin(socket);
+                await checkLogin(socket);
 
                 log.info("manage", `Clear Statistics User ID: ${socket.userID}`);
 
@@ -1638,24 +1680,6 @@ async function updateMonitorNotification(monitorID, notificationIDList) {
     }
 }
 
-/**
- * Check if a given user owns a specific monitor
- * @param {number} userID ID of user to check
- * @param {number} monitorID ID of monitor to check
- * @returns {Promise<void>}
- * @throws {Error} The specified user does not own the monitor
- */
-async function checkOwner(userID, monitorID) {
-    let row = await R.getRow("SELECT id FROM monitor WHERE id = ? AND user_id = ? ", [
-        monitorID,
-        userID,
-    ]);
-
-    if (! row) {
-        throw new Error("You do not own this monitor.");
-    }
-}
-
 /**
  * Function called after user login
  * This function is used to send the heartbeat list of a monitor.
@@ -1677,6 +1701,7 @@ async function afterLogin(socket, user) {
         sendAPIKeyList(socket),
         sendRemoteBrowserList(socket),
         sendMonitorTypeList(socket),
+        sendUserList(socket),
     ]);
 
     await StatusPage.sendStatusPageList(io, socket);
@@ -1739,14 +1764,9 @@ async function initDatabase(testMode = false) {
  * @returns {Promise<void>}
  */
 async function startMonitor(userID, monitorID) {
-    await checkOwner(userID, monitorID);
-
     log.info("manage", `Resume Monitor: ${monitorID} User ID: ${userID}`);
 
-    await R.exec("UPDATE monitor SET active = 1 WHERE id = ? AND user_id = ? ", [
-        monitorID,
-        userID,
-    ]);
+    await R.exec("UPDATE monitor SET active = 1 WHERE id = ? ", [ monitorID ]);
 
     let monitor = await R.findOne("monitor", " id = ? ", [
         monitorID,
@@ -1777,14 +1797,9 @@ async function restartMonitor(userID, monitorID) {
  * @returns {Promise<void>}
  */
 async function pauseMonitor(userID, monitorID) {
-    await checkOwner(userID, monitorID);
-
     log.info("manage", `Pause Monitor: ${monitorID} User ID: ${userID}`);
 
-    await R.exec("UPDATE monitor SET active = 0 WHERE id = ? AND user_id = ? ", [
-        monitorID,
-        userID,
-    ]);
+    await R.exec("UPDATE monitor SET active = 0 WHERE id = ? ", [ monitorID ]);
 
     if (monitorID in server.monitorList) {
         await server.monitorList[monitorID].stop();
diff --git a/server/socket-handlers/api-key-socket-handler.js b/server/socket-handlers/api-key-socket-handler.js
index f76b909918..efe9984a05 100644
--- a/server/socket-handlers/api-key-socket-handler.js
+++ b/server/socket-handlers/api-key-socket-handler.js
@@ -17,7 +17,7 @@ module.exports.apiKeySocketHandler = (socket) => {
     // Add a new api key
     socket.on("addAPIKey", async (key, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             let clearKey = nanoid(40);
             let hashedKey = passwordHash.generate(clearKey);
@@ -54,7 +54,7 @@ module.exports.apiKeySocketHandler = (socket) => {
 
     socket.on("getAPIKeyList", async (callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
             await sendAPIKeyList(socket);
             callback({
                 ok: true,
@@ -70,14 +70,11 @@ module.exports.apiKeySocketHandler = (socket) => {
 
     socket.on("deleteAPIKey", async (keyID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             log.debug("apikeys", `Deleted API Key: ${keyID} User ID: ${socket.userID}`);
 
-            await R.exec("DELETE FROM api_key WHERE id = ? AND user_id = ? ", [
-                keyID,
-                socket.userID,
-            ]);
+            await R.exec("DELETE FROM api_key WHERE id = ? ", [ keyID ]);
 
             apicache.clear();
 
@@ -99,7 +96,7 @@ module.exports.apiKeySocketHandler = (socket) => {
 
     socket.on("disableAPIKey", async (keyID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             log.debug("apikeys", `Disabled Key: ${keyID} User ID: ${socket.userID}`);
 
@@ -127,7 +124,7 @@ module.exports.apiKeySocketHandler = (socket) => {
 
     socket.on("enableAPIKey", async (keyID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             log.debug("apikeys", `Enabled Key: ${keyID} User ID: ${socket.userID}`);
 
diff --git a/server/socket-handlers/cloudflared-socket-handler.js b/server/socket-handlers/cloudflared-socket-handler.js
index 809191fe85..9508aeb6f3 100644
--- a/server/socket-handlers/cloudflared-socket-handler.js
+++ b/server/socket-handlers/cloudflared-socket-handler.js
@@ -36,7 +36,7 @@ module.exports.cloudflaredSocketHandler = (socket) => {
 
     socket.on(prefix + "join", async () => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
             socket.join("cloudflared");
             io.to(socket.userID).emit(prefix + "installed", cloudflared.checkInstalled());
             io.to(socket.userID).emit(prefix + "running", cloudflared.running);
@@ -46,14 +46,14 @@ module.exports.cloudflaredSocketHandler = (socket) => {
 
     socket.on(prefix + "leave", async () => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
             socket.leave("cloudflared");
         } catch (error) { }
     });
 
     socket.on(prefix + "start", async (token) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
             if (token && typeof token === "string") {
                 await setSetting("cloudflaredTunnelToken", token);
                 cloudflared.token = token;
@@ -66,7 +66,7 @@ module.exports.cloudflaredSocketHandler = (socket) => {
 
     socket.on(prefix + "stop", async (currentPassword, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
             const disabledAuth = await setting("disableAuth");
             if (!disabledAuth) {
                 await doubleCheckPassword(socket, currentPassword);
@@ -82,7 +82,7 @@ module.exports.cloudflaredSocketHandler = (socket) => {
 
     socket.on(prefix + "removeToken", async () => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
             await setSetting("cloudflaredTunnelToken", "");
         } catch (error) { }
     });
diff --git a/server/socket-handlers/database-socket-handler.js b/server/socket-handlers/database-socket-handler.js
index ee2394bf6b..b440fd5b6d 100644
--- a/server/socket-handlers/database-socket-handler.js
+++ b/server/socket-handlers/database-socket-handler.js
@@ -11,7 +11,7 @@ module.exports.databaseSocketHandler = (socket) => {
     // Post or edit incident
     socket.on("getDatabaseSize", async (callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
             callback({
                 ok: true,
                 size: Database.getSize(),
@@ -26,7 +26,7 @@ module.exports.databaseSocketHandler = (socket) => {
 
     socket.on("shrinkDatabase", async (callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
             await Database.shrink();
             callback({
                 ok: true,
diff --git a/server/socket-handlers/docker-socket-handler.js b/server/socket-handlers/docker-socket-handler.js
index 95a60bcd30..c483b253c0 100644
--- a/server/socket-handlers/docker-socket-handler.js
+++ b/server/socket-handlers/docker-socket-handler.js
@@ -11,7 +11,7 @@ const { log } = require("../../src/util");
 module.exports.dockerSocketHandler = (socket) => {
     socket.on("addDockerHost", async (dockerHost, dockerHostID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             let dockerHostBean = await DockerHost.save(dockerHost, dockerHostID, socket.userID);
             await sendDockerHostList(socket);
@@ -33,7 +33,7 @@ module.exports.dockerSocketHandler = (socket) => {
 
     socket.on("deleteDockerHost", async (dockerHostID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             await DockerHost.delete(dockerHostID, socket.userID);
             await sendDockerHostList(socket);
@@ -54,7 +54,7 @@ module.exports.dockerSocketHandler = (socket) => {
 
     socket.on("testDockerHost", async (dockerHost, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             let amount = await DockerHost.testDockerHost(dockerHost);
             let msg;
diff --git a/server/socket-handlers/general-socket-handler.js b/server/socket-handlers/general-socket-handler.js
index 50dcd946e2..0b8ad99d92 100644
--- a/server/socket-handlers/general-socket-handler.js
+++ b/server/socket-handlers/general-socket-handler.js
@@ -38,7 +38,7 @@ function getGameList() {
 module.exports.generalSocketHandler = (socket, server) => {
     socket.on("initServerTimezone", async (timezone) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
             log.debug("generalSocketHandler", "Timezone: " + timezone);
             await Settings.set("initServerTimezone", true);
             await server.setTimezone(timezone);
diff --git a/server/socket-handlers/maintenance-socket-handler.js b/server/socket-handlers/maintenance-socket-handler.js
index 7de13fe57a..a38943c23d 100644
--- a/server/socket-handlers/maintenance-socket-handler.js
+++ b/server/socket-handlers/maintenance-socket-handler.js
@@ -15,7 +15,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
     // Add a new maintenance
     socket.on("addMaintenance", async (maintenance, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             log.debug("maintenance", maintenance);
 
@@ -46,14 +46,10 @@ module.exports.maintenanceSocketHandler = (socket) => {
     // Edit a maintenance
     socket.on("editMaintenance", async (maintenance, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             let bean = server.getMaintenance(maintenance.id);
 
-            if (bean.user_id !== socket.userID) {
-                throw new Error("Permission denied.");
-            }
-
             await Maintenance.jsonToBean(bean, maintenance);
             await R.store(bean);
             await bean.run(true);
@@ -78,7 +74,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
     // Add a new monitor_maintenance
     socket.on("addMonitorMaintenance", async (maintenanceID, monitors, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             await R.exec("DELETE FROM monitor_maintenance WHERE maintenance_id = ?", [
                 maintenanceID
@@ -113,7 +109,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
     // Add a new monitor_maintenance
     socket.on("addMaintenanceStatusPage", async (maintenanceID, statusPages, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             await R.exec("DELETE FROM maintenance_status_page WHERE maintenance_id = ?", [
                 maintenanceID
@@ -147,14 +143,11 @@ module.exports.maintenanceSocketHandler = (socket) => {
 
     socket.on("getMaintenance", async (maintenanceID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             log.debug("maintenance", `Get Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
 
-            let bean = await R.findOne("maintenance", " id = ? AND user_id = ? ", [
-                maintenanceID,
-                socket.userID,
-            ]);
+            let bean = await R.findOne("maintenance", " id = ? ", [ maintenanceID ]);
 
             callback({
                 ok: true,
@@ -171,7 +164,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
 
     socket.on("getMaintenanceList", async (callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
             await server.sendMaintenanceList(socket);
             callback({
                 ok: true,
@@ -187,7 +180,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
 
     socket.on("getMonitorMaintenance", async (maintenanceID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             log.debug("maintenance", `Get Monitors for Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
 
@@ -211,7 +204,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
 
     socket.on("getMaintenanceStatusPage", async (maintenanceID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             log.debug("maintenance", `Get Status Pages for Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
 
@@ -235,7 +228,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
 
     socket.on("deleteMaintenance", async (maintenanceID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             log.debug("maintenance", `Delete Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
 
@@ -244,10 +237,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
                 delete server.maintenanceList[maintenanceID];
             }
 
-            await R.exec("DELETE FROM maintenance WHERE id = ? AND user_id = ? ", [
-                maintenanceID,
-                socket.userID,
-            ]);
+            await R.exec("DELETE FROM maintenance WHERE id = ? ", [ maintenanceID ]);
 
             apicache.clear();
 
@@ -269,7 +259,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
 
     socket.on("pauseMaintenance", async (maintenanceID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             log.debug("maintenance", `Pause Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
 
@@ -303,7 +293,7 @@ module.exports.maintenanceSocketHandler = (socket) => {
 
     socket.on("resumeMaintenance", async (maintenanceID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             log.debug("maintenance", `Resume Maintenance: ${maintenanceID} User ID: ${socket.userID}`);
 
diff --git a/server/socket-handlers/proxy-socket-handler.js b/server/socket-handlers/proxy-socket-handler.js
index 9e80371d7e..800977a7f6 100644
--- a/server/socket-handlers/proxy-socket-handler.js
+++ b/server/socket-handlers/proxy-socket-handler.js
@@ -12,7 +12,7 @@ const server = UptimeKumaServer.getInstance();
 module.exports.proxySocketHandler = (socket) => {
     socket.on("addProxy", async (proxy, proxyID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             const proxyBean = await Proxy.save(proxy, proxyID, socket.userID);
             await sendProxyList(socket);
@@ -39,7 +39,7 @@ module.exports.proxySocketHandler = (socket) => {
 
     socket.on("deleteProxy", async (proxyID, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             await Proxy.delete(proxyID, socket.userID);
             await sendProxyList(socket);
diff --git a/server/socket-handlers/status-page-socket-handler.js b/server/socket-handlers/status-page-socket-handler.js
index 0804da15dd..c8bf4b6986 100644
--- a/server/socket-handlers/status-page-socket-handler.js
+++ b/server/socket-handlers/status-page-socket-handler.js
@@ -18,7 +18,7 @@ module.exports.statusPageSocketHandler = (socket) => {
     // Post or edit incident
     socket.on("postIncident", async (slug, incident, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             let statusPageID = await StatusPage.slugToID(slug);
 
@@ -71,7 +71,7 @@ module.exports.statusPageSocketHandler = (socket) => {
 
     socket.on("unpinIncident", async (slug, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             let statusPageID = await StatusPage.slugToID(slug);
 
@@ -92,7 +92,7 @@ module.exports.statusPageSocketHandler = (socket) => {
 
     socket.on("getStatusPage", async (slug, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             let statusPage = await R.findOne("status_page", " slug = ? ", [
                 slug
@@ -118,7 +118,7 @@ module.exports.statusPageSocketHandler = (socket) => {
     // imgDataUrl Only Accept PNG!
     socket.on("saveStatusPage", async (slug, config, imgDataUrl, publicGroupList, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             // Save Config
             let statusPage = await R.findOne("status_page", " slug = ? ", [
@@ -256,7 +256,7 @@ module.exports.statusPageSocketHandler = (socket) => {
     // Add a new status page
     socket.on("addStatusPage", async (title, slug, callback) => {
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             title = title?.trim();
             slug = slug?.trim();
@@ -304,7 +304,7 @@ module.exports.statusPageSocketHandler = (socket) => {
         const server = UptimeKumaServer.getInstance();
 
         try {
-            checkLogin(socket);
+            await checkLogin(socket);
 
             let statusPageID = await StatusPage.slugToID(slug);
 
diff --git a/server/uptime-kuma-server.js b/server/uptime-kuma-server.js
index 76bf425657..13f6cb74a9 100644
--- a/server/uptime-kuma-server.js
+++ b/server/uptime-kuma-server.js
@@ -200,7 +200,7 @@ class UptimeKumaServer {
      * @returns {Promise<object>} List of monitors
      */
     async sendMonitorList(socket) {
-        let list = await this.getMonitorJSONList(socket.userID);
+        let list = await this.getMonitorJSONList();
         this.io.to(socket.userID).emit("monitorList", list);
         return list;
     }
@@ -227,25 +227,21 @@ class UptimeKumaServer {
     }
 
     /**
-     * Get a list of monitors for the given user.
-     * @param {string} userID - The ID of the user to get monitors for.
+     * Get a list of monitors.
      * @param {number} monitorID - The ID of monitor for.
      * @returns {Promise<object>} A promise that resolves to an object with monitor IDs as keys and monitor objects as values.
      *
      * Generated by Trelent
      */
-    async getMonitorJSONList(userID, monitorID = null) {
-
-        let query = " user_id = ? ";
-        let queryParams = [ userID ];
+    async getMonitorJSONList(monitorID = null) {
 
+        let monitorList = [];
         if (monitorID) {
-            query += "AND id = ? ";
-            queryParams.push(monitorID);
+            monitorList = await R.find("monitor", "id = ? ORDER BY weight DESC, name", [ monitorID ]);
+        } else {
+            monitorList = await R.findAll("monitor", "ORDER BY weight DESC, name");
         }
 
-        let monitorList = await R.find("monitor", query + "ORDER BY weight DESC, name", queryParams);
-
         const monitorData = monitorList.map(monitor => ({
             id: monitor.id,
             active: monitor.active,
diff --git a/server/user.js b/server/user.js
new file mode 100644
index 0000000000..5b8dfa09b3
--- /dev/null
+++ b/server/user.js
@@ -0,0 +1,78 @@
+const { TimeLogger } = require("../src/util");
+const { R } = require("redbean-node");
+const { UptimeKumaServer } = require("./uptime-kuma-server");
+const server = UptimeKumaServer.getInstance();
+const io = server.io;
+
+/**
+ * Send list of users to client
+ * @param {Socket} socket Socket.io socket instance
+ * @returns {Promise<Bean[]>} list of users
+ */
+async function sendUserList(socket) {
+    const timeLogger = new TimeLogger();
+    const userList = await R.getAll("SELECT id, username, active FROM user");
+
+    io.to(socket.userID).emit("userList", userList);
+    timeLogger.print("Send User List");
+
+    return userList;
+}
+
+/**
+ * Fetch specified user
+ * @param {number} userID ID of user to retrieve
+ * @returns {Promise<Bean[]>} User
+ */
+async function getUser(userID) {
+    const timeLogger = new TimeLogger();
+
+    const user = await R.getRow(
+        "SELECT id, username, active FROM user WHERE id = ? ",
+        [ userID ]
+    );
+
+    if (!user) {
+        throw new Error("User not found");
+    }
+
+    timeLogger.print(`Get user ${userID}`);
+
+    return user;
+}
+
+/**
+ * Saves and updates given user entity
+ * @param {Socket} socket Socket.io socket instance
+ * @param {object} user user to update
+ * @returns {Promise<void>}
+ */
+async function saveUser(socket, user) {
+    const timeLogger = new TimeLogger();
+    const { id, username, active } = user;
+
+    const bean = await R.findOne("user", " id = ? ", [ id ]);
+
+    if (!bean) {
+        throw new Error("User not found");
+    }
+
+    if (username) {
+        bean.username = username;
+    }
+    if (active !== undefined) {
+        bean.active = active;
+    }
+
+    await R.store(bean);
+
+    io.to(socket.userID).emit("saveUser", bean);
+
+    timeLogger.print(`Save user ${user.id}`);
+}
+
+module.exports = {
+    sendUserList,
+    getUser,
+    saveUser
+};
diff --git a/server/util-server.js b/server/util-server.js
index 5ebc62ac56..954da4444e 100644
--- a/server/util-server.js
+++ b/server/util-server.js
@@ -757,28 +757,28 @@ exports.allowAllOrigin = (res) => {
  * @returns {void}
  * @throws The user is not logged in
  */
-exports.checkLogin = (socket) => {
-    if (!socket.userID) {
+exports.checkLogin = async (socket) => {
+    const user = await R.findOne("user", " id = ? AND active = 1 ", [ socket.userID ]);
+
+    if (!user) {
         throw new Error("You are not logged in.");
     }
 };
 
 /**
  * For logged-in users, double-check the password
- * @param {Socket} socket Socket.io instance
+ * @param {number} userID ID of user to check
  * @param {string} currentPassword Password to validate
  * @returns {Promise<Bean>} User
  * @throws The current password is not a string
  * @throws The provided password is not correct
  */
-exports.doubleCheckPassword = async (socket, currentPassword) => {
+exports.doubleCheckPassword = async (userID, currentPassword) => {
     if (typeof currentPassword !== "string") {
         throw new Error("Wrong data type?");
     }
 
-    let user = await R.findOne("user", " id = ? AND active = 1 ", [
-        socket.userID,
-    ]);
+    let user = await R.findOne("user", " id = ? ", [ userID ]);
 
     if (!user || !passwordHash.verify(currentPassword, user.password)) {
         throw new Error("Incorrect current password");
diff --git a/src/components/settings/Security.vue b/src/components/settings/Security.vue
index 5d8aed85b3..3d900cee48 100644
--- a/src/components/settings/Security.vue
+++ b/src/components/settings/Security.vue
@@ -171,7 +171,7 @@ export default {
             } else {
                 this.$root
                     .getSocket()
-                    .emit("changePassword", this.password, (res) => {
+                    .emit("changePassword", this.$root.userID, this.password, (res) => {
                         this.$root.toastRes(res);
                         if (res.ok) {
                             this.password.currentPassword = "";
diff --git a/src/components/settings/Users/AddUser.vue b/src/components/settings/Users/AddUser.vue
new file mode 100644
index 0000000000..5f38420b88
--- /dev/null
+++ b/src/components/settings/Users/AddUser.vue
@@ -0,0 +1,94 @@
+<template>
+    <h4 class="mt-4">
+        {{ $t("Create an admin account") }}
+    </h4>
+
+    <form data-cy="setup-form" @submit.prevent="create">
+        <div class="my-3">
+            <label class="form-label d-block">
+                {{ $t("Username") }}
+                <input
+                    v-model="username"
+                    type="text"
+                    class="form-control mt-2"
+                    :placeholder="$t('Username')"
+                    required
+                    :disabled="creating"
+                    data-cy="username-input"
+                >
+            </label>
+        </div>
+
+        <div class="mb-3">
+            <label class="form-label d-block">
+                {{ $t("Password") }}
+                <input
+                    v-model="password"
+                    type="password"
+                    class="form-control mt-2"
+                    :placeholder="$t('Password')"
+                    required
+                    :disabled="creating"
+                    data-cy="password-input"
+                >
+            </label>
+        </div>
+
+        <div class="mb-3">
+            <label class="form-label d-block">
+                {{ $t("Repeat Password") }}
+                <input
+                    v-model="repeatPassword"
+                    type="password"
+                    class="form-control mt-2"
+                    :placeholder="$t('Repeat Password')"
+                    required
+                    :disabled="creating"
+                    data-cy="password-repeat-input"
+                >
+            </label>
+        </div>
+
+        <button class="btn btn-primary" type="submit" :disabled="creating" data-cy="submit-create-admin-form">
+            <span v-show="creating" class="spinner-border spinner-border-sm" role="status" aria-hidden="true" />
+            {{ $t("Create") }}
+        </button>
+    </form>
+</template>
+
+<script>
+import { useToast } from "vue-toastification";
+const toast = useToast();
+
+export default {
+    data: () => ({
+        creating: false,
+        username: "",
+        password: "",
+        repeatPassword: "",
+    }),
+
+    methods: {
+        /**
+         * Create an admin account
+         * @returns {void}
+         */
+        create() {
+            this.creating = true;
+
+            if (this.password !== this.repeatPassword) {
+                toast.error(this.$t("PasswordsDoNotMatch"));
+                this.creating = false;
+                return;
+            }
+
+            this.$root.getSocket().emit("setup", this.username, this.password, (res) => {
+                this.creating = false;
+                this.$root.toastRes(res);
+
+                res.ok && this.$router.push({ name: "settings.users" });
+            });
+        },
+    },
+};
+</script>
diff --git a/src/components/settings/Users/EditUser.vue b/src/components/settings/Users/EditUser.vue
new file mode 100644
index 0000000000..59a8a17471
--- /dev/null
+++ b/src/components/settings/Users/EditUser.vue
@@ -0,0 +1,205 @@
+<template>
+    <div v-if="loading" class="d-flex align-items-center justify-content-center my-3 spinner">
+        <font-awesome-icon icon="spinner" size="2x" spin />
+    </div>
+
+    <template v-else>
+        <h5 class="my-4 settings-subheading">{{ $t("Identity") }}</h5>
+        <form @submit.prevent="save({ username })">
+            <label class="form-label d-block mb-3">
+                {{ $t("Username") }}
+                <input
+                    v-model="username"
+                    :placeholder="$t('Username')"
+                    class="form-control mt-2"
+                    required
+                    :disabled="saving"
+                />
+            </label>
+
+            <button class="btn btn-primary" type="submit" :disabled="saving">
+                <span v-show="saving" class="spinner-border spinner-border-sm" role="status" aria-hidden="true" />
+                {{ $t("Update Username") }}
+            </button>
+        </form>
+
+        <h5 class="mt-5 mb-4 settings-subheading">{{ $t("Change Password") }}</h5>
+        <form class="mb-3" @submit.prevent="savePassword">
+            <div class="mb-3">
+                <label class="form-label d-block">
+                    {{ $t("Current Password") }}
+                    <input
+                        v-model="currentPassword"
+                        type="password"
+                        :placeholder="$t('Current Password')"
+                        class="form-control mt-2"
+                        required
+                        :disabled="savingPassword"
+                    />
+                </label>
+            </div>
+
+            <div class="mb-3">
+                <label class="form-label d-block">
+                    {{ $t("New Password") }}
+                    <input
+                        v-model="newPassword"
+                        type="password"
+                        :placeholder="$t('New Password')"
+                        class="form-control mt-2"
+                        required
+                        :disabled="savingPassword"
+                    />
+                </label>
+            </div>
+
+            <div class="mb-3">
+                <label class="form-label d-block">
+                    {{ $t("Repeat New Password") }}
+                    <input
+                        v-model="repeatNewPassword"
+                        type="password"
+                        :placeholder="$t('Repeat New Password')"
+                        class="form-control mt-2"
+                        required
+                        :disabled="savingPassword"
+                    />
+                </label>
+            </div>
+
+            <button class="btn btn-primary" type="submit" :disabled="savingPassword">
+                <span v-show="savingPassword" class="spinner-border spinner-border-sm" role="status" aria-hidden="true" />
+                {{ $t("Update Password") }}
+            </button>
+        </form>
+
+        <h5 class="mt-5 mb-4 settings-subheading">{{ $t("Permissions") }}</h5>
+        <div class="form-check form-switch">
+            <label class="form-check-label">
+                <input
+                    :checked="active"
+                    class="form-check-input"
+                    style="scale: 1.4; cursor: pointer;"
+                    type="checkbox"
+                    :disabled="saving"
+                    @click="debounceCheckboxClick(() => { active = !active; save({ active }); })"
+                >
+                <div class="ps-2">{{ $t("Active") }}</div>
+            </label>
+        </div>
+    </template>
+</template>
+
+<script>
+import { Debounce } from "../../../util-frontend.js";
+import { useToast } from "vue-toastification";
+const toast = useToast();
+
+export default {
+    props: {
+        id: {
+            type: String,
+            required: true
+        }
+    },
+
+    data: () => ({
+        loading: false,
+        username: "",
+        saving: false,
+        currentPassword: "",
+        newPassword: "",
+        repeatNewPassword: "",
+        savingPassword: false,
+        active: false
+    }),
+
+    mounted() {
+        this.getUser();
+    },
+
+    methods: {
+        // Used to ignore one of the two "click" events fired when clicking on the checkbox label
+        debounceCheckboxClick: new Debounce(),
+
+        /**
+         * Get user from server
+         * @returns {void}
+         */
+        getUser() {
+            this.loading = true;
+            this.$root.getSocket().emit("getUser", this.id, (res) => {
+                this.loading = false;
+                if (res.ok) {
+                    const { username, active } = res.user;
+
+                    this.username = username;
+                    this.active = active;
+                } else {
+                    toast.error(res.msg);
+                }
+            });
+        },
+
+        /**
+         * Check new passwords match before saving it
+         * @returns {void}
+         */
+        savePassword() {
+            this.savingPassword = true;
+            const { currentPassword, newPassword, repeatNewPassword } = this;
+
+            if (newPassword !== repeatNewPassword) {
+                toast.error(this.$t("PasswordsDoNotMatch"));
+                this.savingPassword = false;
+                return;
+            }
+
+            this.$root
+                .getSocket()
+                .emit(
+                    "changePassword",
+                    this.id,
+                    {
+                        currentPassword,
+                        newPassword
+                    },
+                    (res) => {
+                        this.savingPassword = false;
+                        this.$root.toastRes(res);
+
+                        if (res.ok) {
+                            this.currentPassword = "";
+                            this.newPassword = "";
+                            this.repeatNewPassword = "";
+                        }
+                    });
+
+        },
+
+        /**
+         * Save user changes
+         * @param {object} user user to save
+         * @param {string} [user.username] username used as login identifier.
+         * @param {boolean} [user.active] is the user authorized to login?
+         * @returns {void}
+         */
+        save(user) {
+            this.saving = true;
+
+            this.$root
+                .getSocket()
+                .emit(
+                    "saveUser",
+                    {
+                        id: this.id,
+                        ...user
+                    },
+                    (res) => {
+                        this.saving = false;
+                        this.$root.toastRes(res);
+                    });
+        },
+    },
+};
+</script>
diff --git a/src/components/settings/Users/Users.vue b/src/components/settings/Users/Users.vue
new file mode 100644
index 0000000000..e367fd76d7
--- /dev/null
+++ b/src/components/settings/Users/Users.vue
@@ -0,0 +1,153 @@
+<template>
+    <div class="my-4">
+        <div class="mx-0 mx-lg-4 pt-1 mb-4">
+            <button class="btn btn-primary" @click="$router.push({ name: 'settings.users.add' })">
+                <font-awesome-icon icon="plus" /> {{ $t("Add New User") }}
+            </button>
+        </div>
+
+        <div v-if="loading" class="d-flex align-items-center justify-content-center my-3 spinner">
+            <font-awesome-icon icon="spinner" size="2x" spin />
+        </div>
+
+        <div v-else class="my-3">
+            <RouterLink
+                v-for="({ id, username, active }, index) in usersList"
+                :key="id"
+                class="d-flex align-items-center mx-0 mx-lg-4 py-1 text-decoration-none users-list-row"
+                :to="{ name: 'settings.users.edit', params: { id } }"
+            >
+                <div class="col-10 col-sm-5 m-2 flex-shrink-1 fw-bold">
+                    {{ username }}
+                </div>
+                <div class="col-5 px-1 flex-shrink-1 d-none d-sm-flex gap-2 align-items-center">
+                    <font-awesome-icon :class="active ? 'text-success' : 'text-muted'" :icon="active ? 'check-circle' : 'times-circle'" />
+                    <div>{{ $t(active ? "Active" : "Inactive") }}</div>
+                </div>
+                <div class="col-2 pe-2 pe-lg-3 d-flex justify-content-end">
+                    <button
+                        type="button"
+                        class="btn-ban-user btn ms-2 py-1"
+                        :class="active ? 'btn-outline-danger' : 'btn-outline-success'"
+                        :disabled="processing"
+                        @click.prevent="active ? disableConfirm(usersList[index]) : toggleActiveUser(usersList[index])"
+                    >
+                        <font-awesome-icon class="" :icon="active ? 'user-slash' : 'user-check'" />
+                    </button>
+                </div>
+            </RouterLink>
+        </div>
+
+        <Confirm
+            ref="confirmDisable"
+            btn-style="btn-danger"
+            :yes-text="$t('Yes')"
+            :no-text="$t('No')"
+            @yes="toggleActiveUser(disablingUser)"
+            @no="disablingUser = null"
+        >
+            {{ $t("confirmDisableUserMsg") }}
+        </Confirm>
+    </div>
+</template>
+
+<script>
+import { useToast } from "vue-toastification";
+import Confirm from "../../Confirm.vue";
+const toast = useToast();
+
+export default {
+    components: { Confirm },
+
+    data: () => ({
+        loading: false,
+        processing: false,
+        usersList: null,
+        disablingUser: null,
+    }),
+
+    mounted() {
+        this.getUsers();
+    },
+
+    methods: {
+        /**
+         * Get list of users from server
+         * @returns {void}
+         */
+        getUsers() {
+            this.loading = true;
+            this.$root.getSocket().emit("getUsers", (res) => {
+                this.loading = false;
+                if (res.ok) {
+                    this.usersList = res.users;
+                } else {
+                    toast.error(res.msg);
+                }
+            });
+        },
+
+        /**
+         * Show confirmation for disabling a user
+         * @param {object} user the user to confirm disable in the local usersList
+         * @returns {void}
+         */
+        disableConfirm(user) {
+            this.disablingUser = user;
+            this.$refs.confirmDisable.show();
+        },
+
+        /**
+         * Disable a user from server
+         * @param {object} user the user to disable in the local usersList
+         * @param {boolean} user.active is the user authorized to login?
+         * @returns {void}
+         */
+        toggleActiveUser({ active, ...rest }) {
+            this.processing = true;
+            this.$root.getSocket().emit(
+                "saveUser",
+                {
+                    ...rest,
+                    active: !active
+                },
+                (res) => {
+                    this.$root.toastRes(res);
+                    this.processing = false;
+                    this.disablingUser &&= null;
+
+                    if (res.ok) {
+                        this.getUsers();
+                    }
+                });
+        },
+    },
+};
+</script>
+
+<style lang="scss" scoped>
+@import "../../../assets/vars.scss";
+
+.btn-ban-user {
+    padding-left: 7px;
+    padding-right: 7px;
+}
+
+.users-list-row {
+    cursor: pointer;
+    border-top: 1px solid rgba(0, 0, 0, 0.125);
+
+    .dark & {
+        border-top: 1px solid $dark-border-color;
+    }
+
+    &:hover {
+        background-color: $highlight-white;
+    }
+
+    .dark &:hover {
+        background-color: $dark-bg2;
+    }
+}
+
+</style>
diff --git a/src/components/settings/Users/routes.js b/src/components/settings/Users/routes.js
new file mode 100644
index 0000000000..6d35174558
--- /dev/null
+++ b/src/components/settings/Users/routes.js
@@ -0,0 +1,29 @@
+import { h } from "vue";
+import { RouterView } from "vue-router";
+
+// Needed for settings enter/leave CSS animation
+const AnimatedRouterView = () => h("div", [ h(RouterView) ]);
+AnimatedRouterView.displayName = "AnimatedRouterView";
+
+export default {
+    path: "users",
+    component: AnimatedRouterView,
+    children: [
+        {
+            path: "",
+            name: "settings.users",
+            component: () => import("./Users.vue")
+        },
+        {
+            path: "add",
+            name: "settings.users.add",
+            component: () => import("./AddUser.vue")
+        },
+        {
+            path: "edit/:id",
+            name: "settings.users.edit",
+            props: true,
+            component: () => import("./EditUser.vue")
+        },
+    ]
+};
diff --git a/src/icon.js b/src/icon.js
index 7bdfe1ca02..b404827832 100644
--- a/src/icon.js
+++ b/src/icon.js
@@ -50,6 +50,8 @@ import {
     faInfoCircle,
     faClone,
     faCertificate,
+    faUserSlash,
+    faUserCheck,
 } from "@fortawesome/free-solid-svg-icons";
 
 library.add(
@@ -97,6 +99,8 @@ library.add(
     faInfoCircle,
     faClone,
     faCertificate,
+    faUserSlash,
+    faUserCheck,
 );
 
 export { FontAwesomeIcon };
diff --git a/src/lang/en.json b/src/lang/en.json
index c07e06fab4..81fecfae0e 100644
--- a/src/lang/en.json
+++ b/src/lang/en.json
@@ -1051,5 +1051,12 @@
     "From":"From",
     "Can be found on:": "Can be found on: {0}",
     "The phone number of the recipient in E.164 format.": "The phone number of the recipient in E.164 format.",
-    "Either a text sender ID or a phone number in E.164 format if you want to be able to receive replies.":"Either a text sender ID or a phone number in E.164 format if you want to be able to receive replies."
-}
+    "Either a text sender ID or a phone number in E.164 format if you want to be able to receive replies.": "Either a text sender ID or a phone number in E.164 format if you want to be able to receive replies.",
+    "Users": "Users",
+    "Add New User": "Add New User",
+    "confirmDisableUserMsg": "Are you sure you want to disable this user? The user will not be able to login anymore.",
+    "Create an admin account": "Create an admin account",
+    "Identity": "Identity",
+    "Update Username": "Update Username",
+    "Permissions": "Permissions"
+}
\ No newline at end of file
diff --git a/src/mixins/socket.js b/src/mixins/socket.js
index 3272e042c3..b3afa76071 100644
--- a/src/mixins/socket.js
+++ b/src/mixins/socket.js
@@ -33,6 +33,7 @@ export default {
                 connectCount: 0,
                 initedSocketIO: false,
             },
+            userID: null,
             username: null,
             remember: (localStorage.remember !== "0"),
             allowLoginDialog: false,        // Allowed to show login dialog, but "loggedIn" have to be true too. This exists because prevent the login dialog show 0.1s in first before the socket server auth-ed.
@@ -407,8 +408,11 @@ export default {
                 if (res.ok) {
                     this.storage().token = res.token;
                     this.socket.token = res.token;
+
+                    const { userID, username } = this.getJWTPayload() || {};
+                    this.userID = userID;
+                    this.username = username;
                     this.loggedIn = true;
-                    this.username = this.getJWTPayload()?.username;
 
                     // Trigger Chrome Save Password
                     history.pushState({}, "");
@@ -430,8 +434,10 @@ export default {
                 if (! res.ok) {
                     this.logout();
                 } else {
+                    const { userID, username } = this.getJWTPayload() || {};
+                    this.userID = userID;
+                    this.username = username;
                     this.loggedIn = true;
-                    this.username = this.getJWTPayload()?.username;
                 }
             });
         },
@@ -445,6 +451,7 @@ export default {
             this.storage().removeItem("token");
             this.socket.token = null;
             this.loggedIn = false;
+            this.userID = null;
             this.username = null;
             this.clearData();
         },
diff --git a/src/pages/Settings.vue b/src/pages/Settings.vue
index 96bb1fee13..6dbd88271a 100644
--- a/src/pages/Settings.vue
+++ b/src/pages/Settings.vue
@@ -35,9 +35,20 @@
                     </a>
                 </div>
                 <div class="settings-content col-lg-9 col-md-7">
-                    <div v-if="currentPage" class="settings-content-header">
-                        {{ subMenus[currentPage].title }}
-                    </div>
+                    <nav aria-label="breadcrumb">
+                        <ol class="breadcrumb settings-content-header">
+                            <li
+                                v-for="{ path, title, active } in breadcrumbs"
+                                :key="path"
+                                class="breadcrumb-item"
+                                v-bind="active ? { 'aria-current': 'page' } : {}"
+                                aria-current="page"
+                            >
+                                <template v-if="active">{{ title }}</template>
+                                <RouterLink v-else :to="path">{{ title }}</RouterLink>
+                            </li>
+                        </ol>
+                    </nav>
                     <div class="mx-3">
                         <router-view v-slot="{ Component }">
                             <transition name="slide-fade" appear>
@@ -54,6 +65,15 @@
 <script>
 import { useRoute } from "vue-router";
 
+/**
+ * Deduplicate an array of objects using the provided key
+ * @param {object[]} arr array of objects to deduplicate
+ * @param {string} key key used for uniqness
+ * @returns {object[]} the deduplicated array
+ */
+const uniqBy = (arr, key) =>
+    [ ...(new Map(arr.map(item => [ item[key], item ]))).values() ];
+
 export default {
     data() {
         return {
@@ -110,6 +130,13 @@ export default {
                 security: {
                     title: this.$t("Security"),
                 },
+                users: {
+                    title: this.$t("Users"),
+                    children: {
+                        add: { title: this.$t("Add") },
+                        edit: { title: this.$t("Edit") }
+                    },
+                },
                 "api-keys": {
                     title: this.$t("API Keys")
                 },
@@ -121,6 +148,44 @@ export default {
                 },
             };
         },
+
+        breadcrumbs: ({ $route, subMenus }) => {
+            // List of setting routes matching the current path
+            // for ex, with path "/settings/users/edit/1", we got:
+            // [
+            //    { path: "/settings/users", ...otherRoutesProps },
+            //    { path: "/settings/users/edit/:id", ...otherRoutesProps }
+            // ]
+            const settingRoutes = uniqBy(
+                $route.matched.filter(({ path }) => /^\/settings\//.test(path)),
+                "path"
+            );
+
+            /**
+             * Get leaf submenu for a given setting path
+             * @param {string} path setting path, ex: "/settings/users/edit/1"
+             * @returns {object} the leaf subMenu corresponding to the given path
+             */
+            const getLeafSubMenu = path => {
+                const pathParts = path.split("/").slice(2);
+
+                // walk through submenus and there children until reaching the corresponding leaf subMenu
+                // ex with "/settings/users/edit/1" we got { title: this.$t("Edit") }
+                // because this path match "users" > "children" > "edit" in subMenus
+                return pathParts.reduce(
+                    (acc, pathPart) =>
+                        acc[pathPart] || acc.children?.[pathPart] || acc,
+                    subMenus
+                );
+            };
+
+            // construct an array of setting routes path joined with submenus
+            return settingRoutes.map(({ path }, idx) => ({
+                path,
+                title: getLeafSubMenu(path).title,
+                active: !settingRoutes[idx + 1],
+            }));
+        }
     },
 
     watch: {
diff --git a/src/router.js b/src/router.js
index bda5078e14..53cf6ac1d1 100644
--- a/src/router.js
+++ b/src/router.js
@@ -27,6 +27,7 @@ import General from "./components/settings/General.vue";
 const Notifications = () => import("./components/settings/Notifications.vue");
 import ReverseProxy from "./components/settings/ReverseProxy.vue";
 import Tags from "./components/settings/Tags.vue";
+import usersSettingsRoutes from "./components/settings/Users/routes.js";
 import MonitorHistory from "./components/settings/MonitorHistory.vue";
 const Security = () => import("./components/settings/Security.vue");
 import Proxies from "./components/settings/Proxies.vue";
@@ -124,6 +125,7 @@ const routes = [
                                 path: "security",
                                 component: Security,
                             },
+                            usersSettingsRoutes,
                             {
                                 path: "api-keys",
                                 component: APIKeys,
diff --git a/src/util-frontend.js b/src/util-frontend.js
index d9bf378e5f..33fc91a643 100644
--- a/src/util-frontend.js
+++ b/src/util-frontend.js
@@ -213,3 +213,22 @@ export function getToastErrorTimeout() {
 
     return errorTimeout;
 }
+
+/**
+ * Get debounced function
+ * @returns {Function} debounced function
+ */
+export function Debounce() {
+    let timeout = null;
+
+    /**
+     * exec callback function after delay if no new call to function happens
+     * @param {Function} callback function to execute after delay
+     * @param {number} [delay=100] delay before execute the callback if no new call to function happens
+     * @returns {void}
+     */
+    return function (callback, delay = 100) {
+        clearTimeout(timeout);
+        timeout = setTimeout(() => callback(), delay);
+    };
+}