diff --git a/config/routes.yaml b/config/routes.yaml
index 97da2f00..4f74a5b1 100644
--- a/config/routes.yaml
+++ b/config/routes.yaml
@@ -22,6 +22,36 @@ user_list:
     path: /users
     controller: App\Controller\UserController::index
 
+user_rows:
+    path: /users/rows
+    controller: App\Controller\UserController::rows
+    methods: [POST]
+
+user_create:
+    path: /users/create
+    controller: App\Controller\UserController::create
+    methods: [GET]
+
+user_create_submit:
+    path: /users/create
+    controller: App\Controller\UserController::createSubmit
+    methods: [POST]
+
+user_update:
+    path: /users/{id}
+    controller: App\Controller\UserController::update
+    methods: [GET]
+
+user_update_submit:
+    path: /users/{id}
+    controller: App\Controller\UserController::updateSubmit
+    methods: [POST]
+
+user_delete:
+    path: /users/{id}
+    controller: App\Controller\UserController::destroy
+    methods: [DELETE]
+
 # roles
 
 role_list:
diff --git a/src/Controller/RoleController.php b/src/Controller/RoleController.php
index 3749a079..cb1bf79a 100644
--- a/src/Controller/RoleController.php
+++ b/src/Controller/RoleController.php
@@ -58,6 +58,8 @@ class RoleController extends BaseController
 
     public function createSubmit(Request $req)
     {
+        // TODO: validation
+
         // create new row
         $em = $this->getDoctrine()->getManager();
         $row = new Role();
@@ -99,6 +101,8 @@ class RoleController extends BaseController
 
     public function updateSubmit(Request $req, $id)
     {
+        // TODO: validation
+        
         // get row data
         $em = $this->getDoctrine()->getManager();
         $row = $em->getRepository(Role::class)->find($id);
diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index 61803a6a..127756dd 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -3,6 +3,13 @@
 namespace App\Controller;
 
 use App\Ramcar\BaseController;
+use App\Entity\User;
+use App\Entity\Role;
+
+use Doctrine\ORM\Query;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
 
 class UserController extends BaseController
 {
@@ -10,6 +17,185 @@ class UserController extends BaseController
     {
         $params = $this->initParameters('user_list');
 
-        return $this->render('home.html.twig', $params);
+        $qb = $this->getDoctrine()
+        	->getRepository(User::class)
+        	->createQueryBuilder('q')
+        	->getQuery();
+
+        // get all rows
+        $rows = $qb->getResult(Query::HYDRATE_ARRAY);
+
+        // response
+        return $this->render('user/list.html.twig', $params);
+    }
+
+    public function rows()
+    {
+    	// build query
+    	$qb = $this->getDoctrine()
+        	->getRepository(User::class)
+        	->createQueryBuilder('q')
+        	->getQuery();
+
+        // get all rows
+        $rows = $qb->getResult(Query::HYDRATE_ARRAY);
+
+        // add crud urls
+        foreach ($rows as $index => $row) {
+            $rows[$index]['update_url'] = $this->generateUrl('user_update', ['id' => $row['id']]);
+            $rows[$index]['delete_url'] = $this->generateUrl('user_delete', ['id' => $row['id']]);
+        }
+
+        // response
+        return $this->json(['data' => $rows]);
+    }
+
+    public function create()
+    {
+        $params = $this->initParameters('user_list');
+
+        // get roles
+        $em = $this->getDoctrine()->getManager();
+        $params['roles'] = $em->getRepository(Role::class)->findAll();
+
+        // response
+        return $this->render('user/form.html.twig', $params);
+    }
+
+    public function createSubmit(Request $req, EncoderFactoryInterface $ef)
+    {
+    	// TODO: validation, compare password fields
+
+        // create new row
+        $em = $this->getDoctrine()->getManager();
+        $row = new User();
+
+        // encode password
+        $enc = $ef->getEncoder($row);
+        $password = $enc->encodePassword($req->request->get('password'), $row->getSalt());
+
+        // set and save values
+        $row->setUsername($req->request->get('username'))
+            ->setFirstName($req->request->get('first_name'))
+            ->setLastName($req->request->get('last_name'))
+            ->setPassword($password)
+            ->setEmail($req->request->get('email'))
+            ->setContactNumber($req->request->get('contact_no'))
+            ->setEnabled($req->request->get('enabled') ? true : false);
+
+        // set roles
+        foreach ($req->request->get('roles') as $role_id) {
+        	// check if role exists
+        	$role = $em->getRepository(Role::class)->find($role_id);
+
+        	if (!empty($role))
+	        	$row->addRole($role);
+        }
+
+        $em->persist($row);
+        $em->flush();
+
+        // set success
+        $this->addFlash(
+            'success',
+            'Changes have been saved!'
+        );
+
+        // response
+        return $this->redirectToRoute('user_list');
+    }
+
+    public function update($id)
+    {
+        $params = $this->initParameters('user_list');
+
+        // get row data
+        $em = $this->getDoctrine()->getManager();
+        $row = $em->getRepository(User::class)->find($id);
+
+        if (empty($row))
+            throw $this->createNotFoundException('The item does not exist');
+
+        // get roles
+        $em = $this->getDoctrine()->getManager();
+        $params['roles'] = $em->getRepository(Role::class)->findAll();
+
+        $params['row'] = $row;
+        $params['values'] = [];
+
+        // response
+        return $this->render('user/form.html.twig', $params);
+    }
+
+    public function updateSubmit(Request $req, EncoderFactoryInterface $ef, $id)
+    {
+        // get row data
+        $em = $this->getDoctrine()->getManager();
+        $row = $em->getRepository(User::class)->find($id);
+
+        if (empty($row))
+            throw $this->createNotFoundException('The item does not exist');
+
+        // set and save values
+        $row->setUsername($req->request->get('username'))
+            ->setFirstName($req->request->get('first_name'))
+            ->setLastName($req->request->get('last_name'))
+            ->setEmail($req->request->get('email'))
+            ->setContactNumber($req->request->get('contact_no'))
+            ->setEnabled($req->request->get('enabled') ? true : false)
+            ->clearRoles();
+
+        // update password if provided
+        $password_input = $req->request->get('password');
+        $confirm_password_input = $req->request->get('confirm_password');
+        
+        if ($password_input || $confirm_password_input) {
+        	// encode password
+	        $enc = $ef->getEncoder($row);
+	        $password = $enc->encodePassword($req->request->get('password'), $row->getSalt());
+
+	        $row->setPassword($password);
+        }
+
+        // set roles
+        foreach ($req->request->get('roles') as $role_id) {
+        	// check if role exists
+        	$role = $em->getRepository(Role::class)->find($role_id);
+
+        	if (!empty($role))
+	        	$row->addRole($role);
+        }
+
+        $em->flush();
+
+        // set success
+        $this->addFlash(
+            'success',
+            'Changes have been saved!'
+        );
+
+        // response
+        return $this->redirectToRoute('user_list');
+    }
+
+    public function destroy($id)
+    {
+    	$params = $this->initParameters('user_list');
+
+        // get row data
+        $em = $this->getDoctrine()->getManager();
+        $row = $em->getRepository(User::class)->find($id);
+
+        if (empty($row))
+            throw $this->createNotFoundException('The item does not exist');
+
+        // delete this row
+        $em->remove($row);
+        $em->flush();
+
+        // response
+        $response = new Response();
+        $response->setStatusCode(Response::HTTP_OK);
+        $response->send();
     }
 }
diff --git a/templates/role/form.html.twig b/templates/role/form.html.twig
index 903e1a38..2b80257c 100644
--- a/templates/role/form.html.twig
+++ b/templates/role/form.html.twig
@@ -13,7 +13,7 @@
     <div class="m-content">
         <!--Begin::Section-->
         <div class="row">
-            <div class="col-xl-6 offset-xl-3">
+            <div class="col-xl-4 offset-xl-4">
             	<div class="m-portlet m-portlet--mobile">
             		<div class="m-portlet__head">
 						<div class="m-portlet__head-caption">
@@ -21,9 +21,6 @@
 								<span class="m-portlet__head-icon">
 									<i class="la la-key"></i>
 								</span>
-								<span class="m-portlet__head-icon m--hide">
-								<i class="la la-gear"></i>
-								</span>
 								<h3 class="m-portlet__head-text">
 									{% if row is defined %}
 										Edit Role
@@ -35,36 +32,33 @@
 							</div>
 						</div>
 					</div>
-                    <form class="m-form" method="post" action="{{ row is defined ? url('role_update_submit', {'id': row.getId()}) : url('role_create_submit') }}">
+                    <form class="m-form m-form--fit m-form--label-align-right m-form--group-seperator-dashed" method="post" action="{{ row is defined ? url('role_update_submit', {'id': row.getId()}) : url('role_create_submit') }}">
 						<div class="m-portlet__body">	
-							<div class="m-form__section m-form__section--first">
-								<div class="form-group m-form__group row{{ error.id is defined ? ' has-danger' }}">
-									<label class="col-lg-3 col-form-label">Role ID:</label>
-									<div class="col-lg-6">
-										<input type="text" name="id" class="form-control m-input{{ error.id is defined ? ' form-control-danger' }}" value="{{ values.id is defined ? values.id : (row is defined ? row.getId()) }}">
-										{% if error.id is defined %}
-											<div class="form-control-feedback">{{ error.id }}</div>
-										{% endif %}
-										<span class="m-form__help">Unique identifier for this role</span>
-									</div>
+							<div class="form-group m-form__group row{{ error.id is defined ? ' has-danger' }}">
+								<label class="col-lg-3 col-form-label">Role ID:</label>
+								<div class="col-lg-9">
+									<input type="text" name="id" class="form-control m-input{{ error.id is defined ? ' form-control-danger' }}" value="{{ values.id is defined ? values.id : (row is defined ? row.getId()) }}">
+									{% if error.id is defined %}
+										<div class="form-control-feedback">{{ error.id }}</div>
+									{% endif %}
+									<span class="m-form__help">Unique identifier for this role</span>
 								</div>
-								<div class="form-group m-form__group row{{ error.name is defined ? ' has-danger' }}">
-									<label class="col-lg-3 col-form-label">Name:</label>
-									<div class="col-lg-6">
-										<input type="text" name="name" class="form-control m-input{{ error.id is defined ? ' form-control-danger' }}" value="{{ values.name is defined ? values.name : (row is defined ? row.getName()) }}">
-										{% if error.name is defined %}
-											<div class="form-control-feedback">{{ error.name }}</div>
-										{% endif %}
-										<span class="m-form__help">Display name for this role</span>
-									</div>
-								</div>	
-				            </div>
+							</div>
+							<div class="form-group m-form__group row{{ error.name is defined ? ' has-danger' }}">
+								<label class="col-lg-3 col-form-label">Name:</label>
+								<div class="col-lg-9">
+									<input type="text" name="name" class="form-control m-input{{ error.id is defined ? ' form-control-danger' }}" value="{{ values.name is defined ? values.name : (row is defined ? row.getName()) }}">
+									{% if error.name is defined %}
+										<div class="form-control-feedback">{{ error.name }}</div>
+									{% endif %}
+									<span class="m-form__help">Display name for this role</span>
+								</div>
+							</div>	
 			            </div>
 			            <div class="m-portlet__foot m-portlet__foot--fit">
-							<div class="m-form__actions m-form__actions">
+							<div class="m-form__actions m-form__actions--solid m-form__actions--right">
 								<div class="row">
-									<div class="col-lg-3"></div>
-									<div class="col-lg-6">
+									<div class="col-lg-12">
 										<button type="submit" class="btn btn-success">Submit</button>
 										<a href="{{ url('role_list') }}" class="btn btn-secondary">Cancel</a>
 									</div>
diff --git a/templates/user/form.html.twig b/templates/user/form.html.twig
new file mode 100644
index 00000000..2e5971b5
--- /dev/null
+++ b/templates/user/form.html.twig
@@ -0,0 +1,157 @@
+{% extends 'base.html.twig' %}
+
+{% block body %}
+	<!-- BEGIN: Subheader -->
+    <div class="m-subheader">
+        <div class="d-flex align-items-center">
+            <div class="mr-auto">
+                <h3 class="m-subheader__title">Users</h3>
+            </div>
+        </div>
+    </div>
+    <!-- END: Subheader -->
+    <div class="m-content">
+        <!--Begin::Section-->
+        <div class="row">
+            <div class="col-xl-8 offset-xl-2">
+            	<div class="m-portlet m-portlet--mobile">
+            		<div class="m-portlet__head">
+						<div class="m-portlet__head-caption">
+							<div class="m-portlet__head-title">
+								<span class="m-portlet__head-icon">
+									<i class="la la-user"></i>
+								</span>
+								<h3 class="m-portlet__head-text">
+									{% if row is defined %}
+										Edit User
+										<small>{{ row.getUsername() }}</small>
+									{% else %}
+										New User
+									{% endif %}
+								</h3>
+							</div>
+						</div>
+					</div>
+                    <form class="m-form m-form--fit m-form--label-align-right m-form--group-seperator-dashed" method="post" action="{{ row is defined ? url('user_update_submit', {'id': row.getId()}) : url('user_create_submit') }}">
+
+						<div class="m-portlet__body">
+							<div class="form-group m-form__group row">
+								<label class="col-lg-2 col-form-label">
+									Username:
+								</label>
+								<div class="col-lg-4{{ error.username is defined ? ' has-danger' }}">
+									<input type="text" name="username" class="form-control m-input{{ error.username is defined ? ' form-control-danger' }}" value="{{ values.username is defined ? values.username : (row is defined ? row.getUsername()) }}">
+									{% if error.username is defined %}
+										<div class="form-control-feedback">{{ error.username }}</div>
+									{% endif %}
+									<span class="m-form__help">Unique alias for this user</span>
+								</div>
+							</div>
+							<div class="form-group m-form__group row">
+								<label class="col-lg-2 col-form-label">
+									First Name:
+								</label>
+								<div class="col-lg-4{{ error.first_name is defined ? ' has-danger' }}">
+									<input type="text" name="first_name" class="form-control m-input{{ error.first_name is defined ? ' form-control-danger' }}" value="{{ values.first_name is defined ? values.first_name : (row is defined ? row.getFirstName()) }}">
+									{% if error.first_name is defined %}
+										<div class="form-control-feedback">{{ error.first_name }}</div>
+									{% endif %}
+								</div>
+								<label class="col-lg-2 col-form-label">
+									Last Name:
+								</label>
+								<div class="col-lg-4{{ error.last_name is defined ? ' has-danger' }}">
+									<input type="text" name="last_name" class="form-control m-input{{ error.last_name is defined ? ' form-control-danger' }}" value="{{ values.last_name is defined ? values.last_name : (row is defined ? row.getLastName()) }}">
+									{% if error.last_name is defined %}
+										<div class="form-control-feedback">{{ error.last_name }}</div>
+									{% endif %}
+								</div>
+							</div>
+							<div class="form-group m-form__group row">
+								<label class="col-lg-2 col-form-label">
+									Password:
+								</label>
+								<div class="col-lg-4{{ error.password is defined ? ' has-danger' }}">
+									<input type="password" name="password" class="form-control m-input{{ error.password is defined ? ' form-control-danger' }}">
+									{% if error.password is defined %}
+										<div class="form-control-feedback">{{ error.password }}</div>
+									{% endif %}
+									{% if row is defined %}
+										<span class="m-form__help">Leave both fields blank for unchanged</span>
+									{% endif %}
+								</div>
+								<label class="col-lg-2 col-form-label">
+									Confirm Password:
+								</label>
+								<div class="col-lg-4{{ error.confirm_password is defined ? ' has-danger' }}">
+									<input type="password" name="confirm_password" class="form-control m-input{{ error.confirm_password is defined ? ' form-control-danger' }}">
+									{% if error.confirm_password is defined %}
+										<div class="form-control-feedback">{{ error.confirm_password }}</div>
+									{% endif %}
+								</div>
+							</div>
+							<div class="form-group m-form__group row">
+								<label class="col-lg-2 col-form-label">
+									E-mail Address:
+								</label>
+								<div class="col-lg-4{{ error.email is defined ? ' has-danger' }}">
+									<input type="email" name="email" class="form-control m-input{{ error.email is defined ? ' form-control-danger' }}" value="{{ values.email is defined ? values.email : (row is defined ? row.getEmail()) }}">
+									{% if error.email is defined %}
+										<div class="form-control-feedback">{{ error.email }}</div>
+									{% endif %}
+								</div>
+								<label class="col-lg-2 col-form-label">
+									Contact Number:
+								</label>
+								<div class="col-lg-4{{ error.contact_no is defined ? ' has-danger' }}">
+									<input type="text" name="contact_no" class="form-control m-input{{ error.contact_no is defined ? ' form-control-danger' }}" value="{{ values.contact_no is defined ? values.contact_no : (row is defined ? row.getContactNumber()) }}">
+									{% if error.contact_no is defined %}
+										<div class="form-control-feedback">{{ error.contact_no }}</div>
+									{% endif %}
+								</div>
+							</div>
+							<div class="form-group m-form__group row">
+								<label class="col-lg-2 col-form-label">
+									Roles:
+								</label>
+								<div class="col-lg-10">
+									<div class="m-checkbox-list">
+										{% for role in roles %}
+										<label class="m-checkbox">
+											<input type="checkbox" name="roles[]" value="{{ role.getID() }}"{{ (values.roles is defined and role.getID() in value.roles) or (row is defined and values.roles is not defined and role.getID() in row.getRoles()) ? ' checked' : '' }}>
+											{{ role.getName() }}
+											<span></span>
+										</label>
+										{% endfor %}
+									</div>
+									<span class="m-form__help">Check all roles that apply</span>
+								</div>
+							</div>
+							<div class="form-group m-form__group row">
+								<label class="col-lg-2 col-form-label">
+									Enabled:
+								</label>
+								<span class="m-switch m-switch--icon">
+									<label>
+										<input type="checkbox" name="enabled" value="1"{{ (values.enabled is defined and values.enabled) or (row is defined and values.enabled is not defined and row.isEnabled()) or (values.enabled is not defined and row is not defined) ? ' checked' }}>
+										<span></span>
+									</label>
+								</span>
+							</div>
+						</div>
+			            <div class="m-portlet__foot m-portlet__foot--fit">
+							<div class="m-form__actions m-form__actions--solid m-form__actions--right">
+								<div class="row">
+									<div class="col-lg-12">
+										<button type="submit" class="btn btn-success">Submit</button>
+										<a href="{{ url('user_list') }}" class="btn btn-secondary">Cancel</a>
+									</div>
+								</div>
+							</div>
+						</div>
+					</form>
+                </div>
+			</div>
+		</div>
+	</div>
+{% endblock %}
\ No newline at end of file
diff --git a/templates/user/list.html.twig b/templates/user/list.html.twig
new file mode 100644
index 00000000..79229e11
--- /dev/null
+++ b/templates/user/list.html.twig
@@ -0,0 +1,179 @@
+{% extends 'base.html.twig' %}
+
+{% block body %}
+	<!-- BEGIN: Subheader -->
+    <div class="m-subheader">
+        <div class="d-flex align-items-center">
+            <div class="mr-auto">
+                <h3 class="m-subheader__title">
+                    Users
+                </h3>
+            </div>
+        </div>
+    </div>
+    <!-- END: Subheader -->
+    <div class="m-content">
+        <!--Begin::Section-->
+        <div class="row">
+            <div class="col-xl-12">
+            	<div class="m-portlet m-portlet--mobile">
+                    <div class="m-portlet__body">
+                    	{% for message in app.flashes('success') %}
+                    	<div class="alert alert-success alert-dismissible fade show" role="alert">
+                    		<button type="button" class="close" data-dismiss="alert" aria-label="Close"></button>
+						  	<strong>Success!</strong> {{ message }}
+						</div>
+                    	{% endfor %}
+                    	<div class="m-form m-form--label-align-right m--margin-top-20 m--margin-bottom-30">
+							<div class="row align-items-center">
+								<div class="col-xl-8 order-2 order-xl-1">
+									<div class="form-group m-form__group row align-items-center">
+										<div class="col-md-4">
+											<div class="m-input-icon m-input-icon--left">
+												<input type="text" class="form-control m-input m-input--solid" placeholder="Search..." id="data-rows-search">
+												<span class="m-input-icon__icon m-input-icon__icon--left">
+													<span><i class="la la-search"></i></span>
+												</span>
+											</div>
+										</div>
+									</div>
+								</div>
+								<div class="col-xl-4 order-1 order-xl-2 m--align-right">
+									<a href="{{ url('user_create') }}" class="btn btn-focus m-btn m-btn--custom m-btn--icon m-btn--air m-btn--pill">
+										<span>
+											<i class="la la-user-plus"></i>
+											<span>New User</span>
+										</span>
+									</a>					
+									<div class="m-separator m-separator--dashed d-xl-none"></div>
+								</div>
+							</div>
+						</div>
+                        <!--begin: Datatable -->
+                        <div id="data-rows"></div>
+                        <!--end: Datatable -->
+                    </div>
+                </div>
+			</div>
+		</div>
+	</div>
+{% endblock %}
+
+{% block scripts %}
+	<script>
+		$(function() {
+			var options = {
+				data: {
+					type: 'remote',
+					source: {
+						read: {
+							url: '{{ url("user_rows") }}',
+							method: 'POST'
+						}
+					}
+				},
+				columns: [
+					{
+						field: 'id',
+						title: 'ID',
+						width: 30
+					},
+					{
+						field: 'username',
+						title: 'Username'
+					},
+					{
+						field: 'first_name',
+						title: 'First Name'
+					},
+					{
+						field: 'last_name',
+						title: 'Last Name'
+					},
+					{
+						field: 'email',
+						title: 'E- mail'
+					},
+					{
+						field: 'contact_num',
+						title: 'Contact No.'
+					},
+					{
+						field: 'enabled',
+						title: 'Status',
+						template: function (row, index, datatable) {
+							var tag = '';
+
+							if (row.enabled === true) {
+								tag = '<span class="m-badge  m-badge--success m-badge--wide">Enabled</span>';
+							} else {
+								tag = '<span class="m-badge  m-badge--danger m-badge--wide">Disabled</span>';
+							}
+
+							return tag;
+						}
+					},
+					{
+						field: 'Actions',
+						width: 110,
+						title: 'Actions',
+						sortable: false,
+						overflow: 'visible',
+						template: function (row, index, datatable) {
+							var actions = '<a href="' + row.update_url + '" class="m-portlet__nav-link btn m-btn m-btn--hover-accent m-btn--icon m-btn--icon-only m-btn--pill btn-edit" data-id="' + row.id + '" title="Edit"><i class="la la-edit"></i></a>';
+
+							if (row.id != 'ROLE_SUPER_ADMIN') {
+								actions += '<a href="' + row.delete_url + '" class="m-portlet__nav-link btn m-btn m-btn--hover-danger m-btn--icon m-btn--icon-only m-btn--pill btn-delete" data-id="' + row.id + '" title="Delete"><i class="la la-trash"></i></a>';
+							}
+							
+							return actions;
+						},
+					}
+				],
+				search: {
+					onEnter: false,
+					input: $('#data-rows-search'),
+					delay: 400
+				},
+				/*
+				serverPaging: true,
+		        serverFiltering: true,
+		        serverSorting: true
+		        */
+			};
+
+			var table = $("#data-rows").mDatatable(options);
+
+			$(document).on('click', '.btn-delete', function(e) {
+				var url = $(this).prop('href');
+				var id = $(this).data('id');
+				var btn = $(this);
+
+				e.preventDefault();
+
+				swal({
+					title: 'Confirmation',
+					text: 'Are you sure you want to delete ' + id + '?',
+					type: 'warning',
+					showCancelButton: true
+				}).then((result) => {
+					if (result.value) {
+						$.ajax({
+							method: "DELETE",
+							url: url
+						}).done(function(response) {
+							table.row(btn.parents('tr')).remove();
+							table.reload();
+						}).fail(function() {
+							swal({
+								title: 'Whoops',
+								text: 'An error occurred while deleting this item. Please contact support.',
+								type: 'error'
+							});
+						});
+					}
+				});
+			});
+		});
+	</script>
+{% endblock %}
\ No newline at end of file