diff --git a/docmanager_backend/accounts/permissions.py b/docmanager_backend/accounts/permissions.py
index 4636fce..6a934f8 100644
--- a/docmanager_backend/accounts/permissions.py
+++ b/docmanager_backend/accounts/permissions.py
@@ -19,7 +19,7 @@ class IsPlanning(BasePermission):
     """
 
     def has_permission(self, request, view):
-        return bool(request.user and request.user.role == "planning")
+        return bool(request.user and request.user.role in ("planning", "admin"))
 
 
 class IsHead(BasePermission):
@@ -28,7 +28,7 @@ class IsHead(BasePermission):
     """
 
     def has_permission(self, request, view):
-        return bool(request.user and request.user.role == "head")
+        return bool(request.user and request.user.role in ("head", "admin"))
 
 
 class IsAdmin(BasePermission):
diff --git a/docmanager_backend/accounts/serializers.py b/docmanager_backend/accounts/serializers.py
index 80384a0..2b809ee 100644
--- a/docmanager_backend/accounts/serializers.py
+++ b/docmanager_backend/accounts/serializers.py
@@ -5,6 +5,15 @@ from django.core import exceptions as django_exceptions
 from rest_framework.settings import api_settings
 
 
+class CustomUserUpdateSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = CustomUser
+        fields = [
+            "role"
+        ]
+
+
 class CustomUserSerializer(serializers.ModelSerializer):
     birthday = serializers.DateField(format="%Y-%m-%d")
 
diff --git a/docmanager_backend/accounts/urls.py b/docmanager_backend/accounts/urls.py
index cd51b53..19e1c0d 100644
--- a/docmanager_backend/accounts/urls.py
+++ b/docmanager_backend/accounts/urls.py
@@ -1,8 +1,9 @@
 from django.urls import include, path
-from .views import CustomUserDeleteView
+from .views import CustomUserDeleteView, CustomUserUpdateView
 
 urlpatterns = [
     path("", include("djoser.urls")),
     path("", include("djoser.urls.jwt")),
     path("users/delete/<int:pk>/", CustomUserDeleteView.as_view()),
+    path("users/update/<int:pk>/", CustomUserUpdateView.as_view()),
 ]
diff --git a/docmanager_backend/accounts/views.py b/docmanager_backend/accounts/views.py
index a8b24f1..ec515c7 100644
--- a/docmanager_backend/accounts/views.py
+++ b/docmanager_backend/accounts/views.py
@@ -1,5 +1,5 @@
 from rest_framework import generics
-from .serializers import CustomUserSerializer
+from .serializers import CustomUserSerializer, CustomUserUpdateSerializer
 from rest_framework.permissions import IsAuthenticated
 from accounts.permissions import IsAdmin
 from .models import CustomUser
@@ -14,3 +14,14 @@ class CustomUserDeleteView(generics.DestroyAPIView):
     serializer_class = CustomUserSerializer
     queryset = CustomUser.objects.all()
     permission_classes = [IsAuthenticated, IsAdmin]
+
+
+class CustomUserUpdateView(generics.UpdateAPIView):
+    """
+    Used by staff to upload documents.
+    """
+
+    http_method_names = ["patch"]
+    serializer_class = CustomUserUpdateSerializer
+    queryset = CustomUser.objects.all()
+    permission_classes = [IsAuthenticated, IsAdmin]