diff --git a/api/src/Controllers/UsersController.cs b/api/src/Controllers/UsersController.cs
new file mode 100644
index 0000000..de66f0b
--- /dev/null
+++ b/api/src/Controllers/UsersController.cs
@@ -0,0 +1,50 @@
+
+// this is basically a demo on roles
+// level 0 can't access the users endpoint at all
+// level 1 has read permissions
+// level 2 has modify permissions
+
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+
+using agologumApi.Models;
+using agologumApi.Services;
+
+[ApiController]
+[Route("api/[controller]")]
+public class UsersController : ControllerBase {
+
+    private readonly UserService service_;
+
+    public UsersController(UserService service) {
+        service_ = service;
+    }
+
+    [Authorize(Roles = "Admin, Superuser")]
+    [HttpGet]
+    public async Task<ActionResult<List<User>>> getUsers() {
+        return Ok(await service_.GetAll());
+    }
+
+    [Authorize(Roles = "Admin, Superuser")]
+    [HttpGet("{id:int}")]
+    public async Task<ActionResult<User>> getUser(int id) {
+
+        var user = await service_.Get(id);
+
+        if (user == null) return NotFound();
+
+        return Ok(user);
+    }
+
+    [Authorize(Roles = "Superuser")]
+    [HttpDelete("{id}")]
+    public async Task<ActionResult> deleteUser(int id) {
+
+        var success = await service_.Delete(id);
+
+        if (!success) return NotFound();
+
+        return NoContent();
+    }
+}
\ No newline at end of file
diff --git a/api/src/Services/UserService.cs b/api/src/Services/UserService.cs
new file mode 100644
index 0000000..6bf5b8d
--- /dev/null
+++ b/api/src/Services/UserService.cs
@@ -0,0 +1,39 @@
+
+using Microsoft.EntityFrameworkCore;
+
+using agologumApi.Models;
+
+namespace agologumApi.Services;
+
+public class UserService {
+
+    private readonly AppDbContext db_;
+
+    public UserService(AppDbContext db) {
+        db_ = db;
+    }
+
+    public async Task<List<User>> GetAll() {
+        return await db_.Users.ToListAsync();
+    }
+
+    public async Task<User?> Get(int id) {
+        return await db_.Users.FindAsync(id);
+    }
+
+    public async Task<User?> Get(string name) {
+        return await db_.Users.FirstOrDefaultAsync(u => u.UserName == name);
+    }
+
+    public async Task<bool> Delete(int id) {
+        User? User = await db_.Users.FindAsync(id);
+        if(User != null) {
+            db_.Users.Remove(User);
+            await db_.SaveChangesAsync();
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+}
\ No newline at end of file