diff --git a/pydatalab/src/pydatalab/routes/v0_1/admin.py b/pydatalab/src/pydatalab/routes/v0_1/admin.py
index c95334073..84296cf69 100644
--- a/pydatalab/src/pydatalab/routes/v0_1/admin.py
+++ b/pydatalab/src/pydatalab/routes/v0_1/admin.py
@@ -6,6 +6,33 @@
 from pydatalab.mongo import flask_mongo
 from pydatalab.permissions import admin_only, get_default_permissions
 
+
+def check_manager_cycle(user_id_str, new_manager_id_str):
+    visited = set()
+    current_id = new_manager_id_str
+
+    while current_id is not None:
+        if current_id == user_id_str:
+            return True
+        if current_id in visited:
+            break
+        visited.add(current_id)
+
+        try:
+            manager = flask_mongo.db.users.find_one({"_id": ObjectId(current_id)})
+            if manager and "managers" in manager and manager["managers"]:
+                if isinstance(manager["managers"], list) and len(manager["managers"]) > 0:
+                    current_id = manager["managers"][0]
+                else:
+                    break
+            else:
+                break
+        except Exception:
+            break
+
+    return False
+
+
 ADMIN = Blueprint("admins", __name__)
 
 
@@ -35,13 +62,22 @@ def get_users():
                             "then": "user",
                             "else": {"$arrayElemAt": ["$role.role", 0]},
                         }
-                    }
+                    },
+                    "immutable_id": {"$ifNull": ["$immutable_id", {"$toString": "$_id"}]},
                 }
             },
         ]
     )
 
-    return jsonify({"status": "success", "data": list(users)})
+    users_list = list(users)
+
+    for user in users_list:
+        if "managers" not in user:
+            user["managers"] = []
+        elif not isinstance(user["managers"], list):
+            user["managers"] = []
+
+    return jsonify({"status": "success", "data": users_list})
 
 
 @ADMIN.route("/roles/<user_id>", methods=["PATCH"])
@@ -93,3 +129,56 @@ def save_role(user_id):
         )
 
     return (jsonify({"status": "success"}), 200)
+
+
+@ADMIN.route("/users/<user_id>/managers", methods=["PATCH"])
+def update_user_managers(user_id):
+    """Update the managers for a specific user using ObjectIds"""
+
+    request_json = request.get_json()
+
+    if request_json is None or "managers" not in request_json:
+        return jsonify({"status": "error", "message": "Managers list not provided"}), 400
+
+    managers = request_json["managers"]
+
+    if not isinstance(managers, list):
+        return jsonify({"status": "error", "message": "Managers must be a list"}), 400
+
+    existing_user = flask_mongo.db.users.find_one({"_id": ObjectId(user_id)})
+    if not existing_user:
+        return jsonify({"status": "error", "message": "User not found"}), 404
+
+    manager_object_ids = []
+    for manager_id in managers:
+        if manager_id:
+            try:
+                manager_oid = ObjectId(manager_id)
+            except Exception:
+                return jsonify(
+                    {"status": "error", "message": f"Invalid manager ID format: {manager_id}"}
+                ), 400
+
+            if not flask_mongo.db.users.find_one({"_id": manager_oid}):
+                return jsonify(
+                    {"status": "error", "message": f"Manager with ID {manager_id} not found"}
+                ), 404
+
+            if check_manager_cycle(user_id, manager_id):
+                return jsonify(
+                    {
+                        "status": "error",
+                        "message": "Cannot assign manager: would create a circular management hierarchy",
+                    }
+                ), 400
+
+            manager_object_ids.append(str(manager_oid))
+
+    update_result = flask_mongo.db.users.update_one(
+        {"_id": ObjectId(user_id)}, {"$set": {"managers": manager_object_ids}}
+    )
+
+    if update_result.matched_count != 1:
+        return jsonify({"status": "error", "message": "Unable to update user managers"}), 400
+
+    return jsonify({"status": "success"}), 200
diff --git a/pydatalab/tests/server/test_manager_assignment.py b/pydatalab/tests/server/test_manager_assignment.py
new file mode 100644
index 000000000..609712ffe
--- /dev/null
+++ b/pydatalab/tests/server/test_manager_assignment.py
@@ -0,0 +1,202 @@
+from bson import ObjectId
+
+
+def test_assign_manager_success(admin_client, real_mongo_client):
+    db = real_mongo_client.get_database()
+
+    user_1 = db.users.insert_one({"display_name": "User 1"})
+    user_1_id = str(user_1.inserted_id)
+
+    user_2 = db.users.insert_one({"display_name": "User 2"})
+    user_2_id = str(user_2.inserted_id)
+
+    db.roles.insert_one({"_id": user_1.inserted_id, "role": "manager"})
+
+    response = admin_client.patch(f"/users/{user_2_id}/managers", json={"managers": [user_1_id]})
+
+    assert response.status_code == 200
+
+    updated_user = db.users.find_one({"_id": user_2.inserted_id})
+    assert user_1_id in updated_user["managers"]
+
+    db.users.delete_many({"_id": {"$in": [user_1.inserted_id, user_2.inserted_id]}})
+    db.roles.delete_one({"_id": user_1.inserted_id})
+
+
+def test_assign_manager_requires_admin(client, real_mongo_client):
+    db = real_mongo_client.get_database()
+
+    user_1 = db.users.insert_one({"display_name": "User 1"})
+    user_1_id = str(user_1.inserted_id)
+
+    user_2 = db.users.insert_one({"display_name": "User 2"})
+    user_2_id = str(user_2.inserted_id)
+
+    response = client.patch(f"/users/{user_2_id}/managers", json={"managers": [user_1_id]})
+
+    assert response.status_code == 403
+
+    db.users.delete_many({"_id": {"$in": [user_1.inserted_id, user_2.inserted_id]}})
+
+
+def test_assign_manager_prevents_direct_cycle(admin_client, real_mongo_client):
+    db = real_mongo_client.get_database()
+
+    user_1 = db.users.insert_one({"display_name": "User 1"})
+    user_1_id = str(user_1.inserted_id)
+
+    user_2 = db.users.insert_one({"display_name": "User 2"})
+    user_2_id = str(user_2.inserted_id)
+
+    db.roles.insert_one({"_id": user_1.inserted_id, "role": "manager"})
+    db.roles.insert_one({"_id": user_2.inserted_id, "role": "manager"})
+
+    response = admin_client.patch(f"/users/{user_2_id}/managers", json={"managers": [user_1_id]})
+    assert response.status_code == 200
+
+    response = admin_client.patch(f"/users/{user_1_id}/managers", json={"managers": [user_2_id]})
+
+    assert response.status_code == 400
+    assert "circular" in response.json["message"].lower()
+
+    db.users.delete_many({"_id": {"$in": [user_1.inserted_id, user_2.inserted_id]}})
+    db.roles.delete_many({"_id": {"$in": [user_1.inserted_id, user_2.inserted_id]}})
+
+
+def test_assign_manager_prevents_deep_cycle(admin_client, real_mongo_client):
+    db = real_mongo_client.get_database()
+
+    user_1 = db.users.insert_one({"display_name": "User 1"})
+    user_1_id = str(user_1.inserted_id)
+
+    user_2 = db.users.insert_one({"display_name": "User 2"})
+    user_2_id = str(user_2.inserted_id)
+
+    user_3 = db.users.insert_one({"display_name": "User 3"})
+    user_3_id = str(user_3.inserted_id)
+
+    for uid in [user_1.inserted_id, user_2.inserted_id, user_3.inserted_id]:
+        db.roles.insert_one({"_id": uid, "role": "manager"})
+
+    admin_client.patch(f"/users/{user_2_id}/managers", json={"managers": [user_1_id]})
+    admin_client.patch(f"/users/{user_3_id}/managers", json={"managers": [user_2_id]})
+
+    response = admin_client.patch(f"/users/{user_1_id}/managers", json={"managers": [user_3_id]})
+
+    assert response.status_code == 400
+    assert "circular" in response.json["message"].lower()
+
+    db.users.delete_many(
+        {"_id": {"$in": [user_1.inserted_id, user_2.inserted_id, user_3.inserted_id]}}
+    )
+    db.roles.delete_many(
+        {"_id": {"$in": [user_1.inserted_id, user_2.inserted_id, user_3.inserted_id]}}
+    )
+
+
+def test_assign_manager_allows_hierarchy(admin_client, real_mongo_client):
+    db = real_mongo_client.get_database()
+
+    user_1 = db.users.insert_one({"display_name": "User 1"})
+    user_1_id = str(user_1.inserted_id)
+
+    user_2 = db.users.insert_one({"display_name": "User 2"})
+    user_2_id = str(user_2.inserted_id)
+
+    user_3 = db.users.insert_one({"display_name": "User 3"})
+    user_3_id = str(user_3.inserted_id)
+
+    for uid in [user_1.inserted_id, user_2.inserted_id]:
+        db.roles.insert_one({"_id": uid, "role": "manager"})
+
+    response = admin_client.patch(f"/users/{user_2_id}/managers", json={"managers": [user_1_id]})
+    assert response.status_code == 200
+
+    response = admin_client.patch(f"/users/{user_3_id}/managers", json={"managers": [user_2_id]})
+    assert response.status_code == 200
+
+    db.users.delete_many(
+        {"_id": {"$in": [user_1.inserted_id, user_2.inserted_id, user_3.inserted_id]}}
+    )
+    db.roles.delete_many({"_id": {"$in": [user_1.inserted_id, user_2.inserted_id]}})
+
+
+def test_remove_manager_assignment(admin_client, real_mongo_client):
+    db = real_mongo_client.get_database()
+
+    user_1 = db.users.insert_one({"display_name": "User 1"})
+    user_1_id = str(user_1.inserted_id)
+
+    user_2 = db.users.insert_one({"display_name": "User 2", "managers": [user_1_id]})
+    user_2_id = str(user_2.inserted_id)
+
+    db.roles.insert_one({"_id": user_1.inserted_id, "role": "manager"})
+
+    response = admin_client.patch(f"/users/{user_2_id}/managers", json={"managers": []})
+
+    assert response.status_code == 200
+
+    updated_user = db.users.find_one({"_id": user_2.inserted_id})
+    assert updated_user["managers"] == []
+
+    db.users.delete_many({"_id": {"$in": [user_1.inserted_id, user_2.inserted_id]}})
+    db.roles.delete_one({"_id": user_1.inserted_id})
+
+
+def test_assign_nonexistent_manager(admin_client, real_mongo_client):
+    db = real_mongo_client.get_database()
+
+    user_1 = db.users.insert_one({"display_name": "User 1"})
+    user_1_id = str(user_1.inserted_id)
+
+    fake_id = str(ObjectId())
+
+    response = admin_client.patch(f"/users/{user_1_id}/managers", json={"managers": [fake_id]})
+
+    assert response.status_code == 404
+
+    db.users.delete_one({"_id": user_1.inserted_id})
+
+
+def test_assign_manager_invalid_format(admin_client, real_mongo_client):
+    db = real_mongo_client.get_database()
+
+    user_1 = db.users.insert_one({"display_name": "User 1"})
+    user_1_id = str(user_1.inserted_id)
+
+    response = admin_client.patch(
+        f"/users/{user_1_id}/managers", json={"managers": ["not-a-valid-id"]}
+    )
+
+    assert response.status_code == 400
+
+    db.users.delete_one({"_id": user_1.inserted_id})
+
+
+def test_manager_can_see_managed_user_items(admin_client, real_mongo_client, user_id):
+    db = real_mongo_client.get_database()
+
+    user_1 = db.users.insert_one({"display_name": "User 1"})
+    user_1_id = str(user_1.inserted_id)
+
+    db.roles.insert_one({"_id": user_1.inserted_id, "role": "manager"})
+
+    response = admin_client.patch(f"/users/{str(user_id)}/managers", json={"managers": [user_1_id]})
+    assert response.status_code == 200
+
+    response = admin_client.post(
+        "/new-sample/", json={"item_id": "test-managed-sample", "type": "samples"}
+    )
+    assert response.status_code == 201
+
+    response = admin_client.get("/get-item-data/test-managed-sample")
+    assert response.status_code == 200
+    refcode = response.json["item_data"]["refcode"]
+
+    response = admin_client.patch(
+        f"/items/{refcode}/permissions", json={"creators": [{"immutable_id": str(user_id)}]}
+    )
+    assert response.status_code == 200
+
+    db.users.delete_one({"_id": user_1.inserted_id})
+    db.roles.delete_one({"_id": user_1.inserted_id})
diff --git a/webapp/src/components/UserTable.vue b/webapp/src/components/UserTable.vue
index cdc426109..91c784d37 100644
--- a/webapp/src/components/UserTable.vue
+++ b/webapp/src/components/UserTable.vue
@@ -1,10 +1,11 @@
 <template>
-  <table class="table table-hover table-sm" data-testid="user-table">
+  <table class="table table-hover table-sm table-responsive-sm" data-testid="user-table">
     <thead>
       <tr>
         <th scope="col">Name</th>
         <th scope="col">Email</th>
         <th scope="col">Role</th>
+        <th scope="col">Managers</th>
         <th scope="col">Actions</th>
       </tr>
     </thead>
@@ -30,15 +31,41 @@
         </td>
         <td align="left">{{ user.contact_email }}</td>
         <td align="left">
-          <select
+          <vSelect
             v-model="user.role"
-            class="dropdown"
-            @change="confirmUpdateUserRole(user._id, $event.target.value)"
+            :options="roleOptions"
+            :clearable="false"
+            :searchable="false"
+            class="form-control p-0 border-0"
+            @update:model-value="(value) => confirmUpdateUserRole(user._id, value)"
+          />
+        </td>
+        <td align="left">
+          <vSelect
+            v-model="user.managers"
+            :options="potentialManagersMap[user._id]"
+            label="display_name"
+            multiple
+            placeholder="No managers"
+            :clearable="false"
+            class="w-100"
+            @update:model-value="(value) => handleManagersChange(user._id, value)"
           >
-            <option value="user">User</option>
-            <option value="admin">Admin</option>
-            <option value="manager">Manager</option>
-          </select>
+            <template #option="option">
+              <div class="d-flex align-items-center">
+                <UserBubble :creator="option" :size="20" />
+                <span class="ml-2">{{ option.display_name }}</span>
+                <span class="ml-auto badge badge-secondary small">{{ option.role }}</span>
+              </div>
+            </template>
+
+            <template #selected-option="option">
+              <div class="d-flex align-items-center">
+                <UserBubble :creator="option" :size="18" />
+                <span class="ml-2 small">{{ option.display_name }}</span>
+              </div>
+            </template>
+          </vSelect>
         </td>
         <td align="left">
           <button
@@ -70,17 +97,37 @@
 
 <script>
 import { DialogService } from "@/services/DialogService";
-
-import { getUsersList, saveRole, saveUser } from "@/server_fetch_utils.js";
+import vSelect from "vue-select";
+import UserBubble from "@/components/UserBubble.vue";
+import { getUsersList, saveRole, saveUser, saveUserManagers } from "@/server_fetch_utils.js";
 
 export default {
+  components: {
+    vSelect,
+    UserBubble,
+  },
+
   data() {
     return {
       users: null,
       original_users: null,
       tempRole: null,
+      roleOptions: ["user", "admin", "manager"],
     };
   },
+  computed: {
+    potentialManagersMap() {
+      if (!this.users) return {};
+      const map = {};
+      this.users.forEach((u) => {
+        map[u.immutable_id] = this.users.filter(
+          (user) =>
+            user._id !== u.immutable_id && (user.role === "admin" || user.role === "manager"),
+        );
+      });
+      return map;
+    },
+  },
   created() {
     this.getUsers();
   },
@@ -88,36 +135,144 @@ export default {
     async getUsers() {
       let data = await getUsersList();
       if (data != null) {
+        const byId = {};
+        data.forEach((u) => {
+          const id = u._id;
+          byId[id] = u;
+        });
+
+        data.forEach((user) => {
+          if (!user.managers) {
+            user.managers = [];
+          }
+
+          user.managers = user.managers
+            .map((m) => {
+              const mid = typeof m === "string" ? m : m._id;
+              return byId[mid];
+            })
+            .filter(Boolean);
+        });
+
         this.users = JSON.parse(JSON.stringify(data));
         this.original_users = JSON.parse(JSON.stringify(data));
       }
     },
+    getPotentialManagers(userId) {
+      if (!this.users) return [];
+
+      const potentials = this.users.filter((u) => {
+        const isEligible =
+          u.immutable_id !== userId && (u.role === "admin" || u.role === "manager");
+        return isEligible;
+      });
+
+      return potentials.sort((a, b) => (a.display_name || "").localeCompare(b.display_name || ""));
+    },
+
     async confirmUpdateUserRole(user_id, new_role) {
       const originalCurrentUser = this.original_users.find((user) => user._id === user_id);
 
-      if (originalCurrentUser.role === "admin") {
+      if (!originalCurrentUser) {
         DialogService.error({
-          title: "Role Change Error",
-          message: "You can't change an admin's role.",
+          title: "Error",
+          message: "Original user not found (id mismatch).",
         });
-        this.users.find((user) => user._id === user_id).role = originalCurrentUser.role;
+        const uiUser = this.users.find((u) => u.immutable_id === user_id);
+        if (uiUser) uiUser.role = uiUser.role || "user";
         return;
       }
 
+      if (originalCurrentUser.role === "admin" && new_role !== "admin") {
+        const confirmed = await DialogService.confirm({
+          title: "Change Admin Role",
+          message: `Are you sure you want to remove admin privileges from ${originalCurrentUser.display_name}?`,
+          type: "warning",
+        });
+        if (!confirmed) {
+          this.users.find((user) => user._id === user_id).role = originalCurrentUser.role;
+          return;
+        }
+      }
+
       const confirmed = await DialogService.confirm({
         title: "Change User Role",
-        message: `Are you sure you want to change ${originalCurrentUser.display_name}'s role to ${new_role}?`,
+        message: `Are you sure you want to change ${originalCurrentUser.display_name}'s role from "${originalCurrentUser.role}" to "${new_role}"?`,
         type: "warning",
       });
+
       if (confirmed) {
-        await this.updateUserRole(user_id, new_role);
+        try {
+          await this.updateUserRole(user_id, new_role);
+        } catch (err) {
+          this.users.find((user) => user._id === user_id).role = originalCurrentUser.role;
+        }
       } else {
         this.users.find((user) => user._id === user_id).role = originalCurrentUser.role;
       }
     },
+
+    async handleManagersChange(userId, managers) {
+      if (!managers) managers = [];
+
+      const managerIds = managers.map((m) => m._id);
+
+      const userIndex = this.users.findIndex((u) => u._id === userId);
+      const originalIndex = this.original_users.findIndex((u) => u._id === userId);
+
+      if (userIndex === -1 || originalIndex === -1) {
+        DialogService.error({
+          title: "Error",
+          message: "User not found.",
+        });
+        return;
+      }
+
+      const originalUser = this.original_users[originalIndex];
+      const originalManagerIds = (originalUser?.managers || []).map((m) => m._id);
+
+      if (JSON.stringify(managerIds.sort()) === JSON.stringify(originalManagerIds.sort())) return;
+
+      const confirmed = await DialogService.confirm({
+        title: "Update Managers",
+        message: `Are you sure you want to update managers for ${this.users[userIndex].display_name}?`,
+        type: "info",
+      });
+
+      if (!confirmed) {
+        this.users[userIndex].managers = [...originalUser.managers];
+        return;
+      }
+
+      try {
+        await saveUserManagers(userId, managerIds);
+
+        const newManagers = this.potentialManagersMap[userId].filter((u) =>
+          managerIds.includes(u._id),
+        );
+
+        this.users[userIndex].managers = newManagers;
+        this.original_users[originalIndex].managers = [...newManagers];
+      } catch (err) {
+        this.users[userIndex].managers = [...originalUser.managers];
+
+        DialogService.error({
+          title: "Error",
+          message: err,
+        });
+      }
+    },
     async confirmUpdateUserStatus(user_id, new_status) {
       const originalCurrentUser = this.original_users.find((user) => user._id === user_id);
 
+      if (!originalCurrentUser) {
+        DialogService.error({
+          title: "Error",
+          message: "Original user not found (id mismatch).",
+        });
+        return;
+      }
+
       const confirmed = await DialogService.confirm({
         title: "Change User Status",
         message: `Are you sure you want to change ${originalCurrentUser.display_name}'s status from "${originalCurrentUser.account_status}" to "${new_status}"?`,
@@ -125,16 +280,23 @@ export default {
       });
       if (confirmed) {
         this.users.find((user) => user._id == user_id).account_status = new_status;
-        await this.updateUserStatus(user_id, new_status);
+        try {
+          await this.updateUserStatus(user_id, new_status);
+        } catch (err) {
+          this.users.find((user) => user._id === user_id).account_status =
+            originalCurrentUser.account_status;
+        }
       } else {
         this.users.find((user) => user._id === user_id).account_status =
           originalCurrentUser.account_status;
       }
     },
+
     async updateUserRole(user_id, user_role) {
       await saveRole(user_id, { role: user_role });
       this.original_users = JSON.parse(JSON.stringify(this.users));
     },
+
     async updateUserStatus(user_id, status) {
       await saveUser(user_id, { account_status: status });
       this.original_users = JSON.parse(JSON.stringify(this.users));
diff --git a/webapp/src/server_fetch_utils.js b/webapp/src/server_fetch_utils.js
index a825182e1..13fa1cb8a 100644
--- a/webapp/src/server_fetch_utils.js
+++ b/webapp/src/server_fetch_utils.js
@@ -657,15 +657,17 @@ export function saveCollection(collection_id) {
 }
 
 export function saveUser(user_id, user) {
-  fetch_patch(`${API_URL}/users/${user_id}`, user)
+  return fetch_patch(`${API_URL}/users/${user_id}`, user)
     .then(function (response_json) {
       if (response_json.status === "success") {
         getUserInfo();
+        return response_json;
       } else {
         DialogService.error({
           title: "Failed to update user",
           message: "User save unsuccessful: " + response_json.detail,
         });
+        throw new Error(response_json.detail || "User save unsuccessful");
       }
     })
     .catch(function (error) {
@@ -673,21 +675,24 @@ export function saveUser(user_id, user) {
         title: "Failed to update user",
         message: `User save unsuccessful: ${error}`,
       });
+      throw error;
     });
 }
 
 export function saveRole(user_id, role) {
-  fetch_patch(`${API_URL}/roles/${user_id}`, role)
+  return fetch_patch(`${API_URL}/roles/${user_id}`, role)
     .then(function (response_json) {
       if (response_json.status !== "success") {
-        throw new Error("Failed to save role: " + response_json.detail);
+        throw new Error("Failed to save role: " + (response_json.detail || response_json.message));
       }
+      return response_json;
     })
     .catch(function (error) {
       DialogService.error({
         title: "Role save failed",
         message: `Role save unsuccessful: ${error}`,
       });
+      throw error;
     });
 }
 
@@ -888,3 +893,17 @@ export async function getSchema(type) {
       throw error;
     });
 }
+
+export function saveUserManagers(user_id, managers) {
+  return fetch_patch(`${API_URL}/users/${user_id}/managers`, { managers })
+    .then((response_json) => {
+      if (response_json.status && response_json.status !== "success") {
+        console.warn("Warning: saveUserManagers response:", response_json);
+      }
+      return response_json;
+    })
+    .catch((error) => {
+      console.error("Managers save failed:", error);
+      throw error;
+    });
+}