diff --git a/crates/backend/src/controller/user.rs b/crates/backend/src/controller/user.rs
index 947272d..3b6d79f 100644
--- a/crates/backend/src/controller/user.rs
+++ b/crates/backend/src/controller/user.rs
@@ -1,6 +1,6 @@
 use actix_web::{
     error::{ErrorInternalServerError, ErrorNotFound, ErrorUnauthorized},
-    web, Responder,
+    web, HttpResponse, Responder,
 };
 use argon2::{
     password_hash::{rand_core::OsRng, PasswordHasher, SaltString},
@@ -102,4 +102,21 @@ impl UserController {
 
         Ok(web::Json(UserWithoutPassword::from(result)))
     }
+
+    pub async fn delete_user(
+        state: web::Data<AppState>,
+        path: web::Path<Uuid>,
+        executor: AuthedUser,
+    ) -> actix_web::Result<impl Responder> {
+        let id = path.into_inner();
+        if !executor.0.admin || executor.0.id == id {
+            return Err(ErrorUnauthorized("Invalid Permissions"));
+        }
+        let db = &state.db;
+        entity::license::Entity::delete_by_id(id)
+            .exec(db)
+            .await
+            .map_err(ErrorInternalServerError)?;
+        Ok(HttpResponse::Ok().finish())
+    }
 }
diff --git a/crates/backend/src/routes.rs b/crates/backend/src/routes.rs
index d279605..35f8700 100644
--- a/crates/backend/src/routes.rs
+++ b/crates/backend/src/routes.rs
@@ -10,7 +10,7 @@ pub fn config(cfg: &mut web::ServiceConfig) {
                     .post(UserController::create_user),
             )
             .route("/users/me", web::get().to(UserController::get_current_user))
-            .service(web::resource("/users/{user_id}"))
+            .service(web::resource("/users/{user_id}").delete(UserController::delete_user))
             .service(
                 web::resource("/licenses")
                     .get(LicenseController::list_groups)