diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index c8e16f8..b724953 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -24,7 +24,7 @@ class Admin::UsersController < ApplicationController
   end
 
   def update
-    authorize! @user
+    authorize! @user, to: :change_role?
     if @user.update(user_params)
       respond_to do |format|
         format.html { redirect_back(fallback_location: admin_users_path) }