diff --git a/app/models/user.py b/app/models/user.py
index ce7e41842..74745f3c8 100644
--- a/app/models/user.py
+++ b/app/models/user.py
@@ -440,6 +440,13 @@ class User(JSONModel, UserMixin):
     def complete_webauthn_login_attempt(self, is_successful=True):
         return user_api_client.complete_webauthn_login_attempt(self.id, is_successful)
 
+    def is_editable_by(self, other_user):
+        if other_user == self:
+            return False
+        if self.state == 'active':
+            return True
+        return False
+
 
 class InvitedUser(JSONModel):
 
@@ -575,6 +582,9 @@ class InvitedUser(JSONModel):
         # only used on the manage users page to display the count, so okay to not be fully fledged for now
         return [{'id': x} for x in self.folder_permissions]
 
+    def is_editable_by(self, other):
+        return False
+
 
 class InvitedOrgUser(JSONModel):
 
diff --git a/app/templates/views/manage-users.html b/app/templates/views/manage-users.html
index b17469d1c..a8d3daac7 100644
--- a/app/templates/views/manage-users.html
+++ b/app/templates/views/manage-users.html
@@ -73,7 +73,7 @@
               {% if current_user.has_permissions('manage_service') %}
                 {% if user.status == 'pending' %}
                   <a class="user-list-edit-link govuk-link govuk-link--no-visited-state" href="{{ url_for('.cancel_invited_user', service_id=current_service.id, invited_user_id=user.id)}}">Cancel invitation<span class="govuk-visually-hidden"> for {{ user.email_address }}</span></a>
-                {% elif user.state == 'active' and current_user.id != user.id %}
+                {% elif user.is_editable_by(current_user) %}
                   <a class="user-list-edit-link govuk-link govuk-link--no-visited-state" href="{{ url_for('.edit_user_permissions', service_id=current_service.id, user_id=user.id)}}">Change details<span class="govuk-visually-hidden"> for {{ user.name }} {{ user.email_address }}</span></a>
                 {% endif %}
               {% endif %}