diff --git a/app/main/views/manage_users.py b/app/main/views/manage_users.py
index 7f2e1e2fc..e4a805859 100644
--- a/app/main/views/manage_users.py
+++ b/app/main/views/manage_users.py
@@ -1,5 +1,4 @@
 from itertools import chain
-from collections import OrderedDict
 from flask import (
     request,
     render_template,
@@ -35,14 +34,14 @@ roles = {
 @login_required
 @user_has_permissions('view_activity', admin_override=True)
 def manage_users(service_id):
+    users = user_api_client.get_users_for_service(service_id=service_id)
+    invited_users = [invite for invite in invite_api_client.get_invites_for_service(service_id=service_id)
+                     if invite.status != 'accepted']
     return render_template(
         'views/manage-users.html',
-        users=user_api_client.get_users_for_service(service_id=service_id),
+        users=users,
         current_user=current_user,
-        invited_users=[
-            invite for invite in invite_api_client.get_invites_for_service(service_id=service_id)
-            if invite.status != 'accepted'
-        ]
+        invited_users=invited_users
     )
 
 
@@ -58,8 +57,10 @@ def invite_user(service_id):
         # view_activity is a default role to be added to all users.
         # All users will have at minimum view_activity to allow users to see notifications,
         # templates, team members but no update privileges
-        selected_permissions = [role for role in sorted(roles.keys()) if request.form.get(role) == 'y']
+        selected_permissions = [permissions for role, permissions in roles.items() if request.form.get(role) == 'y']
+        selected_permissions = list(chain.from_iterable(selected_permissions))
         selected_permissions.append('view_activity')
+        selected_permissions.sort()
         permissions = ','.join(selected_permissions)
         invited_user = invite_api_client.create_invite(
             current_user.id,
diff --git a/app/notify_client/user_api_client.py b/app/notify_client/user_api_client.py
index 9293e18bd..ac9e99c22 100644
--- a/app/notify_client/user_api_client.py
+++ b/app/notify_client/user_api_client.py
@@ -99,7 +99,8 @@ class UserApiClient(BaseAPIClient):
 
     def add_user_to_service(self, service_id, user_id, permissions):
         endpoint = '/service/{}/users/{}'.format(service_id, user_id)
-        resp = self.post(endpoint, data={'permissions': permissions})
+        data = [{'permission': x} for x in permissions]
+        resp = self.post(endpoint, data=data)
         return User(resp['data'], max_failed_login_count=self.max_failed_login_count)
 
     def set_user_permissions(self, user_id, service_id, permissions):
diff --git a/tests/app/main/views/test_manage_users.py b/tests/app/main/views/test_manage_users.py
index 860f303e3..e090d443d 100644
--- a/tests/app/main/views/test_manage_users.py
+++ b/tests/app/main/views/test_manage_users.py
@@ -160,11 +160,13 @@ def test_invite_user(
         assert page.h1.string.strip() == 'Team members'
         flash_banner = page.find('div', class_='banner-default-with-tick').string.strip()
         assert flash_banner == 'Invite sent to test@example.gov.uk'
-        excpected_permissions = 'manage_api_keys,manage_service,send_messages,view_activity'
+
+        expected_permissions = 'manage_api_keys,manage_settings,manage_templates,manage_users,send_emails,send_letters,send_texts,view_activity'  # noqa
+
         app.invite_api_client.create_invite.assert_called_once_with(sample_invite['from_user'],
                                                                     sample_invite['service'],
                                                                     email_address,
-                                                                    excpected_permissions)
+                                                                    expected_permissions)
 
 
 def test_cancel_invited_user_cancels_user_invitations(app_,