diff --git a/app/dao/services_dao.py b/app/dao/services_dao.py
index 80ff0b815..c67b5b6f9 100644
--- a/app/dao/services_dao.py
+++ b/app/dao/services_dao.py
@@ -16,13 +16,12 @@ def save_model_service(service, update_dict=None):
         update_dict.pop('id', None)
         update_dict.pop('users', None)
         # TODO optimize this algorithm
-        new_users = User.query.filter(User.id.in_(users_list)).all()
-        for x in service.users:
-            if x in new_users:
-                new_users.remove(x)
-            else:
+        for i, x in enumerate(service.users):
+            if x not in users_list:
                 service.users.remove(x)
-        for x in new_users:
+            else:
+                users_list.remove(x)
+        for x in users_list:
             service.users.append(x)
         Service.query.filter_by(id=service.id).update(update_dict)
     else:
diff --git a/app/dao/templates_dao.py b/app/dao/templates_dao.py
index caf4754cc..42ef387fb 100644
--- a/app/dao/templates_dao.py
+++ b/app/dao/templates_dao.py
@@ -9,9 +9,9 @@ from app.models import (Template, Service)
 def save_model_template(template, update_dict=None):
     if update_dict:
         update_dict.pop('id', None)
-        service_id = update_dict.pop('service')
+        service = update_dict.pop('service')
         Template.query.filter_by(id=template.id).update(update_dict)
-        template.service = Service.query.get(service_id)
+        template.service = service
     else:
         db.session.add(template)
     db.session.commit()
diff --git a/app/schemas.py b/app/schemas.py
index 624c676c4..9557f63eb 100644
--- a/app/schemas.py
+++ b/app/schemas.py
@@ -8,17 +8,11 @@ from marshmallow import post_load
 # http://marshmallow.readthedocs.org/en/latest/api_reference.html
 
 
-class UserSchema(ma.ModelSchema):
+class BaseSchema(ma.ModelSchema):
 
     def __init__(self, *args, load_json=False, **kwargs):
         self.load_json = load_json
-        super(UserSchema, self).__init__(*args, **kwargs)
-
-    class Meta:
-        model = models.User
-        exclude = (
-            "updated_at", "created_at", "user_to_service",
-            "_password", "verify_codes")
+        super(BaseSchema, self).__init__(*args, **kwargs)
 
     @post_load
     def make_instance(self, data):
@@ -29,35 +23,46 @@ class UserSchema(ma.ModelSchema):
         """
         if self.load_json:
             return data
-        return super(UserSchema, self).make_instance(data)
+        return super(BaseSchema, self).make_instance(data)
 
 
-# TODO process users list, to return a list of user.id
-# Should that list be restricted by the auth parsed??
-class ServiceSchema(ma.ModelSchema):
+class UserSchema(BaseSchema):
+
+    class Meta:
+        model = models.User
+        exclude = (
+            "updated_at", "created_at", "user_to_service",
+            "_password", "verify_codes")
+
+
+class ServiceSchema(BaseSchema):
+
     class Meta:
         model = models.Service
         exclude = ("updated_at", "created_at", "api_keys", "templates", "jobs", "queue_name")
 
 
-class TemplateSchema(ma.ModelSchema):
+class TemplateSchema(BaseSchema):
+
     class Meta:
         model = models.Template
         exclude = ("updated_at", "created_at", "service_id", "jobs")
 
 
-class ApiKeySchema(ma.ModelSchema):
+class ApiKeySchema(BaseSchema):
+
     class Meta:
         model = models.ApiKey
         exclude = ("service", "secret")
 
 
-class JobSchema(ma.ModelSchema):
+class JobSchema(BaseSchema):
+
     class Meta:
         model = models.Job
 
 
-class VerifyCodeSchema(ma.ModelSchema):
+class VerifyCodeSchema(BaseSchema):
     class Meta:
         model = models.VerifyCode
         exclude = ('user', "_code", "expiry_datetime", "code_used", "created_at")
@@ -67,11 +72,15 @@ user_schema = UserSchema()
 user_schema_load_json = UserSchema(load_json=True)
 users_schema = UserSchema(many=True)
 service_schema = ServiceSchema()
+service_schema_load_json = ServiceSchema(load_json=True)
 services_schema = ServiceSchema(many=True)
 template_schema = TemplateSchema()
+template_schema_load_json = TemplateSchema(load_json=True)
 templates_schema = TemplateSchema(many=True)
 api_key_schema = ApiKeySchema()
+api_key_schema_load_json = ApiKeySchema(load_json=True)
 api_keys_schema = ApiKeySchema(many=True)
 job_schema = JobSchema()
+job_schema_load_json = JobSchema(load_json=True)
 jobs_schema = JobSchema(many=True)
 verify_code_schema = VerifyCodeSchema()
diff --git a/app/service/rest.py b/app/service/rest.py
index c114b5555..af427490f 100644
--- a/app/service/rest.py
+++ b/app/service/rest.py
@@ -13,7 +13,8 @@ from app.dao.templates_dao import (
 from app.dao.api_key_dao import (save_model_api_key, get_model_api_keys, get_unsigned_secret)
 from app.models import ApiKey
 from app.schemas import (
-    services_schema, service_schema, template_schema, templates_schema, api_keys_schema)
+    services_schema, service_schema, template_schema, templates_schema,
+    api_keys_schema, service_schema_load_json, template_schema_load_json)
 
 from flask import Blueprint
 service = Blueprint('service', __name__)
@@ -47,14 +48,9 @@ def update_service(service_id):
         delete_model_service(service)
     else:
         status_code = 200
-        # TODO there has got to be a better way to do the next three lines
-        upd_serv, errors = service_schema.load(request.get_json())
+        update_dict, errors = service_schema_load_json.load(request.get_json())
         if errors:
             return jsonify(result="error", message=errors), 400
-        update_dict, errors = service_schema.dump(upd_serv)
-        # TODO FIX ME
-        # Remove update_service model which is added to db.session
-        db.session.rollback()
         try:
             save_model_service(service, update_dict=update_dict)
         except DAOException as e:
@@ -170,15 +166,9 @@ def update_template(service_id, template_id):
         delete_model_template(template)
     else:
         status_code = 200
-        # TODO there has got to be a better way to do the next three lines
-        upd_temp, errors = template_schema.load(request.get_json())
+        update_dict, errors = template_schema_load_json.load(request.get_json())
         if errors:
             return jsonify(result="error", message=errors), 400
-        upd_temp.service = service
-        update_dict, errors = template_schema.dump(upd_temp)
-        # TODO FIX ME
-        # Remove update_temp model which is added to db.session
-        db.session.rollback()
         try:
             save_model_template(template, update_dict=update_dict)
         except DAOException as e:
diff --git a/tests/app/service/test_rest.py b/tests/app/service/test_rest.py
index a21b04107..89f780363 100644
--- a/tests/app/service/test_rest.py
+++ b/tests/app/service/test_rest.py
@@ -270,7 +270,7 @@ def test_put_service_remove_user(notify_api, notify_db, notify_db_session, sampl
                 "new@digital.cabinet-office.gov.uk")
             data = {
                 'name': sample_service.name,
-                'users': [sample_user.id, another_user.id],
+                'users': [sample_user, another_user],
                 'limit': sample_service.limit,
                 'restricted': sample_service.restricted,
                 'active': sample_service.active}