diff --git a/app/Filament/Resources/UserResource.php b/app/Filament/Resources/UserResource.php
new file mode 100644
index 0000000..1dafa19
--- /dev/null
+++ b/app/Filament/Resources/UserResource.php
@@ -0,0 +1,71 @@
+<?php
+
+namespace App\Filament\Resources;
+
+use App\Filament\Resources\UserResource\Pages\EditUser;
+use App\Filament\Resources\UserResource\Pages\ListUsers;
+use App\Models\User;
+use Filament\Actions\DeleteAction;
+use Filament\Actions\EditAction;
+use Filament\Forms\Components\TextInput;
+use Filament\Forms\Components\Toggle;
+use Filament\Resources\Resource;
+use Filament\Schemas\Schema;
+use Filament\Tables\Columns\IconColumn;
+use Filament\Tables\Columns\TextColumn;
+use Filament\Tables\Filters\TernaryFilter;
+use Filament\Tables\Table;
+
+class UserResource extends Resource
+{
+    protected static ?string $model = User::class;
+
+    protected static string|\BackedEnum|null $navigationIcon = 'heroicon-o-users';
+
+    protected static ?int $navigationSort = 1;
+
+    public static function form(Schema $schema): Schema
+    {
+        return $schema->components([
+            Toggle::make('is_admin')
+                ->label('Admin')
+                ->helperText('Grants access to this admin panel.'),
+            TextInput::make('postcode')
+                ->label('Postcode')
+                ->maxLength(8),
+        ]);
+    }
+
+    public static function table(Table $table): Table
+    {
+        return $table
+            ->columns([
+                TextColumn::make('name')->searchable()->sortable(),
+                TextColumn::make('email')->searchable()->sortable(),
+                TextColumn::make('postcode')->placeholder('—'),
+                IconColumn::make('is_admin')
+                    ->label('Admin')
+                    ->boolean(),
+                TextColumn::make('created_at')
+                    ->dateTime('d M Y')
+                    ->sortable(),
+            ])
+            ->defaultSort('created_at', 'desc')
+            ->filters([
+                TernaryFilter::make('is_admin')
+                    ->label('Admins only'),
+            ])
+            ->recordActions([
+                EditAction::make(),
+                DeleteAction::make(),
+            ]);
+    }
+
+    public static function getPages(): array
+    {
+        return [
+            'index' => ListUsers::route('/'),
+            'edit' => EditUser::route('/{record}/edit'),
+        ];
+    }
+}
diff --git a/app/Filament/Resources/UserResource/Pages/EditUser.php b/app/Filament/Resources/UserResource/Pages/EditUser.php
new file mode 100644
index 0000000..5b1aa09
--- /dev/null
+++ b/app/Filament/Resources/UserResource/Pages/EditUser.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace App\Filament\Resources\UserResource\Pages;
+
+use App\Filament\Resources\UserResource;
+use Filament\Resources\Pages\EditRecord;
+
+class EditUser extends EditRecord
+{
+    protected static string $resource = UserResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [];
+    }
+}
diff --git a/app/Filament/Resources/UserResource/Pages/ListUsers.php b/app/Filament/Resources/UserResource/Pages/ListUsers.php
new file mode 100644
index 0000000..7e6498e
--- /dev/null
+++ b/app/Filament/Resources/UserResource/Pages/ListUsers.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace App\Filament\Resources\UserResource\Pages;
+
+use App\Filament\Resources\UserResource;
+use Filament\Resources\Pages\ListRecords;
+
+class ListUsers extends ListRecords
+{
+    protected static string $resource = UserResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [];
+    }
+}
diff --git a/app/Models/User.php b/app/Models/User.php
index 821cf23..d080e39 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -14,7 +14,7 @@ use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Str;
 use Laravel\Fortify\TwoFactorAuthenticatable;
 
-#[Fillable(['name', 'email', 'password'])]
+#[Fillable(['name', 'email', 'password', 'is_admin', 'postcode'])]
 #[Hidden(['password', 'two_factor_secret', 'two_factor_recovery_codes', 'remember_token'])]
 class User extends Authenticatable implements FilamentUser
 {
diff --git a/database/migrations/2026_04_04_131727_add_postcode_to_users_table.php b/database/migrations/2026_04_04_131727_add_postcode_to_users_table.php
new file mode 100644
index 0000000..7baff70
--- /dev/null
+++ b/database/migrations/2026_04_04_131727_add_postcode_to_users_table.php
@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->string('postcode', 8)->nullable()->after('is_admin');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('postcode');
+        });
+    }
+};
diff --git a/tests/Feature/Admin/UserResourceTest.php b/tests/Feature/Admin/UserResourceTest.php
new file mode 100644
index 0000000..b115246
--- /dev/null
+++ b/tests/Feature/Admin/UserResourceTest.php
@@ -0,0 +1,44 @@
+<?php
+
+use App\Filament\Resources\UserResource\Pages\EditUser;
+use App\Filament\Resources\UserResource\Pages\ListUsers;
+use App\Models\User;
+use Filament\Actions\DeleteAction;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Livewire\Livewire;
+
+uses(RefreshDatabase::class);
+
+beforeEach(function () {
+    $this->admin = User::factory()->admin()->create();
+    $this->actingAs($this->admin);
+});
+
+it('renders the user list', function () {
+    $users = User::factory()->count(3)->create();
+
+    Livewire::test(ListUsers::class)
+        ->assertOk()
+        ->assertCanSeeTableRecords($users);
+});
+
+it('can toggle is_admin on edit', function () {
+    $user = User::factory()->create(['is_admin' => false]);
+
+    Livewire::test(EditUser::class, ['record' => $user->id])
+        ->fillForm(['is_admin' => true])
+        ->call('save')
+        ->assertHasNoFormErrors();
+
+    expect($user->fresh()->is_admin)->toBeTrue();
+});
+
+it('can delete a user', function () {
+    $user = User::factory()->create();
+
+    Livewire::test(ListUsers::class)
+        ->callTableAction(DeleteAction::class, $user)
+        ->assertHasNoTableActionErrors();
+
+    $this->assertDatabaseMissing('users', ['id' => $user->id]);
+});