diff --git a/apps/api/src/modules/users/users.service.ts b/apps/api/src/modules/users/users.service.ts
index ebde5e5..f7ccd4e 100644
--- a/apps/api/src/modules/users/users.service.ts
+++ b/apps/api/src/modules/users/users.service.ts
@@ -57,7 +57,12 @@ export const usersService = {
       });
     }
 
-    const updated = await usersRepository.updateUser(userId, patch);
+    // Role-only updates mutate membership only; `patch` stays empty. Running
+    // `updateUser` with `{}` produces invalid SQL (UPDATE … SET with no columns).
+    const updated =
+      Object.keys(patch).length > 0
+        ? await usersRepository.updateUser(userId, patch)
+        : await usersRepository.getUserById(userId);
     if (!updated) {
       throw new NotFoundError("User not found");
     }
diff --git a/apps/api/tests/integration/users.endpoints.test.ts b/apps/api/tests/integration/users.endpoints.test.ts
index 612a69a..4bd0a44 100644
--- a/apps/api/tests/integration/users.endpoints.test.ts
+++ b/apps/api/tests/integration/users.endpoints.test.ts
@@ -124,6 +124,28 @@ describe("PUT /api/v1/users/:userId", () => {
     });
     expect(res.body.createdAt).toBeDefined();
   });
+
+  it("returns 200 when only role changes (no user row patch)", async () => {
+    const admin = await registerUser(adminEmail);
+    adminId = admin.id;
+    const other = await registerUser(otherEmail);
+    otherId = other.id;
+    const adminSession = await loginUser(adminEmail);
+
+    const res = await request(app)
+      .put(`${paths.users}/${other.id}`)
+      .set("Authorization", `Bearer ${adminSession.token}`)
+      .send({ role: "tutor" })
+      .expect("Content-Type", /json/)
+      .expect(200);
+
+    expect(res.body).toMatchObject({
+      id: other.id,
+      email: other.email,
+      role: "tutor",
+    });
+    expect(res.body.createdAt).toBeDefined();
+  });
 });
 
 describe("DELETE /api/v1/users/:userId", () => {
diff --git a/apps/api/tests/unit/users.service.test.ts b/apps/api/tests/unit/users.service.test.ts
index 01149d9..49f7dea 100644
--- a/apps/api/tests/unit/users.service.test.ts
+++ b/apps/api/tests/unit/users.service.test.ts
@@ -122,9 +122,7 @@ describe("usersService updateUser", () => {
     vi.mocked(usersRepository.getUserByIdInOrganization).mockResolvedValue(
       existingUser,
     );
-    vi.mocked(usersRepository.updateUser).mockResolvedValue({
-      ...existingUser,
-    });
+    vi.mocked(usersRepository.getUserById).mockResolvedValue(existingUser);
     vi.mocked(organizationsRepository.findMembership)
       .mockResolvedValueOnce({
         organizationId: "org-1",
@@ -152,7 +150,8 @@ describe("usersService updateUser", () => {
       role: "tutor",
     });
 
-    expect(usersRepository.updateUser).toHaveBeenCalledWith("user-1", {});
+    expect(usersRepository.updateUser).not.toHaveBeenCalled();
+    expect(usersRepository.getUserById).toHaveBeenCalledWith("user-1");
     expect(organizationsRepository.createMembership).toHaveBeenCalledWith({
       organizationId: "org-1",
       userId: "user-1",
diff --git a/apps/web/app/t/[tenantSlug]/(workspace)/organization/page.tsx b/apps/web/app/t/[tenantSlug]/(workspace)/organization/page.tsx
new file mode 100644
index 0000000..99cc8b4
--- /dev/null
+++ b/apps/web/app/t/[tenantSlug]/(workspace)/organization/page.tsx
@@ -0,0 +1,5 @@
+import { TenantOrganizationAdminPage } from "./tenant-organization-admin-page";
+
+export default function OrganizationRoutePage() {
+  return <TenantOrganizationAdminPage />;
+}
diff --git a/apps/web/app/t/[tenantSlug]/(workspace)/organization/tenant-organization-admin-page.tsx b/apps/web/app/t/[tenantSlug]/(workspace)/organization/tenant-organization-admin-page.tsx
new file mode 100644
index 0000000..18decf5
--- /dev/null
+++ b/apps/web/app/t/[tenantSlug]/(workspace)/organization/tenant-organization-admin-page.tsx
@@ -0,0 +1,348 @@
+"use client";
+
+import { zodResolver } from "@hookform/resolvers/zod";
+import type { components } from "@studiqo/api-client/generated";
+import { isStudiqoApiError } from "@studiqo/api-client/errors";
+import Link from "next/link";
+import { useParams } from "next/navigation";
+import { useEffect, useMemo, useState } from "react";
+import { useForm } from "react-hook-form";
+
+import {
+  useAddOrganizationMemberMutation,
+  useOrganizationMembersQuery,
+} from "@/lib/api/organization-members-query";
+import { useOrganizationsQuery } from "@/lib/api/organizations-query";
+import { useUpdateUserMutation } from "@/lib/api/users-mutation";
+import { useSession } from "@/lib/auth/session";
+import { formatIsoDateTime } from "@/lib/datetime";
+import { isOrgAdminOrSuperadmin } from "@/lib/tenant-role";
+import {
+  addOrganizationMemberFormSchema,
+  type AddOrganizationMemberForm,
+  organizationMembershipRoleSchema,
+} from "@/lib/validation/organization-admin-forms";
+
+type OrgMember = components["schemas"]["OrganizationMembership"];
+type OrgRole = components["schemas"]["OrganizationMembershipRole"];
+
+const ROLE_OPTIONS: { value: OrgRole; label: string }[] = [
+  { value: "org_admin", label: "Organization admin" },
+  { value: "tutor", label: "Tutor" },
+  { value: "parent", label: "Parent" },
+];
+
+function MemberRoleRow({
+  member,
+  currentUserId,
+  adminCount,
+  isSaving,
+  onSaveRole,
+}: {
+  member: OrgMember;
+  currentUserId: string | undefined;
+  adminCount: number;
+  isSaving: boolean;
+  onSaveRole: (userId: string, role: OrgRole) => void;
+}) {
+  const [role, setRole] = useState<OrgRole>(member.role);
+
+  useEffect(() => {
+    setRole(member.role);
+  }, [member.role]);
+
+  const isOnlyAdmin =
+    member.role === "org_admin" && adminCount === 1;
+  const locked =
+    currentUserId === member.userId || isOnlyAdmin;
+  const dirty = role !== member.role;
+
+  return (
+    <tr>
+      <td style={{ padding: "10px 12px", borderBottom: "1px solid #eee" }}>
+        {member.email}
+      </td>
+      <td style={{ padding: "10px 12px", borderBottom: "1px solid #eee" }}>
+        <select
+          value={role}
+          disabled={locked}
+          onChange={(e) => {
+            const v = organizationMembershipRoleSchema.safeParse(e.target.value);
+            if (v.success) setRole(v.data);
+          }}
+          style={{ padding: 6, minWidth: 160 }}
+        >
+          {ROLE_OPTIONS.map((o) => (
+            <option key={o.value} value={o.value}>
+              {o.label}
+            </option>
+          ))}
+        </select>
+        {locked ? (
+          <span style={{ display: "block", fontSize: 12, opacity: 0.7, marginTop: 4 }}>
+            {currentUserId === member.userId
+              ? "You cannot change your own role here."
+              : "This organization must keep at least one admin."}
+          </span>
+        ) : null}
+        {!locked && dirty ? (
+          <button
+            type="button"
+            disabled={isSaving}
+            onClick={() => onSaveRole(member.userId, role)}
+            style={{ marginLeft: 10, padding: "6px 12px", fontSize: 13 }}
+          >
+            {isSaving ? "Saving…" : "Save role"}
+          </button>
+        ) : null}
+      </td>
+      <td
+        style={{
+          padding: "10px 12px",
+          borderBottom: "1px solid #eee",
+          fontSize: 13,
+          opacity: 0.85,
+        }}
+      >
+        {formatIsoDateTime(member.createdAt)}
+      </td>
+    </tr>
+  );
+}
+
+export function TenantOrganizationAdminPage() {
+  const params = useParams<{ tenantSlug: string }>();
+  const tenantSlug = params.tenantSlug;
+  const { user } = useSession();
+  const { data: orgs, isLoading: orgsLoading } = useOrganizationsQuery();
+
+  const organizationId = useMemo(() => {
+    return orgs?.find((o) => o.slug === tenantSlug)?.id ?? null;
+  }, [orgs, tenantSlug]);
+
+  const canManage = isOrgAdminOrSuperadmin(user?.role, user?.isSuperadmin ?? false);
+
+  const membersQ = useOrganizationMembersQuery(
+    organizationId,
+    canManage,
+  );
+
+  const addMember = useAddOrganizationMemberMutation(organizationId ?? "");
+  const updateUser = useUpdateUserMutation(organizationId ?? "");
+
+  const [roleSaveError, setRoleSaveError] = useState<string | null>(null);
+  const [addMemberError, setAddMemberError] = useState<string | null>(null);
+
+  const addForm = useForm<AddOrganizationMemberForm>({
+    resolver: zodResolver(addOrganizationMemberFormSchema),
+    defaultValues: { userId: "", role: "tutor" },
+  });
+
+  const adminCount = useMemo(
+    () =>
+      (membersQ.data ?? []).filter((m) => m.role === "org_admin").length,
+    [membersQ.data],
+  );
+
+  async function handleSaveRole(userId: string, role: OrgRole) {
+    setRoleSaveError(null);
+    try {
+      await updateUser.mutateAsync({ userId, body: { role } });
+    } catch (e) {
+      if (isStudiqoApiError(e)) setRoleSaveError(e.message);
+      else setRoleSaveError("Could not update role");
+    }
+  }
+
+  async function onAddMemberSubmit(values: AddOrganizationMemberForm) {
+    setAddMemberError(null);
+    try {
+      await addMember.mutateAsync({
+        userId: values.userId.trim(),
+        role: values.role,
+      });
+      addForm.reset({ userId: "", role: "tutor" });
+    } catch (e) {
+      if (isStudiqoApiError(e)) setAddMemberError(e.message);
+      else setAddMemberError("Could not add member");
+    }
+  }
+
+  if (!canManage) {
+    return (
+      <main>
+        <h1 style={{ fontSize: 22 }}>Organization members</h1>
+        <p style={{ opacity: 0.85 }}>
+          Only organization admins can view or manage members. Contact an admin
+          if you need changes.
+        </p>
+      </main>
+    );
+  }
+
+  if (orgsLoading) {
+    return (
+      <main>
+        <h1 style={{ fontSize: 22 }}>Organization members</h1>
+        <p>Loading…</p>
+      </main>
+    );
+  }
+
+  if (!organizationId) {
+    return (
+      <main>
+        <h1 style={{ fontSize: 22 }}>Organization members</h1>
+        <p style={{ opacity: 0.85 }}>
+          This workspace does not match an organization in your account.
+        </p>
+      </main>
+    );
+  }
+
+  const listError =
+    membersQ.error && isStudiqoApiError(membersQ.error)
+      ? membersQ.error.message
+      : membersQ.error
+        ? "Could not load members"
+        : null;
+
+  const base = `/t/${tenantSlug}`;
+
+  return (
+    <main>
+      <h1 style={{ fontSize: 22 }}>Organization members</h1>
+      <p style={{ fontSize: 15, opacity: 0.85, maxWidth: 640 }}>
+        Manage roles for accounts already registered in Studiqo. To invite
+        parents by email, use{" "}
+        <Link href={`${base}/invites`} style={{ textDecoration: "underline" }}>
+          Parent invitations
+        </Link>
+        . Adding a member below requires the user&apos;s account ID (UUID), not
+        their email.
+      </p>
+
+      <section style={{ marginTop: 28, maxWidth: 520 }}>
+        <h2 style={{ fontSize: 16, marginBottom: 12 }}>Add member by user ID</h2>
+        <form
+          onSubmit={addForm.handleSubmit(onAddMemberSubmit)}
+          style={{ display: "flex", flexDirection: "column", gap: 10 }}
+        >
+          <label style={{ display: "flex", flexDirection: "column", gap: 4 }}>
+            <span style={{ fontSize: 14 }}>User ID (UUID)</span>
+            <input
+              {...addForm.register("userId")}
+              autoComplete="off"
+              placeholder="00000000-0000-4000-8000-000000000000"
+              style={{ padding: 8, fontFamily: "ui-monospace, monospace" }}
+            />
+            {addForm.formState.errors.userId ? (
+              <span style={{ color: "#b91c1c", fontSize: 12 }}>
+                {addForm.formState.errors.userId.message}
+              </span>
+            ) : null}
+          </label>
+          <label style={{ display: "flex", flexDirection: "column", gap: 4 }}>
+            <span style={{ fontSize: 14 }}>Role</span>
+            <select
+              {...addForm.register("role")}
+              style={{ padding: 8, maxWidth: 280 }}
+            >
+              {ROLE_OPTIONS.map((o) => (
+                <option key={o.value} value={o.value}>
+                  {o.label}
+                </option>
+              ))}
+            </select>
+            {addForm.formState.errors.role ? (
+              <span style={{ color: "#b91c1c", fontSize: 12 }}>
+                {addForm.formState.errors.role.message}
+              </span>
+            ) : null}
+          </label>
+          {addMemberError ? (
+            <p style={{ color: "#b91c1c", fontSize: 14 }}>{addMemberError}</p>
+          ) : null}
+          <button
+            type="submit"
+            disabled={addMember.isPending}
+            style={{ padding: "10px 16px", alignSelf: "flex-start" }}
+          >
+            {addMember.isPending ? "Adding…" : "Add member"}
+          </button>
+        </form>
+      </section>
+
+      <section style={{ marginTop: 40 }}>
+        <h2 style={{ fontSize: 16, marginBottom: 12 }}>Members</h2>
+        {roleSaveError ? (
+          <p style={{ color: "#b91c1c", marginBottom: 12 }}>{roleSaveError}</p>
+        ) : null}
+        {listError ? (
+          <p style={{ color: "#b91c1c" }}>{listError}</p>
+        ) : membersQ.isLoading ? (
+          <p>Loading members…</p>
+        ) : (membersQ.data?.length ?? 0) === 0 ? (
+          <p style={{ opacity: 0.75 }}>No members found.</p>
+        ) : (
+          <div style={{ overflowX: "auto", maxWidth: 900 }}>
+            <table
+              style={{
+                borderCollapse: "collapse",
+                width: "100%",
+                fontSize: 14,
+              }}
+            >
+              <thead>
+                <tr>
+                  <th
+                    style={{
+                      textAlign: "left",
+                      padding: "8px 12px",
+                      borderBottom: "2px solid #ddd",
+                    }}
+                  >
+                    Email
+                  </th>
+                  <th
+                    style={{
+                      textAlign: "left",
+                      padding: "8px 12px",
+                      borderBottom: "2px solid #ddd",
+                    }}
+                  >
+                    Role
+                  </th>
+                  <th
+                    style={{
+                      textAlign: "left",
+                      padding: "8px 12px",
+                      borderBottom: "2px solid #ddd",
+                    }}
+                  >
+                    Member since
+                  </th>
+                </tr>
+              </thead>
+              <tbody>
+                {membersQ.data!.map((member) => (
+                  <MemberRoleRow
+                    key={member.userId}
+                    member={member}
+                    currentUserId={user?.id}
+                    adminCount={adminCount}
+                    isSaving={
+                      updateUser.isPending &&
+                      updateUser.variables?.userId === member.userId
+                    }
+                    onSaveRole={handleSaveRole}
+                  />
+                ))}
+              </tbody>
+            </table>
+          </div>
+        )}
+      </section>
+    </main>
+  );
+}
diff --git a/apps/web/app/t/[tenantSlug]/tenant-chrome.tsx b/apps/web/app/t/[tenantSlug]/tenant-chrome.tsx
index b02e176..7ef5528 100644
--- a/apps/web/app/t/[tenantSlug]/tenant-chrome.tsx
+++ b/apps/web/app/t/[tenantSlug]/tenant-chrome.tsx
@@ -1,6 +1,9 @@
 "use client";
 
+import { useMemo } from "react";
+
 import { TenantNav } from "@/components/tenant-nav";
+import { useOrganizationsQuery } from "@/lib/api/organizations-query";
 import { useSession } from "@/lib/auth/session";
 import { appShellUrl } from "@/lib/urls";
 
@@ -12,6 +15,11 @@ export function TenantChrome({
   children: React.ReactNode;
 }) {
   const { user, logout } = useSession();
+  const { data: orgs } = useOrganizationsQuery();
+  const activeOrg = useMemo(
+    () => orgs?.find((o) => o.slug === tenantSlug),
+    [orgs, tenantSlug],
+  );
 
   return (
     <div style={{ minHeight: "100vh", fontFamily: "system-ui, sans-serif" }}>
@@ -27,7 +35,12 @@ export function TenantChrome({
         }}
       >
         <div style={{ display: "flex", flexDirection: "column", gap: 2 }}>
-          <strong style={{ fontSize: 16 }}>{tenantSlug}</strong>
+          <strong style={{ fontSize: 16 }}>
+            {activeOrg?.name ?? tenantSlug}
+          </strong>
+          {activeOrg ? (
+            <span style={{ fontSize: 12, opacity: 0.65 }}>{activeOrg.slug}</span>
+          ) : null}
           <span style={{ fontSize: 13, opacity: 0.75 }}>
             {user?.email ?? "—"}
             {user?.role ? ` · ${user.role}` : null}
diff --git a/apps/web/components/tenant-nav.tsx b/apps/web/components/tenant-nav.tsx
index c3ac334..7e4fc65 100644
--- a/apps/web/components/tenant-nav.tsx
+++ b/apps/web/components/tenant-nav.tsx
@@ -35,7 +35,7 @@ export function TenantNav({
         <Link href={`${base}/invites`}>Invites</Link>
       ) : null}
       {role === "org_admin" || isSuperadmin ? (
-        <span style={{ opacity: 0.5 }}>More admin (Phase 4)</span>
+        <Link href={`${base}/organization`}>Members</Link>
       ) : null}
     </nav>
   );
diff --git a/apps/web/lib/api/invalidate-tenant-queries.ts b/apps/web/lib/api/invalidate-tenant-queries.ts
new file mode 100644
index 0000000..10d3962
--- /dev/null
+++ b/apps/web/lib/api/invalidate-tenant-queries.ts
@@ -0,0 +1,24 @@
+import type { QueryClient } from "@tanstack/react-query";
+
+/**
+ * Invalidates cached data that depends on the active organization JWT.
+ * Call after switching active org so lists cannot show the previous tenant.
+ */
+export function invalidateTenantScopedQueries(
+  queryClient: QueryClient,
+): void {
+  void queryClient.invalidateQueries({
+    predicate: (q) => {
+      const k = q.queryKey;
+      if (!Array.isArray(k) || k.length === 0) return false;
+      const root = k[0];
+      if (root === "students" || root === "lessons" || root === "subjects") {
+        return true;
+      }
+      if (root === "organizations" && k.length > 1) {
+        return true;
+      }
+      return false;
+    },
+  });
+}
diff --git a/apps/web/lib/api/organization-members-query.ts b/apps/web/lib/api/organization-members-query.ts
index 324995a..8773201 100644
--- a/apps/web/lib/api/organization-members-query.ts
+++ b/apps/web/lib/api/organization-members-query.ts
@@ -1,10 +1,15 @@
 "use client";
 
+import type { components } from "@studiqo/api-client/generated";
 import { unwrapStudiqoResponse } from "@studiqo/api-client/errors";
-import { useQuery } from "@tanstack/react-query";
+import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
 
 import { useSession } from "@/lib/auth/session";
 
+import { organizationQueryKey } from "./organizations-query";
+
+type AddMemberBody = components["schemas"]["AddOrganizationMemberRequest"];
+
 export const organizationMembersQueryKey = (organizationId: string) =>
   ["organizations", organizationId, "members"] as const;
 
@@ -30,3 +35,23 @@ export function useOrganizationMembersQuery(
       Boolean(accessToken),
   });
 }
+
+export function useAddOrganizationMemberMutation(organizationId: string) {
+  const { apiClient } = useSession();
+  const queryClient = useQueryClient();
+  return useMutation({
+    mutationFn: async (body: AddMemberBody) => {
+      const r = await apiClient.POST("/organizations/{organizationId}/members", {
+        params: { path: { organizationId } },
+        body,
+      });
+      return unwrapStudiqoResponse(r);
+    },
+    onSuccess: () => {
+      void queryClient.invalidateQueries({
+        queryKey: organizationMembersQueryKey(organizationId),
+      });
+      void queryClient.invalidateQueries({ queryKey: organizationQueryKey });
+    },
+  });
+}
diff --git a/apps/web/lib/api/organizations-query.ts b/apps/web/lib/api/organizations-query.ts
index fefa0e4..07fa224 100644
--- a/apps/web/lib/api/organizations-query.ts
+++ b/apps/web/lib/api/organizations-query.ts
@@ -5,6 +5,8 @@ import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
 
 import { useSession } from "@/lib/auth/session";
 
+import { invalidateTenantScopedQueries } from "./invalidate-tenant-queries";
+
 export const organizationQueryKey = ["organizations"] as const;
 
 export function useOrganizationsQuery() {
@@ -47,6 +49,7 @@ export function useSetActiveOrganizationMutation() {
       setAccessToken(data.token);
       await refetchUser();
       void queryClient.invalidateQueries({ queryKey: organizationQueryKey });
+      invalidateTenantScopedQueries(queryClient);
     },
   });
 }
diff --git a/apps/web/lib/api/users-mutation.ts b/apps/web/lib/api/users-mutation.ts
new file mode 100644
index 0000000..e47c35e
--- /dev/null
+++ b/apps/web/lib/api/users-mutation.ts
@@ -0,0 +1,30 @@
+"use client";
+
+import type { components } from "@studiqo/api-client/generated";
+import { unwrapStudiqoResponse } from "@studiqo/api-client/errors";
+import { useMutation, useQueryClient } from "@tanstack/react-query";
+
+import { useSession } from "@/lib/auth/session";
+
+import { organizationMembersQueryKey } from "./organization-members-query";
+
+type UpdateUserBody = components["schemas"]["UpdateUserRequest"];
+
+export function useUpdateUserMutation(organizationId: string) {
+  const { apiClient } = useSession();
+  const queryClient = useQueryClient();
+  return useMutation({
+    mutationFn: async (args: { userId: string; body: UpdateUserBody }) => {
+      const r = await apiClient.PUT("/users/{userId}", {
+        params: { path: { userId: args.userId } },
+        body: args.body,
+      });
+      return unwrapStudiqoResponse(r);
+    },
+    onSuccess: () => {
+      void queryClient.invalidateQueries({
+        queryKey: organizationMembersQueryKey(organizationId),
+      });
+    },
+  });
+}
diff --git a/apps/web/lib/validation/organization-admin-forms.ts b/apps/web/lib/validation/organization-admin-forms.ts
new file mode 100644
index 0000000..3439df8
--- /dev/null
+++ b/apps/web/lib/validation/organization-admin-forms.ts
@@ -0,0 +1,16 @@
+import { z } from "zod";
+
+export const organizationMembershipRoleSchema = z.enum([
+  "org_admin",
+  "tutor",
+  "parent",
+]);
+
+export const addOrganizationMemberFormSchema = z.object({
+  userId: z.string().trim().uuid("Enter a valid user ID (UUID)"),
+  role: organizationMembershipRoleSchema,
+});
+
+export type AddOrganizationMemberForm = z.infer<
+  typeof addOrganizationMemberFormSchema
+>;