diff --git a/atst/domain/users.py b/atst/domain/users.py
index 3728c04f..c67c8cbd 100644
--- a/atst/domain/users.py
+++ b/atst/domain/users.py
@@ -5,7 +5,7 @@ from atst.database import db
 from atst.models import User
 
 from .roles import Roles
-from .exceptions import NotFoundError, AlreadyExistsError
+from .exceptions import NotFoundError, AlreadyExistsError, UnauthorizedError
 
 
 class Users(object):
@@ -53,7 +53,7 @@ class Users(object):
         return user
 
     @classmethod
-    def update(cls, user_id, atat_role_name):
+    def update_role(cls, user_id, atat_role_name):
 
         user = Users.get(user_id)
         atat_role = Roles.get(atat_role_name)
@@ -63,3 +63,27 @@ class Users(object):
         db.session.commit()
 
         return user
+
+    _UPDATEABLE_ATTRS = {
+        "first_name",
+        "last_name",
+        "email",
+        "phone_number",
+        "service_branch",
+        "citizenship",
+        "designation",
+        "date_latest_training",
+    }
+
+    @classmethod
+    def update(cls, user, user_delta):
+        if not set(user_delta.keys()).issubset(Users._UPDATEABLE_ATTRS):
+            raise UnauthorizedError(user, "update DOD ID")
+
+        for key, value in user_delta.items():
+            setattr(user, key, value)
+
+        db.session.add(user)
+        db.session.commit()
+
+        return user
diff --git a/templates/base_public.html b/templates/base_public.html
index 006b04e5..f444dff8 100644
--- a/templates/base_public.html
+++ b/templates/base_public.html
@@ -26,7 +26,7 @@
       </a>
 
       {% if g.current_user %}
-        <a href="{{ url_for('atst.user') }}" class="topbar__link">
+        <a href="{{ url_for('users.user') }}" class="topbar__link">
           <span class="topbar__link-label">{{ g.current_user.first_name + " " + g.current_user.last_name }}</span>
           {{ Icon('avatar', classes='topbar__link-icon') }}
         </a>
diff --git a/tests/domain/test_users.py b/tests/domain/test_users.py
index 145e8f93..51cfaaac 100644
--- a/tests/domain/test_users.py
+++ b/tests/domain/test_users.py
@@ -2,7 +2,7 @@ import pytest
 from uuid import uuid4
 
 from atst.domain.users import Users
-from atst.domain.exceptions import NotFoundError, AlreadyExistsError
+from atst.domain.exceptions import NotFoundError, AlreadyExistsError, UnauthorizedError
 
 DOD_ID = "my_dod_id"
 
@@ -52,20 +52,32 @@ def test_get_user_by_dod_id():
     assert user == new_user
 
 
-def test_update_user():
+def test_update_role():
     new_user = Users.create(DOD_ID, "developer")
-    updated_user = Users.update(new_user.id, "ccpo")
+    updated_user = Users.update_role(new_user.id, "ccpo")
 
     assert updated_user.atat_role.name == "ccpo"
 
 
-def test_update_nonexistent_user():
+def test_update_role_with_nonexistent_user():
     Users.create(DOD_ID, "developer")
     with pytest.raises(NotFoundError):
-        Users.update(uuid4(), "ccpo")
+        Users.update_role(uuid4(), "ccpo")
 
 
 def test_update_existing_user_with_nonexistent_role():
     new_user = Users.create(DOD_ID, "developer")
     with pytest.raises(NotFoundError):
-        Users.update(new_user.id, "nonexistent")
+        Users.update_role(new_user.id, "nonexistent")
+
+
+def test_update_user():
+    new_user = Users.create(DOD_ID, "developer")
+    updated_user = Users.update(new_user, {"first_name": "Jabba"})
+    assert updated_user.first_name == "Jabba"
+
+
+def test_update_user_with_dod_id():
+    new_user = Users.create(DOD_ID, "developer")
+    with pytest.raises(UnauthorizedError):
+        Users.update(new_user, {"dod_id": "1234567890"})