diff --git a/aai/models.py b/aai/models.py
index 7ac1e5d9e72f1c0190fb73b3314f315917b1c584..3225491129fb39134fda2506f18f4559dc74cf5b 100644
--- a/aai/models.py
+++ b/aai/models.py
@@ -66,6 +66,7 @@ class Perms(models.Model):
     view_user = NameHandler("aai.view_user")
     manipulate_file = NameHandler("aai.manipulate_file")
     update_user = NameHandler("aai.update_user")
+    delete_user = NameHandler("aai.delete_user")  # only for admin
     export_import = NameHandler("aai.export_import")
 
     class Meta:
@@ -108,6 +109,7 @@ class Perms(models.Model):
                 "Can upload and download files during exercise",
             ),
             ("update_user", "Can add/remove/change user"),
+            ("delete_user", "Can delete user"),
             ("export_import", "Can export and import database"),
         ]
 
diff --git a/rolling-changelog.txt b/rolling-changelog.txt
index 16a7f033c0d4bc4832cece6d415df879a4a247c3..14acedad58a0fd1d6a7374065092ee7703845a12 100644
--- a/rolling-changelog.txt
+++ b/rolling-changelog.txt
@@ -42,3 +42,4 @@ fix: fix SendEmailInput authorization checks
 feat: addition of INJECT_SECRET_KEY env variable #141
 change: set csrf cookie for `/version` endpoint
 feat: endpoint for re-generation of user login credentials #202
+feat: add endpoint for user deletion - accessible only to admin #199
diff --git a/user/schema/mutation.py b/user/schema/mutation.py
index 840dbeeb35645cf1c42f9c7e514138987ed473ea..66224f49ac2a7851dbd596c9b9d728ced71f6b6d 100644
--- a/user/schema/mutation.py
+++ b/user/schema/mutation.py
@@ -279,6 +279,29 @@ class RegenerateCredentialsMutation(graphene.Mutation):
         return RegenerateCredentialsMutation(operation_done=True)
 
 
+class DeleteUsersMutation(graphene.Mutation):
+    class Arguments:
+        user_ids = graphene.List(
+            graphene.ID,
+            required=True,
+            description="IDs of the users to be deleted",
+        )
+
+    operation_done = graphene.Boolean()
+
+    @classmethod
+    @protected(Perms.delete_user.full_name)
+    def mutate(cls, root, info, user_ids: List[str]) -> graphene.Mutation:
+        users = User.objects.filter(id__in=user_ids)
+        if not settings.NOAUTH or not info.context.user.is_anonymous:
+            users = users.exclude(id=info.context.user.id)
+        logger.info(
+            log_user_msg(info.context, info.context.user) + f"deleted: {users}"
+        )
+        users.delete()
+        return DeleteUsersMutation(operation_done=True)
+
+
 class Mutation(graphene.ObjectType):
     assign_users_to_team = AssignUsersToTeamMutation.Field(
         description="Mutation for assigning users to the specific team of the exercise"
@@ -304,3 +327,6 @@ class Mutation(graphene.ObjectType):
     regenerate_credentials = RegenerateCredentialsMutation.Field(
         description="Mutation for re-generating credentials for users"
     )
+    delete_users = DeleteUsersMutation.Field(
+        description="Mutation for deleting users"
+    )