diff --git a/src/wuttaweb/views/users.py b/src/wuttaweb/views/users.py
index 03f5db9..69096f7 100644
--- a/src/wuttaweb/views/users.py
+++ b/src/wuttaweb/views/users.py
@@ -118,6 +118,16 @@ class UserView(MasterView):  # pylint: disable=abstract-method
 
         return True
 
+    def is_deletable(self, obj):  # pylint: disable=empty-docstring
+        """ """
+        user = obj
+
+        # only root can delete certain users
+        if user.prevent_edit and not self.request.is_root:
+            return False
+
+        return True
+
     def configure_form(self, form):  # pylint: disable=empty-docstring
         """ """
         f = form
diff --git a/tests/views/test_users.py b/tests/views/test_users.py
index 81bb028..c345b97 100644
--- a/tests/views/test_users.py
+++ b/tests/views/test_users.py
@@ -63,6 +63,26 @@ class TestUserView(WebTestCase):
         self.request.is_root = True
         self.assertTrue(view.is_editable(user))
 
+    def test_is_deletable(self):
+        model = self.app.model
+        view = self.make_view()
+
+        # active user is deletable
+        user = model.User(username="barney", active=True)
+        self.assertTrue(view.is_deletable(user))
+
+        # inactive also deletable
+        user = model.User(username="barney", active=False)
+        self.assertTrue(view.is_deletable(user))
+
+        # but not if prevent_edit flag is set
+        user = model.User(username="barney", prevent_edit=True)
+        self.assertFalse(view.is_deletable(user))
+
+        # unless request user is root
+        with patch.object(self.request, "is_root", new=True):
+            self.assertTrue(view.is_deletable(user))
+
     def test_configure_form(self):
         model = self.app.model
         person = model.Person(