diff --git a/api/admin/user/index.php b/api/admin/user/index.php
index 4b980a21..5f62266c 100644
--- a/api/admin/user/index.php
+++ b/api/admin/user/index.php
@@ -20,7 +20,7 @@ $request_method = $_SERVER['REQUEST_METHOD'];
  * @apiVersion 0.0.0
  * @apiName GetUser
  * @apiGroup User
- * @apiPermission protected
+ * @apiPermission canManUsers
  *
  * @apiParam {Number} [id] The ID of the user. Omit for all users.
  *
@@ -30,7 +30,6 @@ $request_method = $_SERVER['REQUEST_METHOD'];
  * @apiSuccess {String} name The user's name
  * @apiSuccess {String} email The user's email address
  * @apiSuccess {String} signature The user's signature, in plaintext
- * @apiSuccess {Unknown} language ??? (Unknown)
  * @apiSuccess {String[]} categories Ticket categories the user has access to. If the user is an admin, this list has one element: ""
  * @apiSuccess {Integer} afterReply Action to perform after replying to a ticket:<br>
  *     `0` - Show the ticket I just replied to<br>
@@ -55,6 +54,11 @@ $request_method = $_SERVER['REQUEST_METHOD'];
  * @apiSuccess {String} rating The overall rating of the user, as a floating point decimal
  * @apiSuccess {Integer} autorefresh The ticket table autorefresh time for the user, in milliseconds
  * @apiSuccess {Boolean} active `true` if the user is active<br>`false` otherwise
+ * @apiSuccess {Integer} defaultCalendarView The default view displayed on the calendar screen:<br>
+ *     `0` - Month<br>
+ *     `1` - Week<br>
+ *     `2` - Day<br>
+ * @apiSuccess {Boolean} notifyOverdueUnassigned Notify user of overdue tickets assigned to others / not assigned
  *
  * @apiSuccessExample {json} Success-Response:
  *      HTTP/1.1 200 OK
@@ -65,7 +69,6 @@ $request_method = $_SERVER['REQUEST_METHOD'];
  *          "name": "Your name",
  *          "email": "mkoch227@gmail.com",
  *          "signature": "Sincerely,\r\n\r\nYour name\r\nYour website\r\nhttp://www.yourwebsite.com\r\n& < > ^ &",
- *          "language": null,
  *          "categories": [
  *              ""
  *          ],
@@ -91,21 +94,28 @@ $request_method = $_SERVER['REQUEST_METHOD'];
  *          "ratingPos": 0,
  *          "rating": "0",
  *          "autorefresh": 0,
- *          "active": true
+ *          "active": true,
+ *          "defaultCalendarView": 0,
+ *          "notifyOverdueUnassigned": true
  *      }
  *
  * @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
- * @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
+ * @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid, or the user does not have the 'can_man_users' permission
  */
 if ($request_method == 'GET') {
     $token = get_header('X-Auth-Token');
+    $user = NULL;
 
     try {
-        get_user_for_token($token, $hesk_settings);
+        $user = get_user_for_token($token, $hesk_settings);
     } catch (AccessException $e) {
         return http_response_code($e->getCode());
     }
 
+    if (!$user['isadmin'] && strpos($user['heskprivileges'], 'can_man_users') === false) {
+        return http_response_code(401);
+    }
+
     if (isset($_GET['id'])) {
         $results = retrieve_user($hesk_settings, $_GET['id']);
     } else {
diff --git a/api/businesslogic/user_retriever.php b/api/businesslogic/user_retriever.php
index ddfa06ed..c184f5be 100644
--- a/api/businesslogic/user_retriever.php
+++ b/api/businesslogic/user_retriever.php
@@ -68,6 +68,10 @@ function convert_to_camel_case($user) {
     unset($user['ratingpos']);
     $user['heskPrivileges'] = $user['heskprivileges'];
     unset($user['heskprivileges']);
+    $user['defaultCalendarView'] = $user['default_calendar_view'];
+    unset($user['default_calendar_view']);
+    $user['notifyOverdueUnassigned'] = $user['notify_overdue_unassigned'];
+    unset($user['notify_overdue_unassigned']);
 
     return $user;
 }
\ No newline at end of file
diff --git a/api/common_api_doc.php b/api/common_api_doc.php
index 6212e53a..c829a7a6 100644
--- a/api/common_api_doc.php
+++ b/api/common_api_doc.php
@@ -5,8 +5,8 @@
  *
  */
 /**
- * @apiDefine protected Protected
- *      A protected API can only be utilized by those with a valid `X-Auth-Token`.
+ * @apiDefine protected Protected (Any)
+ *      A protected API can only be utilized by any user with a valid `X-Auth-Token`.
  */
 /**
  * @apiDefine invalidXAuthToken 401 Unauthorized
@@ -15,4 +15,7 @@
 /**
  * @apiDefine noTokenProvided 400 Bad Request
  *      No `X-Auth-Token` was provided.
+ *
+ * @apiDefine canManUsers Protected (Can Manage Users)
+ *      A protected API can only be utilized by users with a valid `X-Auth-Token` and have the 'can_man_users' permission (or is an admin)
  */
\ No newline at end of file
diff --git a/api/dao/user_dao.php b/api/dao/user_dao.php
index b7bdde12..e7b343c8 100644
--- a/api/dao/user_dao.php
+++ b/api/dao/user_dao.php
@@ -36,6 +36,8 @@ function get_user($hesk_settings, $id = NULL) {
         $row['ratingpos'] = intval($row['ratingpos']);
         $row['autorefresh'] = intval($row['autorefresh']);
         $row['active'] = get_boolean($row['active']);
+        $row['default_calendar_view'] = intval($row['default_calendar_view']);
+        $row['notify_overdue_unassigned'] = get_boolean($row['notify_overdue_unassigned']);
 
 
         // TODO: Remove this once GitHub #346 is complete
diff --git a/api/ticket/index.php b/api/ticket/index.php
index 4f48fe32..f4f7c9c8 100644
--- a/api/ticket/index.php
+++ b/api/ticket/index.php
@@ -78,7 +78,7 @@ $request_method = $_SERVER['REQUEST_METHOD'];
  *           "custom18": "",
  *           "custom19": "",
  *           "custom20": "",
- *           "html": false,
+ *           "html": false
  *      }
  *
  * @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required