diff --git a/client/src/components/Admin/PermissionsPanel.tsx b/client/src/components/Admin/PermissionsPanel.tsx
index 3b3af47..85a6f2a 100644
--- a/client/src/components/Admin/PermissionsPanel.tsx
+++ b/client/src/components/Admin/PermissionsPanel.tsx
@@ -154,6 +154,7 @@ export default function PermissionsPanel(): React.ReactElement {
                             value: l,
                             label: t(LEVEL_LABELS[l] || l),
                           }))}
+                          style={{ minWidth: 160 }}
                         />
                       </div>
                     </div>
diff --git a/client/src/pages/AdminPage.tsx b/client/src/pages/AdminPage.tsx
index b1c44db..c57aad6 100644
--- a/client/src/pages/AdminPage.tsx
+++ b/client/src/pages/AdminPage.tsx
@@ -3,6 +3,7 @@ import { useNavigate } from 'react-router-dom'
 import apiClient, { adminApi, authApi, notificationsApi } from '../api/client'
 import { useAuthStore } from '../store/authStore'
 import { useSettingsStore } from '../store/settingsStore'
+import { useAddonStore } from '../store/addonStore'
 import { useTranslation } from '../i18n'
 import { getApiErrorMessage } from '../types'
 import Navbar from '../components/Layout/Navbar'
@@ -58,15 +59,15 @@ export default function AdminPage(): React.ReactElement {
   const { demoMode, serverTimezone } = useAuthStore()
   const { t, locale } = useTranslation()
   const hour12 = useSettingsStore(s => s.settings.time_format) === '12h'
+  const mcpEnabled = useAddonStore(s => s.isEnabled('mcp'))
   const TABS = [
     { id: 'users', label: t('admin.tabs.users') },
     { id: 'config', label: t('admin.tabs.config') },
     { id: 'addons', label: t('admin.tabs.addons') },
-    { id: 'permissions', label: t('admin.tabs.permissions') },
     { id: 'settings', label: t('admin.tabs.settings') },
     { id: 'backup', label: t('admin.tabs.backup') },
     { id: 'audit', label: t('admin.tabs.audit') },
-    { id: 'mcp-tokens', label: t('admin.tabs.mcpTokens') },
+    ...(mcpEnabled ? [{ id: 'mcp-tokens', label: t('admin.tabs.mcpTokens') }] : []),
     { id: 'github', label: t('admin.tabs.github') },
   ]
 
@@ -636,6 +637,8 @@ export default function AdminPage(): React.ReactElement {
             </div>
           )}
 
+          {activeTab === 'users' && <div className="mt-6"><PermissionsPanel /></div>}
+
           {/* Create Invite Modal */}
           <Modal isOpen={showCreateInvite} onClose={() => setShowCreateInvite(false)} title={t('admin.invite.create')} size="sm">
             <div className="space-y-4">
@@ -1155,8 +1158,6 @@ export default function AdminPage(): React.ReactElement {
             </div>
           )}
 
-          {activeTab === 'permissions' && <PermissionsPanel />}
-
           {activeTab === 'backup' && <BackupPanel />}
 
           {activeTab === 'audit' && <AuditLogPanel serverTimezone={serverTimezone} />}