diff --git a/controllers/adminusers.go b/controllers/adminusers.go
index b051308..9ffb762 100644
--- a/controllers/adminusers.go
+++ b/controllers/adminusers.go
@@ -19,6 +19,29 @@ import (
 
 func AdminUsersList(c *core.Context) *core.Response {
 
+	// initiate authority
+	auth := new(utils.Authority)
+	var session = new(utils.SessionUser)
+	// true if session is active
+	hassession := session.Init(c)
+
+	if !hassession {
+		type emptytemplate struct{}
+		emptyData := emptytemplate{}
+		return c.Response.Template("nopermission.html", emptyData)
+	}
+
+	session_uid := session.GetUserID()
+	// check if user has role admin
+	is_admin, _ := auth.CheckUserRole(c, session_uid, "admin")
+
+	if !is_admin {
+		type emptytemplate struct{}
+		emptyData := emptytemplate{}
+		return c.Response.Template("nopermission.html", emptyData)
+	}
+
+	// continue if has session and is admin
 	var users []models.User
 	db := c.GetGorm()
 	db.Find(&users)
@@ -46,6 +69,10 @@ func AdminUsersList(c *core.Context) *core.Response {
 			Value:     "Email",
 			ValueType: "string",
 		},
+		{
+			Value:     "Roles",
+			ValueType: "string",
+		},
 		{
 			Value: "Created",
 		},
@@ -57,13 +84,26 @@ func AdminUsersList(c *core.Context) *core.Response {
 		},
 	}
 
+	var listroles string
 	rows := make([][]components.ContentTableTD, len(users))
 	for i, u := range users {
+
+		roles, _ := auth.GetUserRoles(c, u.ID)
+		listroles = ""
+
+		for _, role := range roles {
+			if listroles != "" {
+				listroles += ", "
+			}
+			listroles += role.Name
+		}
+
 		row := []components.ContentTableTD{
 			{Value: strconv.Itoa(int(u.ID))},
 			{Value: u.Name},
 			{Value: u.Fullname},
 			{Value: u.Email},
+			{Value: listroles},
 			{Value: utils.FormatUnix(u.Created)},
 			{Value: utils.FormatUnix(u.Updated)},
 			{Value: components.ContentHref{
@@ -93,10 +133,44 @@ func AdminUsersList(c *core.Context) *core.Response {
 
 func AdminUsersAdd(c *core.Context) *core.Response {
 
+	// initiate authority
+	auth := new(utils.Authority)
+	var session = new(utils.SessionUser)
+	// true if session is active
+	hassession := session.Init(c)
+
+	if !hassession {
+		type emptytemplate struct{}
+		emptyData := emptytemplate{}
+		return c.Response.Template("nopermission.html", emptyData)
+	}
+
+	session_uid := session.GetUserID()
+	// check if user has role admin
+	is_admin, _ := auth.CheckUserRole(c, session_uid, "admin")
+
+	if !is_admin {
+		type emptytemplate struct{}
+		emptyData := emptytemplate{}
+		return c.Response.Template("nopermission.html", emptyData)
+	}
+
 	// check if is submit
 	submit := c.GetRequestParam("submit").(string)
-
 	errormessages := make([]string, 0)
+	var listroles []components.FormCheckboxItem
+	systemroles, _ := auth.GetAllRoles(c)
+
+	for _, systemrole := range systemroles {
+		var userrole components.FormCheckboxItem
+		userrole.Label = systemrole.Name
+		userrole.Name = "roles"
+		userrole.Value = systemrole.Slug
+		if systemrole.Slug == "authenticated" {
+			userrole.IsChecked = true
+		}
+		listroles = append(listroles, userrole)
+	}
 
 	name := ""
 	fullname := ""
@@ -109,6 +183,7 @@ func AdminUsersAdd(c *core.Context) *core.Response {
 		fullname = c.GetRequestParam("fullname").(string)
 		email = c.GetRequestParam("email").(string)
 		password = c.GetRequestParam("password").(string)
+		roles := c.GetRequesForm("roles").([]string)
 
 		// check if email exists
 		var user models.User
@@ -161,6 +236,11 @@ func AdminUsersAdd(c *core.Context) *core.Response {
 				errormessages = append(errormessages, res.Error.Error())
 			} else {
 
+				// assign roles
+				for _, role := range roles {
+					auth.AssignRoleToUser(c, user.ID, role)
+				}
+
 				// fire user registered event
 				err := c.GetEventsManager().Fire(&core.Event{Name: events.USER_REGISTERED, Payload: map[string]interface{}{
 					"user": user,
@@ -180,6 +260,7 @@ func AdminUsersAdd(c *core.Context) *core.Response {
 		FieldName     components.FormInput
 		FieldFullname components.FormInput
 		FieldEmail    components.FormInput
+		FieldRoles    components.FormCheckbox
 		FieldPassword components.FormInput
 		ErrorMessages []string
 		SubmitButton  components.FormButton
@@ -208,6 +289,10 @@ func AdminUsersAdd(c *core.Context) *core.Response {
 			//Autocomplete: true,
 			IsRequired: true,
 		},
+		FieldRoles: components.FormCheckbox{
+			Label:       "Roles",
+			AllCheckbox: listroles,
+		},
 		FieldPassword: components.FormInput{
 			ID:         "password",
 			Label:      "Password",
@@ -236,6 +321,29 @@ func AdminUsersEdit(c *core.Context) *core.Response {
 	user_id := c.GetPathParam("id")
 
 	errormessages := make([]string, 0)
+	// initiate authority
+	auth := new(utils.Authority)
+
+	var listroles []components.FormCheckboxItem
+
+	systemroles, _ := auth.GetAllRoles(c)
+	user_id_uint, _ := strconv.ParseUint(user_id.(string), 10, 32)
+
+	userroles, _ := auth.GetUserRoles(c, uint(user_id_uint))
+
+	for _, systemrole := range systemroles {
+		var userrole components.FormCheckboxItem
+		userrole.Label = systemrole.Name
+		userrole.Name = "roles"
+		userrole.Value = systemrole.Slug
+		for _, ur := range userroles {
+			if ur.Slug == systemrole.Slug {
+				userrole.IsChecked = true
+				break
+			}
+		}
+		listroles = append(listroles, userrole)
+	}
 
 	var origin_user models.User
 
@@ -259,6 +367,7 @@ func AdminUsersEdit(c *core.Context) *core.Response {
 		fullname = c.GetRequestParam("fullname").(string)
 		email = c.GetRequestParam("email").(string)
 		password = c.GetRequestParam("password").(string)
+		roles := c.GetRequesForm("roles").([]string)
 		key := c.GetRequestParam("key")
 
 		// check if email exists
@@ -316,6 +425,14 @@ func AdminUsersEdit(c *core.Context) *core.Response {
 				c.GetLogger().Error("Admin user: error updating")
 				errormessages = append(errormessages, fmt.Sprintf("Error updating user %s:", user_id_string))
 			} else {
+
+				// delete roles
+				auth.RevokeAllUserRole(c, origin_user.ID)
+				// assign roles
+				for _, role := range roles {
+					auth.AssignRoleToUser(c, origin_user.ID, role)
+				}
+
 				return c.Response.Redirect("/admin/users")
 			}
 		}
@@ -325,6 +442,7 @@ func AdminUsersEdit(c *core.Context) *core.Response {
 		FieldName     components.FormInput
 		FieldFullname components.FormInput
 		FieldEmail    components.FormInput
+		FieldRoles    components.FormCheckbox
 		FieldPassword components.FormInput
 		FieldKey      components.FormInput
 		ErrorMessages []string
@@ -355,6 +473,10 @@ func AdminUsersEdit(c *core.Context) *core.Response {
 			//Autocomplete: true,
 			IsRequired: true,
 		},
+		FieldRoles: components.FormCheckbox{
+			Label:       "Roles",
+			AllCheckbox: listroles,
+		},
 		FieldPassword: components.FormInput{
 			ID:         "password",
 			Label:      "Password",
@@ -461,6 +583,9 @@ func AdminUsersDelConfirm(c *core.Context) *core.Response {
 		// check if is the seed user
 		seed := "1"
 		if user_id != seed {
+
+			// initiate authority
+			auth := new(utils.Authority)
 			// Delete the user
 			// fire user delete event
 			err := c.GetEventsManager().Fire(&core.Event{Name: events.USER_DELETED, Payload: map[string]interface{}{
@@ -469,6 +594,7 @@ func AdminUsersDelConfirm(c *core.Context) *core.Response {
 			if err != nil {
 				c.GetLogger().Error(err.Error())
 			}
+			auth.RevokeAllUserRole(c, origin_user.ID)
 			result_db.Unscoped().Delete(&origin_user)
 		}
 	}
diff --git a/storage/templates/admin_useradd.html b/storage/templates/admin_useradd.html
index ccdb363..bc5d780 100644
--- a/storage/templates/admin_useradd.html
+++ b/storage/templates/admin_useradd.html
@@ -15,7 +15,8 @@
     <form method="POST" id="add_user" action="/admin/users/add">
     {{template "form_input" .FieldName}}
     {{template "form_input" .FieldFullname}}             
-    {{template "form_input" .FieldEmail}}            
+    {{template "form_input" .FieldEmail}}
+    {{template "form_checkbox" .FieldRoles}}            
     {{template "form_input" .FieldPassword}}
     <hr>
     {{template "form_button" .SubmitButton}}
diff --git a/storage/templates/admin_useredit.html b/storage/templates/admin_useredit.html
index 36ebfdf..3c49e08 100644
--- a/storage/templates/admin_useredit.html
+++ b/storage/templates/admin_useredit.html
@@ -15,7 +15,8 @@
     <form method="POST" id="add_user" action="/admin/users/edit/{{.FieldKey.Value}}">
     {{template "form_input" .FieldName}}
     {{template "form_input" .FieldFullname}}             
-    {{template "form_input" .FieldEmail}}            
+    {{template "form_input" .FieldEmail}}
+    {{template "form_checkbox" .FieldRoles}}        
     {{template "form_input" .FieldPassword}}
     {{template "form_input" .FieldKey}}
     {{template "form_button" .SubmitButton}}
diff --git a/storage/templates/nopermission.html b/storage/templates/nopermission.html
new file mode 100644
index 0000000..bec8f39
--- /dev/null
+++ b/storage/templates/nopermission.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html lang="en">
+  {{template "page_head" "No permission"}}
+  <body>
+  <div class="container">
+    <div class="row">
+    You do not have permission to visit this page.
+    </div>
+  </div>
+  {{template "page_footer"}}
+  </body>
+</html>
\ No newline at end of file
diff --git a/utils/authority.go b/utils/authority.go
index 33124e8..823f845 100644
--- a/utils/authority.go
+++ b/utils/authority.go
@@ -265,6 +265,38 @@ func (a *Authority) RevokeRolePermission(c *core.Context, roleSlug string, permS
 	return nil
 }
 
+// Revokes a user's role
+func (a *Authority) RevokeUserRole(c *core.Context, userID uint, roleSlug string) error {
+	// find the role
+	var role models.Role
+	res := c.GetGorm().Where("slug = ?", roleSlug).First(&role)
+	if res.Error != nil {
+		if errors.Is(res.Error, gorm.ErrRecordNotFound) {
+			return ErrRoleNotFound
+		}
+		return res.Error
+	}
+
+	// revoke the role
+	rRes := c.GetGorm().Where("user_id = ?", userID).Where("role_id = ?", role.ID).Delete(models.UserRole{})
+	if rRes.Error != nil {
+		return rRes.Error
+	}
+
+	return nil
+}
+
+// Revokes all user's role
+func (a *Authority) RevokeAllUserRole(c *core.Context, userID uint) error {
+	// revoke the role
+	rRes := c.GetGorm().Where("user_id = ?", userID).Delete(models.UserRole{})
+	if rRes.Error != nil {
+		return rRes.Error
+	}
+
+	return nil
+}
+
 // Returns all stored roles
 func (a *Authority) GetAllRoles(c *core.Context) ([]models.Role, error) {
 	var roles []models.Role