diff --git a/misc/create_schema.sql b/misc/create_schema.sql
index df12e37..8df7d30 100644
--- a/misc/create_schema.sql
+++ b/misc/create_schema.sql
@@ -169,4 +169,58 @@ CREATE TABLE `notification` (
 	CONSTRAINT `FK_NOT_TIMES` FOREIGN KEY (`times_id`) REFERENCES `times` (`id`)
 )
 COMMENT='An entry corresponds to an alarm given by a violated rule during times update'
-ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
\ No newline at end of file
+ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
+
+CREATE TABLE `role` (
+	`id` INT(11) UNSIGNED NOT NULL AUTO_INCREMENT,
+	`name` VARCHAR(50) NOT NULL DEFAULT '0' COMMENT 'unique role name',
+	`description` VARCHAR(255) NULL DEFAULT '0' COMMENT 'role description',
+	PRIMARY KEY (`id`),
+	UNIQUE INDEX `name` (`name`)
+)
+COMMENT='logical group of securables for one or more user'
+DEFAULT CHARSET=utf8mb4
+ENGINE=InnoDB
+;
+
+
+CREATE TABLE `securable` (
+	`id` INT(10) UNSIGNED NOT NULL,
+	`name` VARCHAR(50) NOT NULL DEFAULT '',
+	PRIMARY KEY (`id`),
+	UNIQUE INDEX `name` (`name`)
+)
+COMMENT='Actual permission on a single(!) feature or operation'
+DEFAULT CHARSET=utf8mb4
+ENGINE=InnoDB
+;
+
+CREATE TABLE `user_role_map` (
+	`id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT,
+	`user_id` INT(10) UNSIGNED NOT NULL DEFAULT 0,
+	`role_id` INT(10) UNSIGNED NOT NULL DEFAULT 0,
+	PRIMARY KEY (`id`),
+	INDEX `FK_USER_ROLE` (`user_id`),
+	INDEX `FK_ROLE_USER` (`role_id`),
+	CONSTRAINT `FK_ROLE_USER` FOREIGN KEY (`role_id`) REFERENCES `role` (`id`),
+	CONSTRAINT `FK_USER_ROLE` FOREIGN KEY (`user_id`) REFERENCES `user` (`id`)
+)
+COMMENT='Assigns a user to a role'
+DEFAULT CHARSET=utf8mb4
+ENGINE=InnoDB
+;
+
+CREATE TABLE `role_securable_map` (
+	`id` INT(10) UNSIGNED NOT NULL,
+	`role_id` INT(10) UNSIGNED NOT NULL,
+	`securable_id` INT(10) UNSIGNED NOT NULL,
+	PRIMARY KEY (`id`),
+	INDEX `FK_ROLE_SECURABLE` (`role_id`),
+	INDEX `FK_SECURABLE_ROLE` (`securable_id`),
+	CONSTRAINT `FK_ROLE_SECURABLE` FOREIGN KEY (`role_id`) REFERENCES `role` (`id`),
+	CONSTRAINT `FK_SECURABLE_ROLE` FOREIGN KEY (`securable_id`) REFERENCES `securable` (`id`)
+)
+COMMENT='Assigns securables to roles'
+DEFAULT CHARSET=utf8mb4
+ENGINE=InnoDB
+;