diff --git a/modules/database/database.go b/modules/database/database.go
index c705a41..57dd229 100644
--- a/modules/database/database.go
+++ b/modules/database/database.go
@@ -37,12 +37,12 @@ func InitDatabase() {
 	db.AutoMigrate(&structs.Role{})
 	db.AutoMigrate(&structs.RolePermission{})
 
-	//createUser()
+	/* masterRoleId := handleMasterRolePermissions() */
+	handleMasterRolePermissions()
+	//createUser(masterRoleId)
 }
 
-func createUser() {
-	adminRoleId := createDefaultRole()
-
+func createUser(masterRoleId string) {
 	pw := []byte("haha")
 
 	hashedPassword, err := bcrypt.GenerateFromPassword(pw, bcrypt.DefaultCost)
@@ -53,7 +53,7 @@ func createUser() {
 
 	DB.Create(&structs.User{
 		Id:        uuid.New().String(),
-		RoleId:    adminRoleId,
+		RoleId:    masterRoleId,
 		Username:  "Alex",
 		Email:     "alex@roese.dev",
 		Password:  string(hashedPassword),
@@ -61,7 +61,7 @@ func createUser() {
 	})
 }
 
-func createDefaultRole() (roleId string) {
+func handleMasterRolePermissions() (roleId string) {
 	// create admin role if not already existing
 	role := structs.Role{
 		Id:           uuid.New().String(),
@@ -127,9 +127,8 @@ func createDefaultRole() (roleId string) {
 
 		if len(outdatedPermissions) > 0 {
 			for _, outdatedPermission := range outdatedPermissions {
-				DB.Where("role_id = ?", outdatedPermission.RoleId).
-					Where("permission_id = ?", outdatedPermission.PermissionId).
-					Delete(&outdatedPermission)
+				// delete old permissions for all roles
+				DB.Where("permission_id = ?", outdatedPermission.PermissionId).Delete(&outdatedPermission)
 			}
 		}
 	} else { // admin role has no permissions - grant all permissions
diff --git a/modules/utils/globals.go b/modules/utils/globals.go
index f496eed..08031fa 100644
--- a/modules/utils/globals.go
+++ b/modules/utils/globals.go
@@ -91,6 +91,9 @@ const (
 	_groupTasks                 = "group_tasks."
 	PermissionGroupTasksHistory = _groupTasks + "history"
 
+	PermissionAllUsersActionChangeRole = "all_users.action.change_role"
+	PermissionScannerUseScanners       = "scanner.use_scanners"
+
 	_adminArea                       = "admin_area."
 	_adminAreaRoles                  = _adminArea + "roles."
 	PermissionAdminAreaAddRole       = _adminAreaRoles + "add_role"
@@ -103,6 +106,8 @@ const (
 func GetSystemPermissions() []string {
 	return []string{
 		PermissionGroupTasksHistory,
+		PermissionAllUsersActionChangeRole,
+		PermissionScannerUseScanners,
 		PermissionAdminAreaAddRole,
 		PermissionAdminAreaUpdateRole,
 		PermissionAdminAreaDeleteRole,