diff --git a/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/page.tsx b/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/page.tsx
new file mode 100644
index 000000000..2c7a9936e
--- /dev/null
+++ b/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/page.tsx
@@ -0,0 +1,74 @@
+'use client';
+
+import Content from '@/components/content';
+import Auth from '@/lib/AuthCanWrapper';
+import { useGetAsset } from '@/lib/fetch-data';
+import { Button, Result, Skeleton, Space, Tabs } from 'antd';
+import { LeftOutlined } from '@ant-design/icons';
+import { ComponentProps } from 'react';
+import RoleGeneralData from './roleGeneralData';
+import { useRouter } from 'next/navigation';
+import RolePermissions from './rolePermissions';
+import RoleMembers from './role-members';
+
+type Items = ComponentProps<typeof Tabs>['items'];
+
+function RolePage({ params: { roleId } }: { params: { roleId: string } }) {
+  const router = useRouter();
+  const {
+    data: role,
+    isLoading,
+    error,
+  } = useGetAsset('/roles/{id}', {
+    params: { path: { id: roleId } },
+  });
+
+  const items: Items = role
+    ? [
+        {
+          key: 'members',
+          label: 'Manage Members',
+          children: <RoleMembers role={role} isLoadingRole={isLoading} />,
+        },
+        { key: 'permissions', label: 'Permissions', children: <RolePermissions role={role} /> },
+        {
+          key: 'generalData',
+          label: 'General Data',
+          children: <RoleGeneralData roleId={roleId} />,
+        },
+      ]
+    : [];
+
+  if (error) return;
+  <Result
+    status="error"
+    title="Failed to fetch role"
+    subTitle="An error ocurred while fetching role, please try again."
+  />;
+
+  return (
+    <Content
+      title={
+        <Space>
+          <Button icon={<LeftOutlined />} onClick={() => router.push('/iam/roles')} type="text">
+            Back
+          </Button>
+          {role?.name}
+        </Space>
+      }
+    >
+      <Skeleton loading={isLoading}>
+        <Tabs items={items} />
+      </Skeleton>
+    </Content>
+  );
+}
+
+export default Auth(
+  {
+    action: ['view', 'manage'],
+    resource: 'Role',
+    fallbackRedirect: '/',
+  },
+  RolePage,
+);
diff --git a/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/role-members.tsx b/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/role-members.tsx
new file mode 100644
index 000000000..832f31963
--- /dev/null
+++ b/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/role-members.tsx
@@ -0,0 +1,154 @@
+'use client';
+
+import { FC, useMemo, useState } from 'react';
+import { DeleteOutlined, PlusOutlined } from '@ant-design/icons';
+import {
+  ApiData,
+  useDeleteAsset,
+  useGetAsset,
+  useInvalidateAsset,
+  usePostAsset,
+} from '@/lib/fetch-data';
+import UserList, { UserListProps } from '@/components/user-list';
+import { Button, Modal, Popconfirm, Tooltip } from 'antd';
+
+type Role = ApiData<'/roles', 'get'>[number];
+
+const AddUserModal: FC<{ role: Role; open: boolean; close: () => void }> = ({
+  role,
+  open,
+  close,
+}) => {
+  const { data: users, isLoading: isLoadingUsers } = useGetAsset('/users', {});
+  const invalidateRole = useInvalidateAsset('/roles/{id}', { params: { path: { id: role.id } } });
+  const { mutateAsync, isLoading: isLoadingMutation } = usePostAsset('/role-mappings', {
+    onSuccess: invalidateRole,
+  });
+
+  type AddUserParams = Parameters<NonNullable<UserListProps['selectedRowActions']>>;
+  const addUsers = async (users: AddUserParams[2], clearIds?: AddUserParams[1]) => {
+    if (clearIds) clearIds();
+    await mutateAsync({
+      body: users.map((user) => ({
+        userId: user.id,
+        roleId: role.id,
+        email: user.email,
+        lastName: user.lastName,
+        firstName: user.firstName,
+        username: user.username,
+      })),
+      parseAs: 'text',
+    });
+  };
+
+  const usersNotInRole = useMemo(() => {
+    if (!users) return [];
+
+    const usersInRole = new Set(role.members.map((member) => member.userId));
+
+    return users.filter((user) => !usersInRole.has(user.id));
+  }, [users, role.members]);
+
+  return (
+    <Modal
+      open={open}
+      onCancel={close}
+      footer={null}
+      width={800}
+      title={`Add members to ${role.name}`}
+    >
+      <UserList
+        users={usersNotInRole}
+        loading={isLoadingUsers || isLoadingMutation}
+        columns={(clearSelected) => [
+          {
+            dataIndex: 'id',
+            render: (_, user) => (
+              <Tooltip placement="top" title="Add to role">
+                <Button
+                  icon={<PlusOutlined />}
+                  type="text"
+                  onClick={() => addUsers([user], clearSelected)}
+                />
+              </Tooltip>
+            ),
+          },
+        ]}
+        selectedRowActions={(_, clearIds, users) => (
+          <Tooltip placement="top" title="Add to role">
+            <Button icon={<PlusOutlined />} type="text" onClick={() => addUsers(users, clearIds)} />
+          </Tooltip>
+        )}
+      />
+    </Modal>
+  );
+};
+
+const RoleMembers: FC<{ role: Role; isLoadingRole?: boolean }> = ({ role, isLoadingRole }) => {
+  const [addUserModalOpen, setAddUserModalOpen] = useState(false);
+
+  const refetchRole = useInvalidateAsset('/roles/{id}', { params: { path: { id: role.id } } });
+  const { mutateAsync: deleteUser, isLoading: isLoadingDelete } = useDeleteAsset(
+    '/role-mappings/users/{userId}/roles/{roleId}',
+    { onSuccess: refetchRole },
+  );
+
+  async function deleteMembers(userIds: string[], clearIds?: () => void) {
+    if (clearIds) clearIds();
+
+    await Promise.allSettled(
+      userIds.map((userId) =>
+        deleteUser({
+          params: { path: { roleId: role.id, userId: userId } },
+        }),
+      ),
+    );
+  }
+
+  return (
+    <>
+      <AddUserModal role={role} open={addUserModalOpen} close={() => setAddUserModalOpen(false)} />
+      <UserList
+        users={role.members.map((member) => ({ ...member, id: member.userId }))}
+        loading={isLoadingDelete || isLoadingRole}
+        columns={(clearSelected) => [
+          {
+            dataIndex: 'id',
+            key: 'remove',
+            title: '',
+            width: 100,
+            render: (id: string) => (
+              <Tooltip placement="top" title="Remove member">
+                <Popconfirm
+                  title="Remove member"
+                  description="Are you sure you want to remove this member?"
+                  onConfirm={() => deleteMembers([id], clearSelected)}
+                >
+                  <Button icon={<DeleteOutlined />} type="text" />
+                </Popconfirm>
+              </Tooltip>
+            ),
+          },
+        ]}
+        selectedRowActions={(ids, clearIds) => (
+          <Tooltip placement="top" title="Remove members">
+            <Popconfirm
+              title="Remove member"
+              description="Are you sure you want to remove this member?"
+              onConfirm={() => deleteMembers(ids, clearIds)}
+            >
+              <Button icon={<DeleteOutlined />} type="text" />
+            </Popconfirm>
+          </Tooltip>
+        )}
+        searchBarRightNode={
+          <Button type="primary" onClick={() => setAddUserModalOpen(true)}>
+            Add member
+          </Button>
+        }
+      />
+    </>
+  );
+};
+
+export default RoleMembers;
diff --git a/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/roleGeneralData.tsx b/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/roleGeneralData.tsx
new file mode 100644
index 000000000..06f7e7702
--- /dev/null
+++ b/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/roleGeneralData.tsx
@@ -0,0 +1,90 @@
+import Auth from '@/lib/AuthCanWrapper';
+import { toCaslResource } from '@/lib/ability/caslAbility';
+import { useGetAsset, usePutAsset } from '@/lib/fetch-data';
+import { useAuthStore } from '@/lib/iam';
+import { Alert, App, Button, DatePicker, Form, Input, Spin } from 'antd';
+import { FC } from 'react';
+import dayjs from 'dayjs';
+import germanLocale from 'antd/es/date-picker/locale/de_DE';
+
+const RoleGeneralData: FC<{ roleId: string }> = ({ roleId }) => {
+  const { message } = App.useApp();
+  const ability = useAuthStore((store) => store.ability);
+  const [form] = Form.useForm();
+
+  const { data, isLoading, error } = useGetAsset('/roles/{id}', {
+    params: { path: { id: roleId } },
+  });
+
+  const { mutateAsync: updateRole, isLoading: putLoading } = usePutAsset('/roles/{id}', {
+    onError: () => message.open({ type: 'error', content: 'Something went wrong' }),
+  });
+
+  if (isLoading || error || !data) return <Spin />;
+
+  const role = toCaslResource('Role', data);
+
+  async function submitChanges(values: Record<string, any>) {
+    if (typeof values.expirationDayJs === 'object') {
+      values.expiration = (values.expirationDayJs as dayjs.Dayjs).toISOString();
+      delete values.expirationDayJs;
+    }
+
+    try {
+      await updateRole({
+        params: { path: { id: roleId } },
+        body: values,
+      });
+
+      // success message has to go here, or else the mutation will stop loading when the message
+      // disappears
+      message.open({ type: 'success', content: 'Role updated' });
+    } catch (e) {}
+  }
+
+  return (
+    <Form form={form} layout="vertical" onFinish={submitChanges} initialValues={role}>
+      {role.note && (
+        <>
+          <Alert type="warning" message={role.note} />
+          <br />
+        </>
+      )}
+      <Form.Item label="Name" name="name">
+        <Input placeholder="input placeholder" disabled={!ability.can('update', role, 'name')} />
+      </Form.Item>
+
+      <Form.Item label="Description" name="description">
+        <Input.TextArea
+          placeholder="input placeholder"
+          disabled={!ability.can('update', role, 'description')}
+        />
+      </Form.Item>
+
+      <Form.Item label="Expiration" name="expirationDayJs">
+        <DatePicker
+          // Note german locale hard coded
+          locale={germanLocale}
+          allowClear={true}
+          disabled={!ability.can('update', role, 'expiration')}
+          defaultValue={role.expiration ? dayjs(new Date(role.expiration)) : undefined}
+        />
+      </Form.Item>
+
+      <Form.Item>
+        <Button type="primary" htmlType="submit" loading={putLoading}>
+          Submit
+        </Button>
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default Auth(
+  {
+    action: ['view', 'manage'],
+    resource: 'Role',
+    fallbackRedirect: '/',
+  },
+  RoleGeneralData,
+);
diff --git a/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/rolePermissions.tsx b/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/rolePermissions.tsx
new file mode 100644
index 000000000..6998df9b8
--- /dev/null
+++ b/src/management-system-v2/app/(dashboard)/iam/roles/[roleId]/rolePermissions.tsx
@@ -0,0 +1,336 @@
+'use client';
+
+import { Divider, Form, Row, Space, Switch, Typography, FloatButton, Tooltip, Spin } from 'antd';
+import { SaveOutlined } from '@ant-design/icons';
+import { ResourceActionType, ResourceType } from '@/lib/ability/caslAbility';
+import { FC } from 'react';
+import { ApiData, usePutAsset } from '@/lib/fetch-data';
+
+type PermissionCategory = {
+  key: string;
+  title: string;
+  resource: ResourceType;
+  permissions: {
+    key: string;
+    title: string;
+    description: string;
+    permission: ResourceActionType;
+  }[];
+};
+
+const basePermissionOptions: PermissionCategory[] = [
+  {
+    key: 'process',
+    title: 'PROCESSES',
+    resource: 'Process',
+    permissions: [
+      {
+        key: 'process_view',
+        title: 'View processes',
+        description: 'Allows a user to view her or his processes. (Enables the Processes view.)',
+        permission: 'view',
+      },
+      {
+        key: 'process_manage',
+        title: 'Manage processes',
+        description: 'Allows a user to create, modify and delete processes in the Processes view.',
+        permission: 'manage',
+      },
+      {
+        key: 'process_share',
+        title: 'Share processes',
+        description: 'Allows a user to share processes with different users and groups.',
+        permission: 'share',
+      },
+      {
+        key: 'process_admin',
+        title: 'Administrate processes',
+        description: 'Allows a user to create, modify, delete and share all PROCEED processes.',
+        permission: 'admin',
+      },
+    ],
+  },
+  {
+    key: 'projects',
+    title: 'PROJECTS',
+    resource: 'Project',
+    permissions: [
+      {
+        key: 'View projects',
+        title: 'View projects',
+        description: 'Allows a user to view her or his projects. (Enables the Projects view.)',
+        permission: 'view',
+      },
+
+      {
+        key: 'Manage projects',
+        title: 'Manage projects',
+        description: 'Allows a user to create, modify and delete projects in the Projects view.',
+        permission: 'manage',
+      },
+
+      {
+        key: 'Share projects',
+        title: 'Share projects',
+        description: 'Allows a user to share projects with different users and groups.',
+        permission: 'share',
+      },
+
+      {
+        key: 'Administrate projects',
+        title: 'Administrate projects',
+        description: 'Allows a user to create, modify, delete and share all PROCEED projects.',
+        permission: 'admin',
+      },
+    ],
+  },
+  {
+    key: 'templates',
+    title: 'TEMPLATES',
+    resource: 'Template',
+    permissions: [
+      {
+        key: 'View templates',
+        title: 'View templates',
+        description: 'A,llows a user to view her or his templates. (Enables the Templates view.)',
+        permission: 'view',
+      },
+
+      {
+        key: 'Manage templates',
+        title: 'Manage templates',
+        description: 'A,llows a user to create, modify and delete templates in the Templates view.',
+        permission: 'manage',
+      },
+
+      {
+        key: 'Share templates',
+        title: 'Share templates',
+        description: 'A,llows a user to share templates with different users and groups.',
+        permission: 'share',
+      },
+
+      {
+        key: 'Administrate templates',
+        title: 'Administrate templates',
+        description: 'A,llows a user to create, modify, delete and share all PROCEED templates.',
+        permission: 'admin',
+      },
+    ],
+  },
+  {
+    key: 'tasks',
+    title: 'TASKS',
+    resource: 'Task',
+    permissions: [
+      {
+        key: 'View tasks',
+        title: 'View tasks',
+        description: 'A,llows a user to view her or his tasks. (Enables the Tasklist view.)',
+        permission: 'view',
+      },
+    ],
+  },
+  {
+    key: 'machines',
+    title: 'MACHINES',
+    resource: 'Machine',
+    permissions: [
+      {
+        key: 'View machines',
+        title: 'View machines',
+        description: ',Allows a user to view all machines. (Enables the Machines view.)',
+        permission: 'view',
+      },
+
+      {
+        key: 'Manage machines',
+        title: 'Manage machines',
+        description: 'Allows a user to create, modify and delete machines in the Machines view.',
+        permission: 'manage',
+      },
+    ],
+  },
+  {
+    key: 'executions',
+    title: 'EXECUTIONS',
+    resource: 'Execution',
+    permissions: [
+      {
+        key: 'View executions',
+        title: 'View executions',
+        description: 'Allows a user to view all executions. (Enables the Executions view.)',
+        permission: 'view',
+      },
+    ],
+  },
+  {
+    key: 'roles',
+    title: 'ROLES',
+    resource: 'Role',
+    permissions: [
+      {
+        key: 'Manage roles',
+        title: 'Manage roles',
+        description: 'Allows a user to create, modify and delete roles. (Enables the IAM view.)',
+        permission: 'manage',
+      },
+    ],
+  },
+  {
+    key: 'users',
+    title: 'Users',
+    resource: 'User',
+    permissions: [
+      {
+        key: 'Manage users',
+        title: 'Manage users',
+        description:
+          'Allows a user to create,, delete and enable/disable users. (Enables the IAM view.)',
+        permission: 'manage',
+      },
+
+      {
+        key: 'Manage roles of users',
+        title: 'Manage roles of users',
+        description:
+          'Allows a user to assign roles to a user and to remove roles from a user. (Enables the IAM view.)',
+        permission: 'manage-roles',
+      },
+    ],
+  },
+  {
+    key: 'settings',
+    title: 'SETTINGS',
+    resource: 'Setting',
+    permissions: [
+      {
+        key: 'Administrate settings',
+        title: 'Administrate settings',
+        description:
+          'Allows a user to administrate the settings of the Management System and the Engine. (Enables the Settings view.)',
+        permission: 'admin',
+      },
+    ],
+  },
+  {
+    key: 'environment_configurations',
+    title: 'Environment Configurations',
+    resource: 'EnvConfig',
+    permissions: [
+      {
+        key: 'Administrate environment configuration',
+        title: 'Administrate environment configuration',
+        description:
+          'Allows a user to administrate the environment configuration of the Management System. (Enables the Environment Configuration view.)',
+        permission: 'admin',
+      },
+    ],
+  },
+  {
+    key: 'all',
+    title: 'ALL',
+    resource: 'All',
+    permissions: [
+      {
+        key: 'Administrator Permissions',
+        title: 'Administrator Permissions',
+        description:
+          'Grants a user full administrator permissions for the PROCEED Management System.',
+        permission: 'admin',
+      },
+    ],
+  },
+];
+
+type Role = ApiData<'/roles', 'get'>[number];
+
+// permission mapping to verbs
+const PERMISSION_MAPPING = {
+  none: 0,
+  view: 1,
+  update: 2,
+  create: 4,
+  delete: 8,
+  manage: 16,
+  share: 32,
+  'manage-roles': 64,
+  'manage-groups': 128,
+  'manage-password': 256,
+  admin: 9007199254740991,
+};
+
+function permissionChecked(role: Role, subject: ResourceType, action: ResourceActionType) {
+  if (
+    !('permissions' in role && typeof role.permissions === 'object' && subject in role.permissions)
+  )
+    return false;
+
+  // @ts-ignore
+  const permissionNumber = role.permissions[subject];
+
+  return !!(PERMISSION_MAPPING[action] & permissionNumber);
+}
+
+const RolePermissions: FC<{ role: Role }> = ({ role }) => {
+  const { mutateAsync, isLoading } = usePutAsset('/roles/{id}');
+  const [form] = Form.useForm();
+
+  function updateRole(values: any) {
+    // TODO submit role
+    const newRole = {
+      description: role.description,
+      name: role.name,
+      permissions: role.permissions,
+      id: role.id,
+      note: role.note,
+      default: role.default,
+      members: role.members,
+      expiration: role.expiration,
+    };
+  }
+
+  return (
+    <Form form={form} onFinish={updateRole} disabled={isLoading}>
+      {basePermissionOptions.map((permissionCategory) => (
+        <>
+          <Typography.Title type="secondary" level={5}>
+            {permissionCategory.title}
+          </Typography.Title>
+          {permissionCategory.permissions.map((permission, idx) => (
+            <>
+              <Row key={permissionCategory.key} align="top" justify="space-between" wrap={false}>
+                <Space direction="vertical" size={0}>
+                  <Typography.Text strong>{permission.title}</Typography.Text>
+                  <Typography.Text type="secondary">{permission.description}</Typography.Text>
+                </Space>
+                <Form.Item name={`${permissionCategory.resource}-${permission.permission}`}>
+                  <Switch
+                    defaultChecked={permissionChecked(
+                      role,
+                      permissionCategory.resource,
+                      permission.permission,
+                    )}
+                  />
+                </Form.Item>
+              </Row>
+              {idx < permissionCategory.permissions.length - 1 && (
+                <Divider style={{ marginTop: '10px', marginBottom: '10px' }} />
+              )}
+            </>
+          ))}
+          <br />
+        </>
+      ))}
+      <Tooltip title="Save changes">
+        <FloatButton
+          type="primary"
+          icon={isLoading ? <Spin /> : <SaveOutlined />}
+          onClick={() => !isLoading && form.submit()}
+        />
+      </Tooltip>
+    </Form>
+  );
+};
+
+export default RolePermissions;
diff --git a/src/management-system-v2/app/(dashboard)/iam/roles/header-actions.tsx b/src/management-system-v2/app/(dashboard)/iam/roles/header-actions.tsx
new file mode 100644
index 000000000..f8ce62994
--- /dev/null
+++ b/src/management-system-v2/app/(dashboard)/iam/roles/header-actions.tsx
@@ -0,0 +1,196 @@
+'use client';
+
+import { ApiRequestBody, usePostAsset } from '@/lib/fetch-data';
+import { AuthCan } from '@/lib/iamComponents';
+import { ImportOutlined, PlusOutlined } from '@ant-design/icons';
+import { Button, Form, App, Input, Modal } from 'antd';
+import { ComponentProps, FC, ReactNode, useEffect, useState } from 'react';
+
+type PostUserField = keyof ApiRequestBody<'/users', 'post'>;
+
+const modalStructureWithoutPassword: {
+  dataKey: PostUserField;
+  label: string;
+  type: string;
+}[] = [
+  {
+    dataKey: 'firstName',
+    label: 'First Name',
+    type: 'text',
+  },
+  {
+    dataKey: 'lastName',
+    label: 'Last Name',
+    type: 'text',
+  },
+  {
+    dataKey: 'username',
+    label: 'Username Name',
+    type: 'text',
+  },
+  {
+    dataKey: 'email',
+    label: 'Email',
+    type: 'email',
+  },
+];
+
+const fieldNameToLabel: Record<PostUserField, string> = modalStructureWithoutPassword.reduce(
+  (acc, curr) => {
+    acc[curr.dataKey] = curr.label;
+    return acc;
+  },
+  {} as Record<PostUserField, string>,
+);
+
+const CreateUserModal: FC<{
+  modalOpen: boolean;
+  close: () => void;
+}> = ({ modalOpen, close }) => {
+  const [form] = Form.useForm();
+  const { message: messageApi } = App.useApp();
+  type ErrorsObject = { [field in PostUserField]?: ReactNode[] };
+  const [formatError, setFormatError] = useState<ErrorsObject>({});
+
+  const { mutateAsync: postUser, isLoading } = usePostAsset('/users', {
+    onError(e) {
+      if (!(typeof e === 'object' && e !== null && 'errors' in e)) {
+        return;
+      }
+
+      const errors: { [key in PostUserField]?: ReactNode[] } = {};
+
+      function appendError(key: PostUserField, error: string) {
+        error = error.replace(key, fieldNameToLabel[key]);
+
+        if (key in errors) {
+          errors[key]!.push(<p key={errors[key]?.length}>{error}</p>);
+        } else {
+          errors[key] = [<p key={0}>{error}</p>];
+        }
+      }
+
+      for (const error of e.errors as string[]) {
+        if (error.includes('username')) appendError('username', error);
+        else if (error.includes('email')) appendError('email', error);
+        else if (error.includes('firstName')) appendError('firstName', error);
+        else if (error.includes('lastName')) appendError('lastName', error);
+        else if (error.includes('password')) appendError('password', error);
+      }
+
+      setFormatError(errors);
+    },
+  });
+
+  useEffect(() => {
+    form.resetFields();
+    setFormatError({});
+  }, [form, modalOpen]);
+
+  const submitData = async (
+    values: Record<keyof ApiRequestBody<'/users', 'post'> | 'confirm_password', string>,
+  ) => {
+    debugger;
+    try {
+      await postUser({
+        body: {
+          email: values.email,
+          firstName: values.firstName,
+          lastName: values.lastName,
+          username: values.username,
+          password: values.password,
+        },
+      });
+      messageApi.success({ content: 'Account created' });
+      close();
+    } catch (e) {
+      messageApi.error({ content: 'An error ocurred' });
+    }
+  };
+
+  return (
+    <Modal open={modalOpen} onCancel={close} footer={null}>
+      <Form form={form} layout="vertical" onFinish={submitData}>
+        {modalStructureWithoutPassword.map((formField) => (
+          <Form.Item
+            key={formField.dataKey}
+            label={formField.label}
+            name={formField.dataKey}
+            validateStatus={formField.dataKey in formatError ? 'error' : ''}
+            help={formField.dataKey in formatError ? formatError[formField.dataKey] : ''}
+            hasFeedback
+            required
+          >
+            <Input type={formField.type} />
+          </Form.Item>
+        ))}
+
+        <Form.Item
+          name="password"
+          label="Password"
+          rules={[
+            {
+              required: true,
+              message: 'Please input your password!',
+            },
+          ]}
+          validateStatus={'password' in formatError ? 'error' : ''}
+          help={'password' in formatError ? formatError.password : ''}
+          hasFeedback
+        >
+          <Input.Password />
+        </Form.Item>
+
+        <Form.Item
+          name="confirm_password"
+          label="Confirm Password"
+          dependencies={['password']}
+          hasFeedback
+          rules={[
+            {
+              required: true,
+              message: 'Please confirm your password!',
+            },
+            ({ getFieldValue }) => ({
+              validator(_, value) {
+                if (!value || getFieldValue('password') === value) {
+                  return Promise.resolve();
+                }
+                return Promise.reject(new Error('The new password that you entered do not match!'));
+              },
+            }),
+          ]}
+        >
+          <Input.Password />
+        </Form.Item>
+
+        <Form.Item>
+          <Button type="primary" htmlType="submit" loading={isLoading}>
+            Submit
+          </Button>
+        </Form.Item>
+      </Form>
+    </Modal>
+  );
+};
+
+const HeaderActions: FC = () => {
+  const [createUserModalOpen, setCreateUserModalOpen] = useState(false);
+
+  return (
+    <>
+      <CreateUserModal
+        modalOpen={createUserModalOpen}
+        close={() => setCreateUserModalOpen(false)}
+      />
+
+      <AuthCan action="create" resource="User">
+        <Button type="primary" onClick={() => setCreateUserModalOpen(true)}>
+          <PlusOutlined /> Create
+        </Button>
+      </AuthCan>
+    </>
+  );
+};
+
+export default HeaderActions;
diff --git a/src/management-system-v2/app/(dashboard)/iam/roles/page.tsx b/src/management-system-v2/app/(dashboard)/iam/roles/page.tsx
index 5ca3a2018..8826f0a89 100644
--- a/src/management-system-v2/app/(dashboard)/iam/roles/page.tsx
+++ b/src/management-system-v2/app/(dashboard)/iam/roles/page.tsx
@@ -1,3 +1,151 @@
-export default function RolesPage() {
-  return <h2>Coming soon</h2>;
-}
+'use client';
+
+import React, { FC, useState } from 'react';
+import styles from '@/components/processes.module.scss';
+import cn from 'classnames';
+import { DeleteOutlined } from '@ant-design/icons';
+import { Tooltip, Space, Row, Col, Button, Input, Result, Table, Popconfirm, App } from 'antd';
+import { useGetAsset, useDeleteAsset, ApiData } from '@/lib/fetch-data';
+import { CloseOutlined } from '@ant-design/icons';
+import Auth from '@/lib/AuthCanWrapper';
+import Content from '@/components/content';
+import HeaderActions from './header-actions';
+import useFuzySearch from '@/lib/useFuzySearch';
+import { AuthCan } from '@/lib/iamComponents';
+import Link from 'next/link';
+import { toCaslResource } from '@/lib/ability/caslAbility';
+
+type Role = ApiData<'/roles', 'get'>[number];
+
+const RolesPage: FC = () => {
+  const { message: messageApi } = App.useApp();
+
+  const { error, data: roles, isLoading, refetch: refetchRoles } = useGetAsset('/roles', {});
+  const { mutateAsync: deleteRole, isLoading: deletingRole } = useDeleteAsset('/roles/{id}', {
+    onSuccess: () => refetchRoles(),
+    onError: () => messageApi.open({ type: 'error', content: 'Something went wrong' }),
+  });
+
+  const {
+    searchQuery,
+    setSearchQuery,
+    filteredData: filteredRoles,
+  } = useFuzySearch(roles || [], ['name'], {
+    useSearchParams: false,
+  });
+
+  const [selectedRowKeys, setSelectedRowKeys] = useState<string[]>([]);
+
+  async function deleteRoles(userIds: string[]) {
+    setSelectedRowKeys([]);
+    await Promise.allSettled(userIds.map((id) => deleteRole({ params: { path: { id } } })));
+  }
+
+  const columns = [
+    {
+      title: 'Name',
+      dataIndex: 'name',
+      key: 'display',
+      render: (name: string, role: Role) => <Link href={`/iam/roles/${role.id}`}>{name}</Link>,
+    },
+    {
+      title: 'Members',
+      dataIndex: 'members',
+      render: (_: any, record: Role) => record.members.length,
+      key: 'username',
+    },
+    {
+      dataIndex: 'id',
+      key: 'tooltip',
+      title: '',
+      with: 100,
+      render: (id: string, role: Role) =>
+        selectedRowKeys.length === 0 ? (
+          <AuthCan action="delete" resource={toCaslResource('Role', role)}>
+            <Tooltip placement="top" title={'Delete'}>
+              <Popconfirm
+                title="Delete User"
+                description="Are you sure you want to delete this user?"
+                onConfirm={() => deleteRoles([id])}
+              >
+                <Button icon={<DeleteOutlined />} type="text" />
+              </Popconfirm>
+            </Tooltip>
+          </AuthCan>
+        ) : null,
+    },
+  ];
+
+  if (error)
+    return (
+      <Result
+        status="error"
+        title="Failed to fetch roles"
+        subTitle="An error ocurred while fetching roles, please try again."
+      />
+    );
+
+  return (
+    <Content title="Identity and Access Management" rightNode={<HeaderActions />}>
+      <Row className={styles.Headerrow}>
+        <Col
+          xs={24}
+          sm={24}
+          md={24}
+          lg={10}
+          xl={6}
+          className={cn({ [styles.SelectedRow]: selectedRowKeys.length > 0 })}
+          style={{
+            justifyContent: 'start',
+          }}
+        >
+          {selectedRowKeys.length > 0 ? (
+            <Space size={20}>
+              <Button type="text" icon={<CloseOutlined />} onClick={() => setSelectedRowKeys([])} />
+              <span>{selectedRowKeys.length} selected: </span>
+              <Popconfirm
+                title="Delete User"
+                description="Are you sure you want to delete this user?"
+                onConfirm={() => deleteRoles(selectedRowKeys)}
+              >
+                <Button type="text" icon={<DeleteOutlined />} />
+              </Popconfirm>
+            </Space>
+          ) : null}
+        </Col>
+        <Col className={styles.Headercol} xs={22} sm={22} md={22} lg={9} xl={13}>
+          <Input.Search
+            size="middle"
+            value={searchQuery}
+            onChange={(e) => setSearchQuery(e.target.value)}
+            allowClear
+            placeholder="Search Users"
+          />
+        </Col>
+      </Row>
+
+      <Table
+        columns={columns}
+        dataSource={filteredRoles}
+        rowSelection={{
+          selectedRowKeys,
+          onChange: (selectedRowKeys: React.Key[]) => {
+            setSelectedRowKeys(selectedRowKeys as string[]);
+          },
+        }}
+        rowKey="id"
+        loading={isLoading || deletingRole}
+        size="middle"
+      />
+    </Content>
+  );
+};
+
+export default Auth(
+  {
+    action: 'manage',
+    resource: 'User',
+    fallbackRedirect: '/',
+  },
+  RolesPage,
+);
diff --git a/src/management-system-v2/app/(dashboard)/iam/users/header-actions.tsx b/src/management-system-v2/app/(dashboard)/iam/users/header-actions.tsx
index f8ce62994..465aa49e4 100644
--- a/src/management-system-v2/app/(dashboard)/iam/users/header-actions.tsx
+++ b/src/management-system-v2/app/(dashboard)/iam/users/header-actions.tsx
@@ -90,7 +90,6 @@ const CreateUserModal: FC<{
   const submitData = async (
     values: Record<keyof ApiRequestBody<'/users', 'post'> | 'confirm_password', string>,
   ) => {
-    debugger;
     try {
       await postUser({
         body: {
diff --git a/src/management-system-v2/app/(dashboard)/iam/users/page.tsx b/src/management-system-v2/app/(dashboard)/iam/users/page.tsx
index 60bd970b0..2838cce6f 100644
--- a/src/management-system-v2/app/(dashboard)/iam/users/page.tsx
+++ b/src/management-system-v2/app/(dashboard)/iam/users/page.tsx
@@ -1,149 +1,68 @@
 'use client';
 
-import React, { FC, useMemo, useState } from 'react';
-import styles from '@/components/processes.module.scss';
-import cn from 'classnames';
+import { FC } from 'react';
 import { DeleteOutlined } from '@ant-design/icons';
-import {
-  Tooltip,
-  Space,
-  Avatar,
-  Row,
-  Col,
-  Button,
-  Input,
-  Result,
-  Table,
-  Popconfirm,
-  App,
-} from 'antd';
+import { Tooltip, Button, Popconfirm, App } from 'antd';
 import { useGetAsset, useDeleteAsset } from '@/lib/fetch-data';
-import { CloseOutlined } from '@ant-design/icons';
 import Auth from '@/lib/AuthCanWrapper';
 import Content from '@/components/content';
 import HeaderActions from './header-actions';
-import useFuzySearch from '@/lib/useFuzySearch';
-import Bar from '@/components/bar';
+import UserList from '@/components/user-list';
+import { useQueryClient } from '@tanstack/react-query';
 
 const UsersPage: FC = () => {
-  const { error, data, isLoading, refetch: refetchUsers } = useGetAsset('/users', {});
   const { message: messageApi } = App.useApp();
+  const queryClient = useQueryClient();
+
+  const { error, data, isLoading } = useGetAsset('/users', {});
   const { mutateAsync: deleteUser, isLoading: deletingUser } = useDeleteAsset('/users/{id}', {
-    onSuccess: () => refetchUsers(),
     onError: () => messageApi.open({ type: 'error', content: 'Something went wrong' }),
+    onSuccess: async () => await queryClient.invalidateQueries(['/users']),
   });
 
-  const { searchQuery, setSearchQuery, filteredData } = useFuzySearch(
-    data || [],
-    ['firstName', 'lastName', 'username', 'email'],
-    { useSearchParams: false },
-  );
-
-  const filteredUsers = useMemo(() => {
-    return filteredData.map((user) => ({
-      ...user,
-      display: (
-        <Space size={16}>
-          <Avatar src={user.picture} />
-          <span>
-            {user.firstName} {user.lastName}
-          </span>
-        </Space>
-      ),
-    }));
-  }, [filteredData]);
-
-  const [selectedRowKeys, setSelectedRowKeys] = useState<string[]>([]);
-
-  async function deleteUsers(userIds: string[]) {
-    setSelectedRowKeys([]);
-    await Promise.allSettled(userIds.map((id) => deleteUser({ params: { path: { id } } })));
+  async function deleteUsers(ids: string[], unsetIds?: () => void) {
+    if (unsetIds) unsetIds();
+    const promises = ids.map((id) => deleteUser({ params: { path: { id } } }));
+    await Promise.allSettled(promises);
   }
 
   const columns = [
-    {
-      title: 'Account',
-      dataIndex: 'display',
-      key: 'display',
-    },
-    {
-      title: 'Username',
-      dataIndex: 'username',
-      key: 'username',
-    },
-    {
-      title: 'Email Adress',
-      dataIndex: 'email',
-      key: 'email',
-    },
     {
       dataIndex: 'id',
       key: 'tooltip',
       title: '',
-      with: 100,
-      render: (id: string) =>
-        selectedRowKeys.length === 0 ? (
-          <Tooltip placement="top" title={'Delete'}>
-            <Popconfirm
-              title="Delete User"
-              description="Are you sure you want to delete this user?"
-              onConfirm={() => deleteUsers([id])}
-            >
-              <Button icon={<DeleteOutlined />} type="text" />
-            </Popconfirm>
-          </Tooltip>
-        ) : undefined,
+      width: 100,
+      render: (id: string) => (
+        <Tooltip placement="top" title="Delete">
+          <Popconfirm
+            title="Delete User"
+            description="Are you sure you want to delete this user?"
+            onConfirm={() => deleteUsers([id])}
+          >
+            <Button icon={<DeleteOutlined />} type="text" />
+          </Popconfirm>
+        </Tooltip>
+      ),
     },
   ];
 
-  if (error)
-    return (
-      <Content title="Identity and Access Management">
-        <Result
-          status="error"
-          title="Failed to fetch your profile"
-          subTitle="An error ocurred while fetching your profile, please try again."
-        />
-      </Content>
-    );
-
   return (
     <Content title="Identity and Access Management">
-      <Bar
-        leftNode={
-          selectedRowKeys.length ? (
-            <Space size={20}>
-              <Button type="text" icon={<CloseOutlined />} onClick={() => setSelectedRowKeys([])} />
-              <span>{selectedRowKeys.length} selected: </span>
-              <Popconfirm
-                title="Delete User"
-                description="Are you sure you want to delete this user?"
-                onConfirm={() => deleteUsers(selectedRowKeys)}
-              >
-                <Button type="text" icon={<DeleteOutlined />} />
-              </Popconfirm>
-            </Space>
-          ) : undefined
-        }
-        searchProps={{
-          value: searchQuery,
-          onChange: (e) => setSearchQuery(e.target.value),
-          placeholder: 'Search Users ...',
-        }}
-        rightNode={<HeaderActions />}
-      />
-      <Table
+      <UserList
+        users={data || []}
+        error={!!error}
         columns={columns}
-        dataSource={filteredUsers}
-        rowSelection={{
-          selectedRowKeys,
-          onChange: (selectedRowKeys: React.Key[]) => {
-            setSelectedRowKeys(selectedRowKeys as string[]);
-          },
-        }}
-        rowKey="id"
-        loading={isLoading || deletingUser}
-        size="middle"
+        loading={deletingUser || isLoading}
+        selectedRowActions={(ids, clearIds) => (
+          <Popconfirm
+            title="Delete Users"
+            description="Are you sure you want to delete the selected users?"
+            onConfirm={() => deleteUsers(ids, clearIds)}
+          >
+            <Button type="text" icon={<DeleteOutlined />} />
+          </Popconfirm>
+        )}
+        searchBarRightNode={<HeaderActions />}
       />
     </Content>
   );
diff --git a/src/management-system-v2/components/app.tsx b/src/management-system-v2/components/app.tsx
index d8593d4b0..e2e29ea26 100644
--- a/src/management-system-v2/components/app.tsx
+++ b/src/management-system-v2/components/app.tsx
@@ -13,8 +13,8 @@ const App: FC<PropsWithChildren> = ({ children }) => {
   return (
     <QueryClientProvider client={queryClient}>
       <ReactQueryDevtools initialIsOpen={false} />
-      <AuthCallbackListener />
       <AntDesignApp>
+        <AuthCallbackListener />
         <Theme>{children}</Theme>
       </AntDesignApp>
     </QueryClientProvider>
diff --git a/src/management-system-v2/components/layout.tsx b/src/management-system-v2/components/layout.tsx
index daec1152a..422cac39e 100644
--- a/src/management-system-v2/components/layout.tsx
+++ b/src/management-system-v2/components/layout.tsx
@@ -52,7 +52,7 @@ const items: MenuProps['items'] = [
  */
 const Layout: FC<PropsWithChildren> = ({ children }) => {
   const router = useRouter();
-  const activeSegment = usePathname().split('/')[1] || 'processes';
+  const activeSegment = usePathname().slice(1) || 'processes';
   const [collapsed, setCollapsed] = useState(false);
   const ability = useAuthStore((state) => state.ability);
   const loggedIn = useAuthStore((state) => state.loggedIn);
diff --git a/src/management-system-v2/components/user-list.tsx b/src/management-system-v2/components/user-list.tsx
new file mode 100644
index 000000000..f0169463d
--- /dev/null
+++ b/src/management-system-v2/components/user-list.tsx
@@ -0,0 +1,125 @@
+'use client';
+
+import React, { ComponentProps, FC, ReactNode, useMemo, useState } from 'react';
+import { Space, Avatar, Button, Table, Result } from 'antd';
+import { CloseOutlined } from '@ant-design/icons';
+import useFuzySearch from '@/lib/useFuzySearch';
+import Bar from '@/components/bar';
+import { ApiData } from '@/lib/fetch-data';
+
+const defaultColumns = [
+  {
+    title: 'Account',
+    dataIndex: 'display',
+    key: 'display',
+  },
+  {
+    title: 'Username',
+    dataIndex: 'username',
+    key: 'username',
+  },
+  {
+    title: 'Email Adress',
+    dataIndex: 'email',
+    key: 'email',
+  },
+];
+
+type User = ApiData<'/users', 'get'>[number];
+type ListUser = Partial<Omit<User, 'id' | 'firstName' | 'lastName' | 'username' | 'email'>> &
+  Pick<User, 'id' | 'firstName' | 'lastName' | 'username' | 'email'> & {};
+type Column = Exclude<ComponentProps<typeof Table<ListUser>>['columns'], undefined>;
+
+export type UserListProps = {
+  users: ListUser[];
+  columns?: Column | ((clearSelected: () => void) => Column);
+  selectedRowActions?: (ids: string[], clearSelected: () => void, users: ListUser[]) => ReactNode;
+  error?: boolean;
+  searchBarRightNode?: ReactNode;
+  loading?: boolean;
+};
+
+const UserList: FC<UserListProps> = ({
+  users,
+  columns,
+  selectedRowActions,
+  error,
+  searchBarRightNode,
+  loading,
+}) => {
+  const { searchQuery, setSearchQuery, filteredData } = useFuzySearch(
+    users,
+    ['firstName', 'lastName', 'username', 'email'],
+    { useSearchParams: false },
+  );
+
+  const [selectedRowKeys, setSelectedRowKeys] = useState<string[]>([]);
+  const [selectedRows, setSelectedRows] = useState<typeof users>([]);
+
+  const tableColums = useMemo(() => {
+    if (!columns) return defaultColumns;
+
+    if (typeof columns === 'function')
+      return [...defaultColumns, ...columns(() => setSelectedRowKeys([]))];
+    else return [...defaultColumns, ...columns];
+  }, [columns]);
+
+  if (error)
+    <Result
+      status="error"
+      title="Failed fetch to users"
+      subTitle="An error ocurred while fetching users"
+    />;
+
+  return (
+    <>
+      <Bar
+        leftNode={
+          selectedRowKeys.length ? (
+            <Space size={20}>
+              <Button type="text" icon={<CloseOutlined />} onClick={() => setSelectedRowKeys([])} />
+              <span>{selectedRowKeys.length} selected: </span>
+              {selectedRowActions
+                ? selectedRowActions(selectedRowKeys, () => setSelectedRowKeys([]), selectedRows)
+                : null}
+            </Space>
+          ) : undefined
+        }
+        searchProps={{
+          value: searchQuery,
+          onChange: (e) => setSearchQuery(e.target.value),
+          placeholder: 'Search Users ...',
+        }}
+        rightNode={searchBarRightNode ? searchBarRightNode : null}
+      />
+      <Table
+        columns={tableColums}
+        dataSource={filteredData.map((user) => ({
+          ...user,
+          display: (
+            <Space size={16}>
+              <Avatar src={user.picture}>
+                {user.picture ? null : user.firstName.slice(0, 1) + user.lastName.slice(0, 1)}
+              </Avatar>
+              <span>
+                {user.firstName} {user.lastName}
+              </span>
+            </Space>
+          ),
+        }))}
+        rowSelection={{
+          selectedRowKeys,
+          onChange: (selectedRowKeys: React.Key[], selectedObjects: typeof users) => {
+            setSelectedRowKeys(selectedRowKeys as string[]);
+            setSelectedRows(selectedObjects);
+          },
+        }}
+        rowKey="id"
+        loading={loading}
+        size="middle"
+      />
+    </>
+  );
+};
+
+export default UserList;
diff --git a/src/management-system-v2/components/userProfile.tsx b/src/management-system-v2/components/userProfile.tsx
index 4d230bd35..de35ee482 100644
--- a/src/management-system-v2/components/userProfile.tsx
+++ b/src/management-system-v2/components/userProfile.tsx
@@ -85,6 +85,8 @@ const UserDataModal: FC<{
           email: userData.email,
           firstName: userData.firstName,
           lastName: userData.lastName,
+          firstName: userData.firstName,
+          lastName: userData.lastName,
           username: userData.username,
           ...values,
         };
@@ -225,14 +227,11 @@ const UserProfile: FC = () => {
 
   async function deleteUser() {
     try {
-      // Since this should only be callable once the user was loaded, we can assume that the user is not false.
-      if (user && user.sub) {
-        await deleteUserMutation({
-          params: { path: { id: user.sub } },
-        });
-        messageApi.success({ content: 'Your account was deleted' });
-        logout();
-      }
+      await deleteUserMutation({
+        params: { path: { id: user && user.sub } },
+      });
+      messageApi.success({ content: 'Your account was deleted' });
+      logout();
     } catch (e) {
       messageApi.error({ content: 'An error ocurred' });
     }
diff --git a/src/management-system-v2/lib/ability/abilityHelper.ts b/src/management-system-v2/lib/ability/abilityHelper.ts
index b538e09de..87d5b823f 100644
--- a/src/management-system-v2/lib/ability/abilityHelper.ts
+++ b/src/management-system-v2/lib/ability/abilityHelper.ts
@@ -1,13 +1,14 @@
 import { PackRule, unpackRules } from '@casl/ability/extra';
-import { AbilityRule, CaslAbility, ResourceType, buildAbility } from './caslAbility';
-import { subject } from '@casl/ability';
+import {
+  AbilityRule,
+  CaslAbility,
+  ResourceType,
+  buildAbility,
+  toCaslResource,
+} from './caslAbility';
 
 type CanParams = Parameters<CaslAbility['can']>;
 
-export function toCaslResource(resource: ResourceType, object: any) {
-  return subject(resource, object);
-}
-
 export default class Ability {
   caslAbility: CaslAbility;
 
@@ -24,7 +25,7 @@ export default class Ability {
     return true;
   }
 
-  filter(action: CanParams[0] | CanParams[0][], resource: CanParams[1], array: any[]) {
+  filter(action: CanParams[0] | CanParams[0][], resource: ResourceType, array: any[]) {
     return array.filter((resourceInstance) =>
       this.can(action, toCaslResource(resource, resourceInstance)),
     );
diff --git a/src/management-system-v2/lib/ability/caslAbility.ts b/src/management-system-v2/lib/ability/caslAbility.ts
index f2e25e0d6..98a4d2c32 100644
--- a/src/management-system-v2/lib/ability/caslAbility.ts
+++ b/src/management-system-v2/lib/ability/caslAbility.ts
@@ -4,6 +4,7 @@ import {
   PureAbility,
   RawRuleOf,
   fieldPatternMatcher,
+  subject,
 } from '@casl/ability';
 
 export const resources = [
@@ -150,7 +151,10 @@ function conditionsMatcher(conditionsObject: ConditionsObject) {
   return combineFunctions(conditionsForResource, conditionsObject.conditionsOperator || 'and');
 }
 
-export type CaslAbility = PureAbility<[ResourceActionType, ResourceType], ConditionsObject>;
+export type CaslAbility = PureAbility<
+  [ResourceActionType, ResourceType | Record<PropertyKey, any>],
+  ConditionsObject
+>;
 export type AbilityRule = RawRuleOf<CaslAbility>;
 
 // beware: casl usually uses 'manage' as a wildcard
@@ -179,3 +183,10 @@ export function buildAbility(rules: AbilityRule[]) {
 
   return ability;
 }
+
+export function toCaslResource<T extends Record<PropertyKey, any>>(
+  resource: ResourceType,
+  object: T,
+) {
+  return subject(resource, object);
+}
diff --git a/src/management-system-v2/lib/fetch-data.ts b/src/management-system-v2/lib/fetch-data.ts
index d2ccb64e0..e836e47b1 100644
--- a/src/management-system-v2/lib/fetch-data.ts
+++ b/src/management-system-v2/lib/fetch-data.ts
@@ -9,7 +9,7 @@ import {
 import createClient, { FetchOptions } from 'openapi-fetch';
 import { FilterKeys } from 'openapi-typescript-helpers';
 import { paths } from './openapiSchema';
-import { useMemo } from 'react';
+import { useCallback, useMemo } from 'react';
 
 const BASE_URL = process.env.API_URL;
 
@@ -80,23 +80,40 @@ export type ApiData<
     : unknown
   : unknown;
 
+function getKeys(path: any, params: any) {
+  const keys = [path];
+
+  if (
+    typeof params === 'object' &&
+    'params' in params &&
+    typeof params.params === 'object' &&
+    'path' in params.params
+  ) {
+    keys.push(params.params.path as any);
+  }
+
+  return keys;
+}
+
+type PathParamsToList<T> = T extends { params: { path: any } } ? [T] : [];
+
+export function useInvalidateAsset<
+  TFirstParam extends Parameters<typeof apiClient.GET>[0],
+  TSecondParam extends Parameters<typeof apiClient.GET<TFirstParam>>[1],
+>(path: TFirstParam, ...params: PathParamsToList<TSecondParam>) {
+  const queryClient = useQueryClient();
+
+  return useCallback(
+    () => queryClient.invalidateQueries(getKeys(path, params)),
+    [path, params, queryClient],
+  );
+}
+
 export function useGetAsset<
   TFirstParam extends Parameters<typeof apiClient.GET>[0],
   TSecondParam extends Parameters<typeof apiClient.GET<TFirstParam>>[1],
 >(path: TFirstParam, params: TSecondParam, reactQueryOptions?: Omit<UseQueryOptions, 'queryFn'>) {
-  const keys = useMemo(() => {
-    const keys = [path];
-    if (
-      typeof params === 'object' &&
-      'params' in params &&
-      typeof params.params === 'object' &&
-      'path' in params.params
-    ) {
-      keys.push(params.params.path as any);
-    }
-
-    return keys;
-  }, [path, params]);
+  const keys = useMemo(() => getKeys(path, params), [path, params]);
 
   type Data = QueryData<typeof apiClient.GET<TFirstParam>> | undefined;
 
@@ -127,17 +144,7 @@ export function usePostAsset<TFirstParam extends Parameters<typeof apiClient.POS
     mutationFn: async (body: FetchOptions<FilterKeys<paths[TFirstParam], 'post'>>) => {
       const { data } = await post(path, body);
 
-      const keys: any[] = [path];
-      if (
-        typeof body === 'object' &&
-        'params' in body &&
-        typeof body.params === 'object' &&
-        'path' in body.params
-      ) {
-        keys.push(body.params.path);
-      }
-
-      queryClient.invalidateQueries(keys);
+      queryClient.invalidateQueries(getKeys(path, body));
 
       return data as QueryData<typeof apiClient.POST<TFirstParam>>;
     },
@@ -165,17 +172,7 @@ export function usePutAsset<TFirstParam extends Parameters<typeof apiClient.PUT>
 
       const { data } = await put(path, body);
 
-      const keys: any[] = [path];
-      if (
-        typeof body === 'object' &&
-        'params' in body &&
-        typeof body.params === 'object' &&
-        'path' in body.params
-      ) {
-        keys.push(body.params.path);
-      }
-
-      queryClient.invalidateQueries(keys);
+      queryClient.invalidateQueries(getKeys(path, body));
 
       return data as QueryData<typeof apiClient.PUT<TFirstParam>>;
     },
@@ -199,17 +196,7 @@ export const useDeleteAsset = <TFirstParam extends Parameters<typeof apiClient.D
     mutationFn: async (body: FetchOptions<FilterKeys<paths[TFirstParam], 'delete'>>) => {
       const { data } = await del(path, body);
 
-      const keys: any[] = [path];
-      if (
-        typeof body === 'object' &&
-        'params' in body &&
-        typeof body.params === 'object' &&
-        'path' in body.params
-      ) {
-        keys.push(body.params.path);
-      }
-
-      queryClient.invalidateQueries(keys);
+      queryClient.invalidateQueries(getKeys(path, body));
 
       return data as QueryData<typeof apiClient.DELETE<TFirstParam>>;
     },
diff --git a/src/management-system-v2/lib/iamComponents.tsx b/src/management-system-v2/lib/iamComponents.tsx
index 222dd8b5f..75b63ce2e 100644
--- a/src/management-system-v2/lib/iamComponents.tsx
+++ b/src/management-system-v2/lib/iamComponents.tsx
@@ -12,9 +12,10 @@ import {
 } from 'react';
 import { useRouter } from 'next/navigation';
 import { Route } from 'next';
-import { ResourceActionType, ResourceType } from '../lib/ability/caslAbility';
+import { CaslAbility, ResourceActionType, ResourceType } from '../lib/ability/caslAbility';
 import { handleOauthCallback, useAuthStore } from './iam';
 import { App } from 'antd';
+import { Ability } from '@casl/ability';
 
 export const AuthCallbackListener: FC = () => {
   const oauthCallback = useAuthStore((store) => store.oauthCallback);
@@ -57,9 +58,10 @@ export const AuthCallbackListener: FC = () => {
   return null;
 };
 
+type CanParams = Parameters<CaslAbility['can']>;
 export type AuthCanProps = PropsWithChildren<{
   action: ResourceActionType | ResourceActionType[];
-  resource: ResourceType | ResourceType[];
+  resource: CanParams[1] | CanParams[1][];
   notLoggedIn?: ReactNode;
   fallback?: ReactNode;
   fallbackRedirect?: Route;
diff --git a/src/management-system-v2/lib/openapiSchema.ts b/src/management-system-v2/lib/openapiSchema.ts
index 59e8de1f2..a66d3b652 100644
--- a/src/management-system-v2/lib/openapiSchema.ts
+++ b/src/management-system-v2/lib/openapiSchema.ts
@@ -153,7 +153,7 @@ export interface paths {
       };
     };
   };
-  '/role-mappings/users/{userId}/{roleId}': {
+  '/role-mappings/users/{userId}/roles/{roleId}': {
     /** @description Delete role mapping. */
     delete: operations['deleteRoleMappingByIdByUserId'];
     parameters: {
@@ -195,7 +195,6 @@ export interface components {
     };
     /** processData */
     processData: {
-      description?: string;
       departments?: string[];
       /** @description The variables supposed to be used in the process */
       variables?: {
@@ -246,7 +245,7 @@ export interface components {
       | 'versions'
     >;
     processVersion: {
-      version: number;
+      version: string;
       name: string;
       description: string;
     };
@@ -340,7 +339,7 @@ export interface components {
       /** Format: email */
       email: string;
       username: string;
-      firstName: string;
+      'firstName ': string;
       lastName: string;
     };
     /** user */
@@ -395,7 +394,7 @@ export interface components {
       members?: {
         userId: string;
         username: string;
-        fisrtName: string;
+        firstName: string;
         lastName: string;
         email: string;
       }[];
@@ -423,8 +422,8 @@ export interface components {
     >;
     /** roleMappingData */
     roleMappingData: {
-      roleId?: string;
-      userId?: string;
+      roleId: string;
+      userId: string;
     };
     /** roleMappingMetaData */
     roleMappingMetaData: {
@@ -550,6 +549,8 @@ export interface components {
   pathItems: never;
 }
 
+export type $defs = Record<string, never>;
+
 export type external = Record<string, never>;
 
 export interface operations {
@@ -571,7 +572,9 @@ export interface operations {
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
       /** @description Failed to get processes */
-      500: never;
+      500: {
+        content: never;
+      };
     };
   };
   /** @description Post a process. */
@@ -600,11 +603,15 @@ export interface operations {
         };
       };
       /** @description The body of the request does not conform to the schma of a process */
-      400: never;
+      400: {
+        content: never;
+      };
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
       /** @description Failed to create the process due an internal error */
-      500: never;
+      500: {
+        content: never;
+      };
     };
   };
   /** @description Get a porcess by it's id. */
@@ -621,11 +628,15 @@ export interface operations {
         };
       };
       /** @description Error getting the bpmn of the process */
-      400: never;
+      400: {
+        content: never;
+      };
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
       /** @description No Process with the given definitionId was found */
-      404: never;
+      404: {
+        content: never;
+      };
     };
   };
   /** @description Updates a **partial** set of properties (this means, that arbitrarily many properties can be left out). */
@@ -655,10 +666,14 @@ export interface operations {
         };
       };
       /** @description Request body doesn't contain a partial set of key:value properties of the Process scheme */
-      400: never;
+      400: {
+        content: never;
+      };
       403: components['responses']['403_validationFailed'];
       /** @description No Process with the given definitionId was found */
-      404: never;
+      404: {
+        content: never;
+      };
     };
   };
   /** @description Delete a process. */
@@ -670,10 +685,14 @@ export interface operations {
     };
     responses: {
       /** @description Process deleted succesfuly */
-      200: never;
+      200: {
+        content: never;
+      };
       403: components['responses']['403_validationFailed'];
       /** @description No Process with the given definitionId was found */
-      404: never;
+      404: {
+        content: never;
+      };
     };
   };
   /** @description Get all the versions of a process. */
@@ -693,7 +712,9 @@ export interface operations {
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
       /** @description No Process with the given definitionId was found */
-      404: never;
+      404: {
+        content: never;
+      };
     };
   };
   /** @description Post a new version of a process. */
@@ -713,9 +734,13 @@ export interface operations {
     };
     responses: {
       /** @description OK */
-      200: never;
+      200: {
+        content: never;
+      };
       /** @description Bad Request */
-      400: never;
+      400: {
+        content: never;
+      };
       403: components['responses']['403_validationFailed'];
     };
   };
@@ -736,7 +761,9 @@ export interface operations {
         };
       };
       /** @description {definitionId} or {version} are wrong */
-      400: never;
+      400: {
+        content: never;
+      };
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
     };
@@ -771,7 +798,7 @@ export interface operations {
     requestBody?: {
       content: {
         'application/json': {
-          [key: string]: components['schemas']['image'] | undefined;
+          [key: string]: components['schemas']['image'];
         };
       };
     };
@@ -787,7 +814,9 @@ export interface operations {
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
       /** @description Not Found */
-      404: never;
+      404: {
+        content: never;
+      };
     };
   };
   /** @description Get all user tasks used in a process. */
@@ -849,9 +878,13 @@ export interface operations {
     };
     responses: {
       /** @description User task HTML updated */
-      200: never;
+      200: {
+        content: never;
+      };
       /** @description User task HTML created in the server */
-      201: never;
+      201: {
+        content: never;
+      };
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
     };
@@ -867,7 +900,9 @@ export interface operations {
     };
     responses: {
       /** @description The request returns 200 wether the userTaskFile exists or not */
-      200: never;
+      200: {
+        content: never;
+      };
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
     };
@@ -906,7 +941,9 @@ export interface operations {
     };
     responses: {
       /** @description Created */
-      201: never;
+      201: {
+        content: never;
+      };
       /** @description Bad Request */
       400: {
         content: {
@@ -956,7 +993,9 @@ export interface operations {
     };
     responses: {
       /** @description OK */
-      200: never;
+      200: {
+        content: never;
+      };
       /** @description Possible causes: The body of the request is not a JSON object or the machine is not stored and thus can't be changed. */
       400: {
         content: {
@@ -983,7 +1022,9 @@ export interface operations {
     };
     responses: {
       /** @description OK (This is the response, even if the machine is not known) */
-      200: never;
+      200: {
+        content: never;
+      };
       401: components['responses']['401_unauthenticated'];
       /** @description The machine is known through the discovery and not stored. It can't be removed! */
       403: {
@@ -1003,7 +1044,9 @@ export interface operations {
         };
       };
       /** @description Bad Request */
-      400: never;
+      400: {
+        content: never;
+      };
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
     };
@@ -1016,7 +1059,7 @@ export interface operations {
           /** Format: email */
           email: string;
           username: string;
-          lastName?: string;
+          lastName: string;
           firstName: string;
           password: string;
         };
@@ -1024,7 +1067,9 @@ export interface operations {
     };
     responses: {
       /** @description OK */
-      200: never;
+      200: {
+        content: never;
+      };
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
     };
@@ -1069,7 +1114,9 @@ export interface operations {
     };
     responses: {
       /** @description No Content */
-      204: never;
+      204: {
+        content: never;
+      };
       /** @description Bad Request */
       400: {
         content: {
@@ -1090,7 +1137,9 @@ export interface operations {
     };
     responses: {
       /** @description No Content */
-      204: never;
+      204: {
+        content: never;
+      };
       /** @description Bad Request */
       400: {
         content: {
@@ -1138,13 +1187,7 @@ export interface operations {
       /** @description OK */
       200: {
         content: {
-          'application/json': components['schemas']['roleResponse'];
-        };
-      };
-      /** @description No Content */
-      204: {
-        content: {
-          'application/json': unknown[];
+          'application/json': components['schemas']['roleResponse'][];
         };
       };
       401: components['responses']['401_unauthenticated'];
@@ -1239,7 +1282,9 @@ export interface operations {
     };
     responses: {
       /** @description No Content */
-      204: never;
+      204: {
+        content: never;
+      };
       400: components['responses']['400_Error_Json'];
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
@@ -1272,15 +1317,19 @@ export interface operations {
   postRoleMapping: {
     requestBody?: {
       content: {
-        'application/json': WithRequired<
-          components['schemas']['roleMappingData'],
-          'roleId' | 'userId'
-        >[];
+        'application/json': (components['schemas']['roleMappingData'] & {
+          username: string;
+          firstName: string;
+          lastName: string;
+          email: string;
+        })[];
       };
     };
     responses: {
       /** @description Created */
-      201: never;
+      201: {
+        content: never;
+      };
       400: components['responses']['400_error_message'];
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
@@ -1317,7 +1366,9 @@ export interface operations {
     };
     responses: {
       /** @description Role deleted */
-      204: never;
+      204: {
+        content: never;
+      };
       /** @description Bad Request */
       400: {
         content: {
@@ -1362,7 +1413,9 @@ export interface operations {
       401: components['responses']['401_unauthenticated'];
       403: components['responses']['403_validationFailed'];
       /** @description Not Found */
-      404: never;
+      404: {
+        content: never;
+      };
     };
   };
 }
diff --git a/src/management-system-v2/lib/useFuzySearch.ts b/src/management-system-v2/lib/useFuzySearch.ts
index 36b27db46..29a7f89e5 100644
--- a/src/management-system-v2/lib/useFuzySearch.ts
+++ b/src/management-system-v2/lib/useFuzySearch.ts
@@ -22,8 +22,7 @@ export default function useFuzySearch<TData extends Record<string, any>>(
   const searchParams = useSearchParams();
 
   const [searchQuery, setSearchQuery] = useState(
-    searchParams.get(fuzzySearchOptions.useSearchParams ? fuzzySearchOptions.queryName : '') ??
-      undefined,
+    searchParams.get(fuzzySearchOptions.useSearchParams ? fuzzySearchOptions.queryName : ''),
   );
   const debouncedSearchQuery = useDebounce(searchQuery, 200, fuzzySearchOptions.useSearchParams);
 
diff --git a/src/management-system/src/backend/openapi.json b/src/management-system/src/backend/openapi.json
index 5f191c0cf..2e46866e5 100644
--- a/src/management-system/src/backend/openapi.json
+++ b/src/management-system/src/backend/openapi.json
@@ -959,7 +959,7 @@
                   "username": {
                     "type": "string"
                   },
-                  "lastName ": {
+                  "lastName": {
                     "type": "string"
                   },
                   "firstName": {
@@ -1150,23 +1150,13 @@
         "responses": {
           "200": {
             "description": "OK",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "$ref": "#/components/schemas/roleResponse"
-                }
-              }
-            }
-          },
-          "204": {
-            "description": "No Content",
             "content": {
               "application/json": {
                 "schema": {
                   "type": "array",
-                  "minItems": 0,
-                  "maxItems": 0,
-                  "items": {}
+                  "items": {
+                    "$ref": "#/components/schemas/roleResponse"
+                  }
                 }
               }
             }
@@ -1426,9 +1416,18 @@
                   "allOf": [
                     {
                       "$ref": "#/components/schemas/roleMappingData"
+                    },
+                    {
+                      "type": "object",
+                      "properties": {
+                        "username": { "type": "string" },
+                        "firstName": { "type": "string" },
+                        "lastName": { "type": "string" },
+                        "email": { "type": "string" }
+                      },
+                      "required": ["username", "firstName", "lastName", "email"]
                     }
-                  ],
-                  "required": ["roleId", "userId"]
+                  ]
                 }
               }
             }
@@ -1481,7 +1480,7 @@
         "description": "Get all role mappings referencing a specific user."
       }
     },
-    "/role-mappings/users/{userId}/{roleId}": {
+    "/role-mappings/users/{userId}/roles/{roleId}": {
       "parameters": [
         {
           "schema": {
@@ -2088,7 +2087,7 @@
           "username": {
             "type": "string"
           },
-          "lastName ": {
+          "lastName": {
             "type": "string"
           },
           "firstName": {
@@ -2188,7 +2187,7 @@
                 "username": {
                   "type": "string"
                 },
-                "fisrtName": {
+                "firstName": {
                   "type": "string"
                 },
                 "lastName": {
@@ -2198,7 +2197,7 @@
                   "type": "string"
                 }
               },
-              "required": ["userId", "username", "fisrtName", "lastName", "email"]
+              "required": ["userId", "username", "firstName", "lastName", "email"]
             }
           },
           "default": {
@@ -2254,7 +2253,8 @@
           "userId": {
             "type": "string"
           }
-        }
+        },
+        "required": ["roleId", "userId"]
       },
       "roleMappingMetaData": {
         "title": "roleMappingMetaData",
diff --git a/src/management-system/src/backend/server/iam/authorization/caslRules.ts b/src/management-system/src/backend/server/iam/authorization/caslRules.ts
index ca1437342..0a41b14f2 100644
--- a/src/management-system/src/backend/server/iam/authorization/caslRules.ts
+++ b/src/management-system/src/backend/server/iam/authorization/caslRules.ts
@@ -1,4 +1,3 @@
-import { subject } from '@casl/ability-v6';
 import { SHARE_TYPE, sharedWitOrByhUser } from './shares';
 import { packRules } from '@casl/ability-v6/extra';
 import {
@@ -76,7 +75,7 @@ function rulesForAuthenticatedUsers(userId: string): AbilityRule[] {
           default: { $eq: true },
         },
       },
-      fields: ['default', 'name'],
+      fields: ['default', 'name', 'expiration'],
     },
     {
       inverted: true,
@@ -117,6 +116,17 @@ function rulesForAuthenticatedUsers(userId: string): AbilityRule[] {
 function rulesForRoles(ability: CaslAbility) {
   const rules: AbilityRule[] = [];
 
+  rules.push({
+    inverted: true,
+    subject: 'Role',
+    action: 'delete',
+    conditions: {
+      conditions: {
+        default: { $eq: true },
+      },
+    },
+  });
+
   if (ability.cannot('admin', 'All')) {
     rules.push({
       inverted: true,
@@ -365,7 +375,3 @@ export async function rulesForUser(userId: string) {
 
   return { rules: packRules(translatedRules), expiration: firstExpiration };
 }
-
-export function toCaslResource(resource: ResourceType, object: any) {
-  return subject(resource, object);
-}
diff --git a/src/management-system/src/backend/server/iam/rest-api/auth0/user.js b/src/management-system/src/backend/server/iam/rest-api/auth0/user.js
index 13fe85423..5466e3433 100644
--- a/src/management-system/src/backend/server/iam/rest-api/auth0/user.js
+++ b/src/management-system/src/backend/server/iam/rest-api/auth0/user.js
@@ -4,8 +4,8 @@ import { validateUser } from '../../middleware/inputValidations.js';
 import { ensureCleanRoleMappings } from '../../utils/roleMappings.js';
 import { isAllowed, isAuthenticated } from '../../middleware/authorization';
 import { config } from '../../../iam/utils/config.js';
-import { toCaslResource } from '../../authorization/caslRules';
 import Ability from '../../../../../../../management-system-v2/lib/ability/abilityHelper';
+import { toCaslResource } from '../../../../../../../management-system-v2/lib/ability/caslAbility';
 
 // some userinfo endpoints are not returning standardized fields, so we have to make a standard for the MS
 const standardizeUser = (user) => {
diff --git a/src/management-system/src/backend/server/iam/rest-api/keycloak/user.js b/src/management-system/src/backend/server/iam/rest-api/keycloak/user.js
index 9fc7a14ed..70c68c47b 100644
--- a/src/management-system/src/backend/server/iam/rest-api/keycloak/user.js
+++ b/src/management-system/src/backend/server/iam/rest-api/keycloak/user.js
@@ -3,8 +3,8 @@ import requestResource from '../index.js';
 import { validateUser } from '../../middleware/inputValidations.js';
 import { ensureCleanRoleMappings } from '../../utils/roleMappings.js';
 import { isAllowed, isAuthenticated } from '../../middleware/authorization';
-import { toCaslResource } from '../../authorization/caslRules';
 import Ability from '../../../../../../../management-system-v2/lib/ability/abilityHelper';
+import { toCaslResource } from '../../../../../../../management-system-v2/lib/ability/caslAbility';
 
 const userRouter = express.Router();
 
diff --git a/src/management-system/src/backend/server/iam/rest-api/role-mappings.js b/src/management-system/src/backend/server/iam/rest-api/role-mappings.js
index 5fae8c764..f36755c6e 100644
--- a/src/management-system/src/backend/server/iam/rest-api/role-mappings.js
+++ b/src/management-system/src/backend/server/iam/rest-api/role-mappings.js
@@ -7,7 +7,7 @@ import {
 } from '../../../shared-electron-server/data/iam/role-mappings.js';
 import { deleteRulesForUsers, isAllowed } from '../middleware/authorization';
 import Ability from '../../../../../../management-system-v2/lib/ability/abilityHelper';
-import { toCaslResource } from '../authorization/caslRules';
+import { toCaslResource } from '../../../../../../management-system-v2/lib/ability/caslAbility';
 
 const roleMappingsRouter = express.Router();
 
diff --git a/src/management-system/src/backend/server/iam/rest-api/roles.js b/src/management-system/src/backend/server/iam/rest-api/roles.js
index 87db9d48e..f29014076 100644
--- a/src/management-system/src/backend/server/iam/rest-api/roles.js
+++ b/src/management-system/src/backend/server/iam/rest-api/roles.js
@@ -8,8 +8,8 @@ import {
 } from '../../../shared-electron-server/data/iam/roles.js';
 import { validateRole } from '../middleware/inputValidations.js';
 import { abilityCacheDeleteAll, isAllowed, isAuthenticated } from '../middleware/authorization';
-import { toCaslResource } from '../authorization/caslRules';
 import Ability from '../../../../../../management-system-v2/lib/ability/abilityHelper';
+import { toCaslResource } from '../../../../../../management-system-v2/lib/ability/caslAbility';
 
 const rolesRouter = express.Router();
 
@@ -41,7 +41,6 @@ rolesRouter.get('/:id', isAuthenticated(), async (req, res) => {
 rolesRouter.get('/', isAuthenticated(), async (req, res) => {
   try {
     const roles = await getRoles();
-    if (roles.length === 0) return res.status(204).json([]);
     return res.status(200).json(roles);
   } catch (e) {
     return res.status(400).json(e.toString());
@@ -87,15 +86,28 @@ rolesRouter.put('/:id', validateRole, isAllowed('update', 'Role'), async (req, r
 
   if (role) {
     try {
+      // validateRole turns expiration into a Date, in order for the object merge
+      // to work, we need it to be a string (type safe option in mergeIntoObject)
+      if (typeof role.expiration === 'object') {
+        /** @type {Date} */
+        const expirationDate = role.expiration;
+        role.expiration = expirationDate.toISOString();
+      }
+
       /** @type {Ability} */
       const userAbility = req.userAbility;
 
       const targetRole = getRoleById(id);
 
+      for (const [key, value] of Object.entries(role)) {
+        console.log('Key:', key, 'Value:', value, 'Target:', targetRole[key]);
+        if (targetRole[key] === value) delete role[key];
+      }
+
       // Casl isn't really built to check the value of input fields when updating, so we have to perform this two checks
       if (
         !(
-          userAbility.can('update', toCaslResource('Role', targetRole)) &&
+          userAbility.checkInputFields(toCaslResource('Role', targetRole), 'update', role) &&
           userAbility.can('create', toCaslResource('Role', role))
         )
       )
diff --git a/src/management-system/src/backend/server/iam/rest-api/shares.js b/src/management-system/src/backend/server/iam/rest-api/shares.js
index 26b0d7636..e42981adb 100644
--- a/src/management-system/src/backend/server/iam/rest-api/shares.js
+++ b/src/management-system/src/backend/server/iam/rest-api/shares.js
@@ -9,8 +9,8 @@ import {
 import { abilityCacheDeleteAll, isAllowed } from '../middleware/authorization';
 import { validateShare } from '../middleware/inputValidations.js';
 import jwt from 'jsonwebtoken';
-import { toCaslResource } from '../authorization/caslRules';
 import Ability from '../../../../../../management-system-v2/lib/ability/abilityHelper';
+import { toCaslResource } from '../../../../../../management-system-v2/lib/ability/caslAbility';
 
 const sharesRouter = express.Router();
 
diff --git a/src/management-system/src/backend/server/rest-api/machine.js b/src/management-system/src/backend/server/rest-api/machine.js
index ec3548df8..fd2c75352 100644
--- a/src/management-system/src/backend/server/rest-api/machine.js
+++ b/src/management-system/src/backend/server/rest-api/machine.js
@@ -7,8 +7,8 @@ import {
 import { v4 } from 'uuid';
 import express from 'express';
 import { isAllowed } from '../iam/middleware/authorization';
-import { toCaslResource } from '../iam/authorization/caslRules';
 import Ability from '../../../../../management-system-v2/lib/ability/abilityHelper';
+import { toCaslResource } from '../../../../../management-system-v2/lib/ability/caslAbility';
 
 const machinesRouter = express.Router();
 
diff --git a/src/management-system/src/backend/server/rest-api/process.js b/src/management-system/src/backend/server/rest-api/process.js
index 4b5a7bbcc..94d594cd5 100644
--- a/src/management-system/src/backend/server/rest-api/process.js
+++ b/src/management-system/src/backend/server/rest-api/process.js
@@ -18,7 +18,7 @@ import express from 'express';
 import { isAllowed } from '../iam/middleware/authorization.ts';
 import logger from '../../shared-electron-server/logging.js';
 import Ability from '../../../../../management-system-v2/lib/ability/abilityHelper';
-import { toCaslResource } from '../iam/authorization/caslRules';
+import { toCaslResource } from '../../../../../management-system-v2/lib/ability/caslAbility';
 
 const processRouter = express.Router();
 
diff --git a/src/management-system/tests/unit/specs/backend/authorization/iam/roleMapping.spec.js b/src/management-system/tests/unit/specs/backend/authorization/iam/roleMapping.spec.js
index 8124b7bd6..45f8e3366 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/iam/roleMapping.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/iam/roleMapping.spec.js
@@ -1,10 +1,10 @@
 const { users, abilitiesBuilt, buildAbility } = require('../authorization');
-const {
-  toCaslResource,
-} = require('../../../../../../src/backend/server/iam/authorization/caslRules');
 const {
   permissionNumberToIdentifiers,
 } = require('../../../../../../src/backend/server/iam/authorization/permissionHelpers');
+const {
+  toCaslResource,
+} = require('../../../../../../../management-system-v2/lib/ability/caslAbility');
 
 let adminAbility,
   all_user_permissionsAbility,
diff --git a/src/management-system/tests/unit/specs/backend/authorization/iam/roles.spec.js b/src/management-system/tests/unit/specs/backend/authorization/iam/roles.spec.js
index e9cfa8a49..41a0078de 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/iam/roles.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/iam/roles.spec.js
@@ -1,10 +1,10 @@
 const { roles, abilitiesBuilt, buildAbility } = require('../authorization');
-const {
-  toCaslResource,
-} = require('../../../../../../src/backend/server/iam/authorization/caslRules');
 const {
   permissionNumberToIdentifiers,
 } = require('../../../../../../src/backend/server/iam/authorization/permissionHelpers');
+const {
+  toCaslResource,
+} = require('../../../../../../../management-system-v2/lib/ability/caslAbility');
 
 let adminAbility,
   all_user_permissionsAbility,
diff --git a/src/management-system/tests/unit/specs/backend/authorization/iam/users.spec.js b/src/management-system/tests/unit/specs/backend/authorization/iam/users.spec.js
index e18d081b6..2f3020082 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/iam/users.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/iam/users.spec.js
@@ -1,10 +1,10 @@
 const { users, abilitiesBuilt } = require('../authorization');
-const {
-  toCaslResource,
-} = require('../../../../../../src/backend/server/iam/authorization/caslRules');
 const {
   permissionNumberToIdentifiers,
 } = require('../../../../../../src/backend/server/iam/authorization/permissionHelpers');
+const {
+  toCaslResource,
+} = require('../../../../../../../management-system-v2/lib/ability/caslAbility');
 
 let adminAbility,
   all_user_permissionsAbility,
diff --git a/src/management-system/tests/unit/specs/backend/authorization/machines.spec.js b/src/management-system/tests/unit/specs/backend/authorization/machines.spec.js
index ddfd34975..a252ffb8d 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/machines.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/machines.spec.js
@@ -1,8 +1,10 @@
 const { abilitiesBuilt, buildAbility } = require('./authorization');
-const { toCaslResource } = require('../../../../../src/backend/server/iam/authorization/caslRules');
 const {
   permissionNumberToIdentifiers,
 } = require('../../../../../src/backend/server/iam/authorization/permissionHelpers');
+const {
+  toCaslResource,
+} = require('../../../../../../management-system-v2/lib/ability/caslAbility');
 
 let adminAbility, all_role_permissionsAbility, unauthenticatedAbility;
 
diff --git a/src/management-system/tests/unit/specs/backend/authorization/process/deleteProcess.spec.js b/src/management-system/tests/unit/specs/backend/authorization/process/deleteProcess.spec.js
index ba0296b25..f42436042 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/process/deleteProcess.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/process/deleteProcess.spec.js
@@ -1,10 +1,10 @@
 const { processes, abilitiesBuilt, buildAbility } = require('../authorization');
-const {
-  toCaslResource,
-} = require('../../../../../../src/backend/server/iam/authorization/caslRules');
 const {
   permissionNumberToIdentifiers,
 } = require('../../../../../../src/backend/server/iam/authorization/permissionHelpers');
+const {
+  toCaslResource,
+} = require('../../../../../../../management-system-v2/lib/ability/caslAbility');
 
 let adminAbility,
   process_engineer_adminAbility,
diff --git a/src/management-system/tests/unit/specs/backend/authorization/process/getProcess.spec.js b/src/management-system/tests/unit/specs/backend/authorization/process/getProcess.spec.js
index 7d13f79de..c4047e446 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/process/getProcess.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/process/getProcess.spec.js
@@ -1,10 +1,10 @@
 const { processArray, processes, abilitiesBuilt, buildAbility } = require('../authorization');
-const {
-  toCaslResource,
-} = require('../../../../../../src/backend/server/iam/authorization/caslRules');
 const {
   permissionNumberToIdentifiers,
 } = require('../../../../../../src/backend/server/iam/authorization/permissionHelpers');
+const {
+  toCaslResource,
+} = require('../../../../../../../management-system-v2/lib/ability/caslAbility');
 
 let adminAbility,
   process_engineer_adminAbility,
diff --git a/src/management-system/tests/unit/specs/backend/authorization/process/putProcess.spec.js b/src/management-system/tests/unit/specs/backend/authorization/process/putProcess.spec.js
index a0f2ce5d5..39c67b12a 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/process/putProcess.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/process/putProcess.spec.js
@@ -1,10 +1,10 @@
 const { processes, abilitiesBuilt, buildAbility } = require('../authorization');
-const {
-  toCaslResource,
-} = require('../../../../../../src/backend/server/iam/authorization/caslRules');
 const {
   permissionNumberToIdentifiers,
 } = require('../../../../../../src/backend/server/iam/authorization/permissionHelpers');
+const {
+  toCaslResource,
+} = require('../../../../../../../management-system-v2/lib/ability/caslAbility');
 
 let adminAbility,
   process_engineer_adminAbility,
diff --git a/src/management-system/tests/unit/specs/backend/authorization/shares/deleteShare.spec.js b/src/management-system/tests/unit/specs/backend/authorization/shares/deleteShare.spec.js
index 888d0df82..a92717f8d 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/shares/deleteShare.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/shares/deleteShare.spec.js
@@ -1,10 +1,10 @@
 const { abilitiesBuilt, buildAbility } = require('../authorization');
-const {
-  toCaslResource,
-} = require('../../../../../../src/backend/server/iam/authorization/caslRules');
 const {
   getShares,
 } = require('../../../../../../src/backend/shared-electron-server/data/iam/shares');
+const {
+  toCaslResource,
+} = require('../../../../../../../management-system-v2/lib/ability/caslAbility');
 
 let adminAbility, process_engineer_adminAbility, unauthenticatedAbility;
 
diff --git a/src/management-system/tests/unit/specs/backend/authorization/shares/getShare.spec.js b/src/management-system/tests/unit/specs/backend/authorization/shares/getShare.spec.js
index 7538b91b5..c6b08f080 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/shares/getShare.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/shares/getShare.spec.js
@@ -1,13 +1,13 @@
 const { processes, shares, abilitiesBuilt, buildAbility } = require('../authorization');
-const {
-  toCaslResource,
-} = require('../../../../../../src/backend/server/iam/authorization/caslRules');
 const {
   permissionNumberToIdentifiers,
 } = require('../../../../../../src/backend/server/iam/authorization/permissionHelpers');
 const {
   getShares,
 } = require('../../../../../../src/backend/shared-electron-server/data/iam/shares');
+const {
+  toCaslResource,
+} = require('../../../../../../../management-system-v2/lib/ability/caslAbility');
 
 let adminAbility, unauthenticatedAbility;
 
diff --git a/src/management-system/tests/unit/specs/backend/authorization/shares/postShare.spec.js b/src/management-system/tests/unit/specs/backend/authorization/shares/postShare.spec.js
index 78b8ac47c..35dc5118b 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/shares/postShare.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/shares/postShare.spec.js
@@ -1,7 +1,7 @@
-const { abilitiesBuilt, buildAbility } = require('../authorization');
 const {
   toCaslResource,
-} = require('../../../../../../src/backend/server/iam/authorization/caslRules');
+} = require('../../../../../../../management-system-v2/lib/ability/caslAbility');
+const { abilitiesBuilt, buildAbility } = require('../authorization');
 
 let adminAbility, unauthenticatedAbility;
 
diff --git a/src/management-system/tests/unit/specs/backend/authorization/shares/putShare.spec.js b/src/management-system/tests/unit/specs/backend/authorization/shares/putShare.spec.js
index c0a1b5926..c85865b10 100644
--- a/src/management-system/tests/unit/specs/backend/authorization/shares/putShare.spec.js
+++ b/src/management-system/tests/unit/specs/backend/authorization/shares/putShare.spec.js
@@ -1,10 +1,10 @@
 const { abilitiesBuilt, buildAbility } = require('../authorization');
-const {
-  toCaslResource,
-} = require('../../../../../../src/backend/server/iam/authorization/caslRules');
 const {
   getShares,
 } = require('../../../../../../src/backend/shared-electron-server/data/iam/shares');
+const {
+  toCaslResource,
+} = require('../../../../../../../management-system-v2/lib/ability/caslAbility');
 
 let adminAbility, unauthenticatedAbility;