diff --git a/idp/src/auth/auth.module.ts b/idp/src/auth/auth.module.ts
index 6915b36..7aac194 100644
--- a/idp/src/auth/auth.module.ts
+++ b/idp/src/auth/auth.module.ts
@@ -15,6 +15,7 @@ import {
 import { LoggerModule } from 'src/core/logger.module';
 import { SessionKey, SessionKeyRepository } from 'src/model/session-key.entity';
 import { ConfigModule, ConfigService } from '@nestjs/config';
+import { Role, RoleRepository } from 'src/model/role.entity';
 
 @Module({
   providers: [
@@ -24,6 +25,7 @@ import { ConfigModule, ConfigService } from '@nestjs/config';
     ClientRepository,
     AuthorizationCodeRepository,
     SessionKeyRepository,
+    RoleRepository,
   ],
   controllers: [AuthController],
   imports: [
@@ -42,6 +44,7 @@ import { ConfigModule, ConfigService } from '@nestjs/config';
       RedirectUri,
       AuthorizationCode,
       SessionKey,
+      Role,
     ]),
     LoggerModule,
   ],
diff --git a/idp/src/model/role.entity.ts b/idp/src/model/role.entity.ts
new file mode 100644
index 0000000..776aa21
--- /dev/null
+++ b/idp/src/model/role.entity.ts
@@ -0,0 +1,35 @@
+import { Injectable } from '@nestjs/common';
+import { Exclude } from 'class-transformer';
+import {
+  Entity,
+  Column,
+  PrimaryGeneratedColumn,
+  DataSource,
+  Repository,
+  ManyToOne,
+} from 'typeorm';
+
+import { User } from './user.entity';
+
+@Entity()
+export class Role {
+  @PrimaryGeneratedColumn('uuid')
+  id: string;
+
+  @Column()
+  name: string;
+  @Exclude()
+  @ManyToOne(() => User, (user) => user.role)
+  users: User[];
+}
+
+@Injectable()
+export class RoleRepository extends Repository<Role> {
+  constructor(dataSource: DataSource) {
+    super(Role, dataSource.createEntityManager());
+  }
+
+  findById(id: string): Promise<Role> {
+    return this.findOneBy({ id });
+  }
+}
diff --git a/idp/src/model/user.entity.ts b/idp/src/model/user.entity.ts
index a954929..a668595 100644
--- a/idp/src/model/user.entity.ts
+++ b/idp/src/model/user.entity.ts
@@ -8,9 +8,11 @@ import {
   Repository,
   OneToMany,
   CreateDateColumn,
+  ManyToOne,
 } from 'typeorm';
 import { AuthorizationCode } from './auth-code.entity';
 import { SessionKey } from './session-key.entity';
+import { Role } from './role.entity';
 
 @Entity()
 export class User {
@@ -45,6 +47,10 @@ export class User {
   @OneToMany(() => SessionKey, (key) => key.user)
   sessionKeys: SessionKey[];
 
+  @Exclude()
+  @ManyToOne(() => Role, (role) => role.users)
+  role?: Role;
+
   accessToken?: string;
   refreshToken?: string;
 }
@@ -56,10 +62,10 @@ export class UserRepository extends Repository<User> {
   }
 
   findByUsername(username: string): Promise<User> {
-    return this.findOneBy({ username });
+    return this.findOne({where: { username }, relations: ['role']});
   }
 
   findById(id: string): Promise<User> {
-    return this.findOneBy({ id });
+    return this.findOne({where: { id }, relations: ['role']});
   }
 }