diff --git a/migrations/20200716111333_user.js b/migrations/20200716111333_user.js
index 9916126..83a22f6 100644
--- a/migrations/20200716111333_user.js
+++ b/migrations/20200716111333_user.js
@@ -5,6 +5,7 @@ export async function up(knex) {
       table.string('username').notNullable()
       table.string('hash')
       table.timestamp('last_login').nullable()
+      table.json('roles')
     })
 }
 
diff --git a/seeds/User.js b/seeds/User.js
index dfa26a3..cc1cfc6 100644
--- a/seeds/User.js
+++ b/seeds/User.js
@@ -1,6 +1,7 @@
 export default [
   {
     username: 'ditojs',
-    password: 'ditojs'
+    password: 'ditojs',
+    roles: ['admin', 'editor']
   }
 ]
diff --git a/src/server/controllers/api/admin/dummies.js b/src/server/controllers/api/admin/dummies.js
index 31cb764..abb89e5 100644
--- a/src/server/controllers/api/admin/dummies.js
+++ b/src/server/controllers/api/admin/dummies.js
@@ -5,6 +5,7 @@ export class Dummies extends ModelController {
   modelClass = Dummy
   scope = '^admin'
   graph = true
+  authorize = ['admin', 'editor']
 
   collection = {
     allow: ['find', 'insert']
diff --git a/src/server/models/user.js b/src/server/models/user.js
index 65c0cc3..f3361a7 100644
--- a/src/server/models/user.js
+++ b/src/server/models/user.js
@@ -1,3 +1,16 @@
 import { UserModel } from '@ditojs/server'
 
-export class User extends UserModel { }
+export class User extends UserModel {
+  static properties = {
+    roles: {
+      type: 'array',
+      items: {
+        type: 'string',
+        enum: ['admin', 'editor']
+      },
+      minItems: 1,
+      uniqueItems: true,
+      required: true
+    }
+  }
+}