diff --git a/full/src/main/java/de/ids_mannheim/korap/constant/PredefinedRole.java b/full/src/main/java/de/ids_mannheim/korap/constant/PredefinedRole.java
new file mode 100644
index 0000000..0c79d6d
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/constant/PredefinedRole.java
@@ -0,0 +1,15 @@
+package de.ids_mannheim.korap.constant;
+
+public enum PredefinedRole {
+    GROUP_ADMIN(1), GROUP_MEMBER(2), VC_ADMIN(3), VC_MEMBER(3);
+    
+    private int id;
+
+    PredefinedRole (int i) {
+        this.id = i;
+    }
+    
+    public int getId () {
+        return id;
+    }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dao/PrivilegeDao.java b/full/src/main/java/de/ids_mannheim/korap/dao/PrivilegeDao.java
new file mode 100644
index 0000000..874850a
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/dao/PrivilegeDao.java
@@ -0,0 +1,60 @@
+package de.ids_mannheim.korap.dao;
+
+import java.util.List;
+
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
+import javax.persistence.criteria.CriteriaBuilder;
+import javax.persistence.criteria.CriteriaQuery;
+import javax.persistence.criteria.Root;
+
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+
+import de.ids_mannheim.korap.constant.PrivilegeType;
+import de.ids_mannheim.korap.entity.Privilege;
+import de.ids_mannheim.korap.entity.Privilege_;
+import de.ids_mannheim.korap.entity.Role;
+import de.ids_mannheim.korap.entity.Role_;
+
+@Transactional
+@Repository
+public class PrivilegeDao {
+
+    @PersistenceContext
+    private EntityManager entityManager;
+    
+    public void addPrivilegesToRole (Role role,
+            List<PrivilegeType> privilegeTypes) {
+        for (PrivilegeType type : privilegeTypes) {
+            Privilege privilege = new Privilege(type, role);
+            entityManager.persist(privilege);
+        }
+    }
+
+    public void deletePrivilegeFromRole (int roleId,
+            PrivilegeType privilegeType) {
+        List<Privilege> privilegeList = retrievePrivilegeByRoleId(roleId);
+        for (Privilege p: privilegeList){
+            if (p.getName().equals(privilegeType)){
+                entityManager.remove(p);
+                break;
+            }
+        }
+    }
+
+    public List<Privilege> retrievePrivilegeByRoleId (int roleId) {
+        CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
+        CriteriaQuery<Privilege> query =
+                criteriaBuilder.createQuery(Privilege.class);
+
+        Root<Privilege> root = query.from(Privilege.class);
+        root.fetch(Privilege_.role);
+        query.select(root);
+        query.where(criteriaBuilder
+                .equal(root.get(Privilege_.role).get(Role_.id), roleId));
+        Query q = entityManager.createQuery(query);
+       return q.getResultList();
+    }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dao/RoleDao.java b/full/src/main/java/de/ids_mannheim/korap/dao/RoleDao.java
new file mode 100644
index 0000000..ac73e26
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/dao/RoleDao.java
@@ -0,0 +1,73 @@
+package de.ids_mannheim.korap.dao;
+
+import java.util.List;
+
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.persistence.Query;
+import javax.persistence.criteria.CriteriaBuilder;
+import javax.persistence.criteria.CriteriaQuery;
+import javax.persistence.criteria.Root;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
+
+import de.ids_mannheim.korap.constant.PrivilegeType;
+import de.ids_mannheim.korap.entity.Privilege;
+import de.ids_mannheim.korap.entity.Role;
+import de.ids_mannheim.korap.entity.Role_;
+
+@Transactional
+@Repository
+public class RoleDao {
+
+    @PersistenceContext
+    private EntityManager entityManager;
+
+    @Autowired
+    PrivilegeDao privilegeDao;
+
+    public void createRole (String name, List<PrivilegeType> privilegeTypes) {
+        Role r = new Role();
+        r.setName(name);
+        entityManager.persist(r);
+        privilegeDao.addPrivilegesToRole(r, privilegeTypes);
+    }
+
+    public void deleteRole (int roleId) {
+        Role r = retrieveRoleById(roleId);
+        entityManager.remove(r);
+    }
+
+    public void updateRoleName (int roleId, String name) {
+        Role r = retrieveRoleById(roleId);
+        r.setName(name);
+        entityManager.persist(r);
+    }
+    
+    public Role retrieveRoleById (int roleId) {
+        CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
+        CriteriaQuery<Role> query = criteriaBuilder.createQuery(Role.class);
+
+        Root<Role> root = query.from(Role.class);
+        root.fetch(Role_.privileges);
+        query.select(root);
+        query.where(criteriaBuilder.equal(root.get(Role_.id), roleId));
+        Query q = entityManager.createQuery(query);
+        return (Role) q.getSingleResult();
+    }
+
+    public Role retrieveRoleByName (String roleName) {
+        CriteriaBuilder criteriaBuilder = entityManager.getCriteriaBuilder();
+        CriteriaQuery<Role> query = criteriaBuilder.createQuery(Role.class);
+
+        Root<Role> root = query.from(Role.class);
+        root.fetch(Role_.privileges);
+        query.select(root);
+        query.where(criteriaBuilder.equal(root.get(Role_.name), roleName));
+        Query q = entityManager.createQuery(query);
+        return (Role) q.getSingleResult();
+    }
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dao/UserGroupDao.java b/full/src/main/java/de/ids_mannheim/korap/dao/UserGroupDao.java
index d33845f..f96cbd5 100644
--- a/full/src/main/java/de/ids_mannheim/korap/dao/UserGroupDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/dao/UserGroupDao.java
@@ -1,6 +1,8 @@
 package de.ids_mannheim.korap.dao;
 
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
@@ -11,12 +13,15 @@
 import javax.persistence.criteria.Predicate;
 import javax.persistence.criteria.Root;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
 import de.ids_mannheim.korap.constant.GroupMemberStatus;
+import de.ids_mannheim.korap.constant.PredefinedRole;
 import de.ids_mannheim.korap.constant.UserGroupStatus;
 import de.ids_mannheim.korap.constant.VirtualCorpusAccessStatus;
+import de.ids_mannheim.korap.entity.Role;
 import de.ids_mannheim.korap.entity.UserGroup;
 import de.ids_mannheim.korap.entity.UserGroupMember;
 import de.ids_mannheim.korap.entity.UserGroupMember_;
@@ -33,14 +38,27 @@
     @PersistenceContext
     private EntityManager entityManager;
 
+    @Autowired
+    private RoleDao roleDao;
+
     public void createGroup (String name, String createdBy,
-            List<UserGroupMember> members, UserGroupStatus status) {
+            UserGroupStatus status) {
         UserGroup group = new UserGroup();
         group.setName(name);
         group.setStatus(status);
         group.setCreatedBy(createdBy);
-        group.setMembers(members);
         entityManager.persist(group);
+
+        Set<Role> roles = new HashSet<Role>(2);
+        roles.add(roleDao.retrieveRoleById(PredefinedRole.GROUP_ADMIN.getId()));
+        roles.add(roleDao.retrieveRoleById(PredefinedRole.VC_ADMIN.getId()));
+
+        UserGroupMember owner = new UserGroupMember();
+        owner.setCreatedBy(createdBy);
+        owner.setStatus(GroupMemberStatus.ACTIVE);
+        owner.setGroup(group);
+        owner.setRoles(roles);
+        entityManager.persist(owner);
     }
 
     public void deleteGroup (int groupId, String deletedBy,
diff --git a/full/src/main/java/de/ids_mannheim/korap/entity/Privilege.java b/full/src/main/java/de/ids_mannheim/korap/entity/Privilege.java
index beedd48..2254e5d 100644
--- a/full/src/main/java/de/ids_mannheim/korap/entity/Privilege.java
+++ b/full/src/main/java/de/ids_mannheim/korap/entity/Privilege.java
@@ -3,31 +3,45 @@
 import javax.persistence.Entity;
 import javax.persistence.EnumType;
 import javax.persistence.Enumerated;
+import javax.persistence.FetchType;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.JoinColumn;
 import javax.persistence.ManyToOne;
 import javax.persistence.Table;
 
 import de.ids_mannheim.korap.constant.PrivilegeType;
+import lombok.Getter;
+import lombok.Setter;
 
 /**  
  * 
  * @author margaretha
  *
  */
+@Getter
+@Setter
 @Entity
-@Table
+@Table(name="privilege")
 public class Privilege {
-    
+
     @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private int id;
     @Enumerated(EnumType.STRING)
-    private PrivilegeType id;
-    
-    @ManyToOne
-    @JoinColumn
+    private PrivilegeType name;
+    @ManyToOne(fetch=FetchType.LAZY)
+    @JoinColumn(name = "role_id", referencedColumnName = "id")
     private Role role;
-    
+
+    public Privilege () {}
+    public Privilege (PrivilegeType name, Role role) {
+        this.name = name;
+        this.role = role;
+    }
+
     public String toString () {
-        return "id=" + id + ", role="+ role;
+        return "id=" + id + ", name=" + name + ", role=" + role;
     }
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/entity/Role.java b/full/src/main/java/de/ids_mannheim/korap/entity/Role.java
index 8ba2e7d..685bf92 100644
--- a/full/src/main/java/de/ids_mannheim/korap/entity/Role.java
+++ b/full/src/main/java/de/ids_mannheim/korap/entity/Role.java
@@ -2,12 +2,12 @@
 
 import java.util.List;
 
+import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
-import javax.persistence.JoinColumn;
 import javax.persistence.ManyToMany;
 import javax.persistence.OneToMany;
 import javax.persistence.Table;
@@ -29,15 +29,16 @@
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
     private int id;
+    @Column(unique=true)
     private String name;
 
     @ManyToMany(mappedBy = "roles", fetch = FetchType.LAZY)
     private List<UserGroupMember> userGroupMembers;
 
-    @OneToMany(mappedBy = "role")
+    @OneToMany(mappedBy = "role", fetch = FetchType.LAZY)
     private List<Privilege> privileges;
 
     public String toString () {
-        return "id=" + id + "name=" + name + ", privileges=" + privileges;
+        return "id=" + id + "name=" + name;
     }
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/entity/VirtualCorpus.java b/full/src/main/java/de/ids_mannheim/korap/entity/VirtualCorpus.java
index e7714d7..deccdb8 100644
--- a/full/src/main/java/de/ids_mannheim/korap/entity/VirtualCorpus.java
+++ b/full/src/main/java/de/ids_mannheim/korap/entity/VirtualCorpus.java
@@ -51,8 +51,7 @@
     private String createdBy;
 
     @OneToMany(mappedBy = "virtualCorpus", fetch=FetchType.LAZY)
-    List<VirtualCorpusAccessGroup> accessGroup;
-
+    private List<VirtualCorpusAccessGroup> accessGroup;
 
     @Override
     public String toString () {
diff --git a/full/src/main/resources/db/insert/V3.2__insert_roles.sql b/full/src/main/resources/db/insert/V3.2__insert_roles.sql
new file mode 100644
index 0000000..fdb8031
--- /dev/null
+++ b/full/src/main/resources/db/insert/V3.2__insert_roles.sql
@@ -0,0 +1,26 @@
+-- roles
+INSERT INTO role(name) VALUES ("group admin");
+INSERT INTO role(name) VALUES ("group member");
+INSERT INTO role(name) VALUES ("VC admin");
+INSERT INTO role(name) VALUES ("VC member");
+
+-- privileges
+INSERT INTO privilege(name,role_id)
+	VALUES("READ", 1);
+INSERT INTO privilege(name,role_id)
+	VALUES("WRITE", 1);
+INSERT INTO privilege(name,role_id)
+	VALUES("DELETE", 1);
+	
+INSERT INTO privilege(name,role_id)
+	VALUES("DELETE",2);
+	
+INSERT INTO privilege(name,role_id)
+	VALUES("READ",3);
+INSERT INTO privilege(name,role_id)
+	VALUES("WRITE",3);
+INSERT INTO privilege(name,role_id)
+	VALUES("DELETE",3);
+
+INSERT INTO privilege(name,role_id)
+	VALUES("READ",4);	
\ No newline at end of file
diff --git a/full/src/main/resources/db/new-mysql/V1.1__create_virtual_corpus_tables.sql b/full/src/main/resources/db/new-mysql/V1.1__create_virtual_corpus_tables.sql
index 3a0b5e8..328e13e 100644
--- a/full/src/main/resources/db/new-mysql/V1.1__create_virtual_corpus_tables.sql
+++ b/full/src/main/resources/db/new-mysql/V1.1__create_virtual_corpus_tables.sql
@@ -1,17 +1,21 @@
-CREATE TABLE IF NOT EXISTS privilege (
-  id varchar(20) PRIMARY KEY NOT NULL
-);
-
 CREATE TABLE IF NOT EXISTS role (
   id INTEGER PRIMARY KEY AUTO_INCREMENT,
   name varchar(100) NOT NULL,
-  privilege varchar(20) NOT NULL,
-  UNIQUE INDEX unique_index (name,privilege),
-  FOREIGN KEY (privilege) 
-  	REFERENCES privilege (id)
+  UNIQUE INDEX name_index(name)
+);
+
+
+CREATE TABLE IF NOT EXISTS privilege (
+  id INTEGER PRIMARY KEY AUTO_INCREMENT,
+  name varchar(20) NOT NULL,
+  role_id int NOT NULL,
+  UNIQUE INDEX privilege_index(name, role_id),
+  FOREIGN KEY (role_id) 
+  	REFERENCES role (id)
   	ON DELETE CASCADE
 );
 
+
 CREATE TABLE IF NOT EXISTS user_group (
   id INTEGER PRIMARY KEY AUTO_INCREMENT,
   name varchar(100) NOT NULL,
diff --git a/full/src/main/resources/db/new-sqlite/V1.1__create_virtual_corpus_tables.sql b/full/src/main/resources/db/new-sqlite/V1.1__create_virtual_corpus_tables.sql
index fed899e..27fb035 100644
--- a/full/src/main/resources/db/new-sqlite/V1.1__create_virtual_corpus_tables.sql
+++ b/full/src/main/resources/db/new-sqlite/V1.1__create_virtual_corpus_tables.sql
@@ -1,3 +1,22 @@
+CREATE TABLE IF NOT EXISTS role (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  name varchar(100) NOT NULL
+);
+
+CREATE UNIQUE INDEX role_index on role(name);
+
+CREATE TABLE IF NOT EXISTS privilege (
+  id INTEGER PRIMARY KEY AUTOINCREMENT,
+  name varchar(20) NOT NULL,
+  role_id int NOT NULL,
+  FOREIGN KEY (role_id) 
+  	REFERENCES role (id)
+  	ON DELETE CASCADE
+);
+
+CREATE UNIQUE INDEX privilege_index on privilege(name, role_id);
+
+
 CREATE TABLE IF NOT EXISTS user_group (
   id INTEGER PRIMARY KEY AUTOINCREMENT,
   name varchar(100) NOT NULL,
@@ -25,12 +44,6 @@
 CREATE INDEX user_group_member_status_index 
 	ON user_group_member(status);
 
-
-CREATE TABLE IF NOT EXISTS role (
-  id varchar(100) PRIMARY KEY NOT NULL,
-  privilege varchar(100) NOT NULL
-);
-
 CREATE TABLE IF NOT EXISTS group_member_role (
   id INTEGER PRIMARY KEY AUTOINCREMENT,
   group_member_id int(11) NOT NULL,