From 3ce7f1a227df68d2e64937a5ce7eec148e1b0a03 Mon Sep 17 00:00:00 2001
From: Shaun Walker <shaun.walker@siliqon.com>
Date: Tue, 27 Aug 2019 17:14:41 -0400
Subject: [PATCH] Permission-based authorization utilizing Policies

---
 Oqtane.Client/Modules/Admin/Admin/Index.razor |   3 +-
 .../Modules/Admin/ModuleSettings/Index.razor  |   8 +-
 Oqtane.Client/Modules/Admin/Pages/Add.razor   |  12 +-
 .../Modules/Admin/Pages/Delete.razor          |  13 +-
 Oqtane.Client/Modules/Admin/Pages/Edit.razor  |  16 +-
 Oqtane.Client/Modules/Admin/Pages/Index.razor |   4 +-
 .../Modules/Admin/Register/Index.razor        |  12 +-
 Oqtane.Client/Modules/Admin/Sites/Add.razor   |   5 +-
 .../Modules/Controls/ActionLink.razor         |  12 +-
 .../Modules/Controls/ModuleMessage.razor      |  20 +-
 .../HtmlText/Services/HtmlTextService.cs      |  10 +-
 .../HtmlText/Services/IHtmlTextService.cs     |   2 +-
 .../IdentityAuthenticationStateProvider.cs    |   3 +-
 .../Services/Interfaces/IUserService.cs       |   2 -
 Oqtane.Client/Services/UserService.cs         |  73 ----
 Oqtane.Client/Shared/Container.razor          |   3 +-
 Oqtane.Client/Shared/Installer.razor          |  14 +-
 Oqtane.Client/Shared/ModuleInstance.razor     |   3 +-
 Oqtane.Client/Shared/Pane.razor               |  15 +-
 Oqtane.Client/Shared/SiteRouter.razor         |  13 +-
 Oqtane.Client/Shared/Theme.razor              |   3 +-
 Oqtane.Client/Shared/Utilities.cs             |   1 +
 .../Themes/Controls/ControlPanel.razor        |   8 +-
 Oqtane.Client/Themes/Controls/Menu.razor      |   3 +-
 .../Themes/Controls/ModuleActions.razor       |   5 +-
 Oqtane.Server/Controllers/AliasController.cs  |   6 +-
 .../Controllers/InstallationController.cs     |   2 -
 Oqtane.Server/Controllers/ModuleController.cs |   6 +-
 .../Controllers/PageModuleController.cs       |   6 +-
 .../Controllers/PermissionController.cs       |  65 +++
 Oqtane.Server/Controllers/RoleController.cs   |   6 +-
 Oqtane.Server/Controllers/UserController.cs   | 111 +++--
 .../Controllers/UserRoleController.cs         |   6 +-
 .../Controllers/HtmlTextController.cs         |  34 +-
 .../HtmlText/Repository/HtmlTextRepository.cs |   4 +-
 .../Repository/IHtmlTextRepository.cs         |   2 +-
 .../Repository/Context/TenantDBContext.cs     |   1 +
 .../Interfaces/IPermissionRepository.cs       |  19 +
 Oqtane.Server/Repository/ModuleRepository.cs  |  23 +-
 .../Repository/PageModuleRepository.cs        |  25 +-
 Oqtane.Server/Repository/PageRepository.cs    |  23 +-
 .../Repository/PermissionRepository.cs        | 236 +++++++++++
 Oqtane.Server/Repository/TenantResolver.cs    |   5 +-
 Oqtane.Server/Scripts/00.00.00.sql            | 401 +++++++++++++-----
 .../Security/ClaimsPrincipalFactory.cs        |   7 +-
 Oqtane.Server/Security/PermissionHandler.cs   |  57 +++
 .../Security/PermissionRequirement.cs         |  17 +
 Oqtane.Server/Startup.cs                      |  25 +-
 Oqtane.Shared/Models/Module.cs                |   5 +-
 Oqtane.Shared/Models/Page.cs                  |   7 +-
 Oqtane.Shared/Models/Permission.cs            |  23 +
 Oqtane.Shared/Models/User.cs                  |   3 +-
 Oqtane.Shared/Security/UserSecurity.cs        | 103 +++++
 .../Shared/Constants.cs                       |   1 +
 54 files changed, 1104 insertions(+), 388 deletions(-)
 create mode 100644 Oqtane.Server/Controllers/PermissionController.cs
 create mode 100644 Oqtane.Server/Repository/Interfaces/IPermissionRepository.cs
 create mode 100644 Oqtane.Server/Repository/PermissionRepository.cs
 create mode 100644 Oqtane.Server/Security/PermissionHandler.cs
 create mode 100644 Oqtane.Server/Security/PermissionRequirement.cs
 create mode 100644 Oqtane.Shared/Models/Permission.cs
 create mode 100644 Oqtane.Shared/Security/UserSecurity.cs
 rename {Oqtane.Client => Oqtane.Shared}/Shared/Constants.cs (95%)

diff --git a/Oqtane.Client/Modules/Admin/Admin/Index.razor b/Oqtane.Client/Modules/Admin/Admin/Index.razor
index 9065812c..1717112b 100644
--- a/Oqtane.Client/Modules/Admin/Admin/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Admin/Index.razor
@@ -2,6 +2,7 @@
 @using Oqtane.Modules
 @using Oqtane.Services
 @using Oqtane.Models;
+@using Oqtane.Security
 @using Oqtane.Client.Modules.Controls
 @inherits ModuleBase
 @inject IPageService PageService
@@ -10,7 +11,7 @@
 <ul class="list-group">
     @foreach (var p in pages)
     {
-        if (p.IsNavigation && UserService.IsAuthorized(PageState.User, p.ViewPermissions))
+        if (p.IsNavigation && UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
         {
             string url = NavigateUrl(p.Path);
             <li class="list-group-item">
diff --git a/Oqtane.Client/Modules/Admin/ModuleSettings/Index.razor b/Oqtane.Client/Modules/Admin/ModuleSettings/Index.razor
index ca8cef80..7eb5154e 100644
--- a/Oqtane.Client/Modules/Admin/ModuleSettings/Index.razor
+++ b/Oqtane.Client/Modules/Admin/ModuleSettings/Index.razor
@@ -3,6 +3,7 @@
 @using Oqtane.Models
 @using Oqtane.Modules
 @using Oqtane.Shared
+@using Oqtane.Security
 @using Oqtane.Client.Modules.Controls
 @inherits ModuleBase
 @inject IUriHelper UriHelper
@@ -89,8 +90,8 @@
         title = ModuleState.Title;
         containers = ThemeService.GetContainerTypes(await ThemeService.GetThemesAsync());
         containertype = ModuleState.ContainerType;
-        viewpermissions = ModuleState.ViewPermissions;
-        editpermissions = ModuleState.EditPermissions;
+        viewpermissions = UserSecurity.GetPermissions("View", ModuleState.Permissions);
+        editpermissions = UserSecurity.GetPermissions("Edit", ModuleState.Permissions);
         pageid = ModuleState.PageId.ToString();
 
         DynamicComponent = builder =>
@@ -108,8 +109,7 @@
     private async Task SaveModule()
     {
         Module module = ModuleState;
-        module.ViewPermissions = viewpermissions;
-        module.EditPermissions = editpermissions;
+        module.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
         await ModuleService.UpdateModuleAsync(module);
 
         PageModule pagemodule = await PageModuleService.GetPageModuleAsync(ModuleState.PageModuleId);
diff --git a/Oqtane.Client/Modules/Admin/Pages/Add.razor b/Oqtane.Client/Modules/Admin/Pages/Add.razor
index ab6fbca1..de65c5ae 100644
--- a/Oqtane.Client/Modules/Admin/Pages/Add.razor
+++ b/Oqtane.Client/Modules/Admin/Pages/Add.razor
@@ -1,15 +1,16 @@
 @using Microsoft.AspNetCore.Components.Routing
+@using Oqtane.Client.Modules.Controls
 @using Oqtane.Models
 @using Oqtane.Services
 @using Oqtane.Modules
 @using Oqtane.Shared
+@using Oqtane.Security
 @inherits ModuleBase
 @inject IUriHelper UriHelper
 @inject IPageService PageService
 @inject IThemeService  ThemeService
 
-@((MarkupString)message)
-
+<ModuleMessage Message="@message" />
 <table class="form-group">
     <tr>
         <td>
@@ -144,7 +145,7 @@
         }
         catch (Exception ex)
         {
-            message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
+            message = ex.Message;
         }
     }
 
@@ -180,8 +181,7 @@
             }
             System.Reflection.PropertyInfo property = type.GetProperty("Panes");
             page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
-            page.ViewPermissions = viewpermissions;
-            page.EditPermissions = editpermissions;
+            page.Permissions =  UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
             await PageService.AddPageAsync(page);
 
             PageState.Reload = Constants.ReloadSite;
@@ -196,7 +196,7 @@
         }
         catch (Exception ex)
         {
-            message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
+            message = ex.Message;
         }
     }
 }
diff --git a/Oqtane.Client/Modules/Admin/Pages/Delete.razor b/Oqtane.Client/Modules/Admin/Pages/Delete.razor
index 97d56b58..bfa1473f 100644
--- a/Oqtane.Client/Modules/Admin/Pages/Delete.razor
+++ b/Oqtane.Client/Modules/Admin/Pages/Delete.razor
@@ -1,15 +1,16 @@
 @using Microsoft.AspNetCore.Components.Routing
+@using Oqtane.Client.Modules.Controls
 @using Oqtane.Models
 @using Oqtane.Services
 @using Oqtane.Modules
 @using Oqtane.Shared
-@using Oqtane.Client.Modules.Controls
+@using Oqtane.Security
 @inherits ModuleBase
 @inject IUriHelper UriHelper
 @inject IPageService PageService
 @inject IThemeService  ThemeService
 
-@((MarkupString)message)
+<ModuleMessage Message="@message" />
 
 <table class="form-group">
     <tr>
@@ -163,8 +164,8 @@
                 themetype = page.ThemeType;
                 layouttype = page.LayoutType;
                 icon = page.Icon;
-                viewpermissions = page.ViewPermissions;
-                editpermissions = page.EditPermissions;
+                viewpermissions = UserSecurity.GetPermissions("View", page.Permissions);
+                editpermissions = UserSecurity.GetPermissions("Edit", page.Permissions);
                 createdby = page.CreatedBy;
                 createdon = page.CreatedOn;
                 modifiedby = page.ModifiedBy;
@@ -173,7 +174,7 @@
         }
         catch (Exception ex)
         {
-            message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
+            message = ex.Message;
         }
     }
 
@@ -194,7 +195,7 @@
         }
         catch (Exception ex)
         {
-            message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
+            message = ex.Message;
         }
     }
 }
diff --git a/Oqtane.Client/Modules/Admin/Pages/Edit.razor b/Oqtane.Client/Modules/Admin/Pages/Edit.razor
index 5661b344..043c9c1f 100644
--- a/Oqtane.Client/Modules/Admin/Pages/Edit.razor
+++ b/Oqtane.Client/Modules/Admin/Pages/Edit.razor
@@ -1,15 +1,16 @@
 @using Microsoft.AspNetCore.Components.Routing
+@using Oqtane.Client.Modules.Controls
 @using Oqtane.Models
 @using Oqtane.Services
 @using Oqtane.Modules
 @using Oqtane.Shared
-@using Oqtane.Client.Modules.Controls
+@using Oqtane.Security
 @inherits ModuleBase
 @inject IUriHelper UriHelper
 @inject IPageService PageService
 @inject IThemeService  ThemeService
 
-@((MarkupString)message)
+<ModuleMessage Message="@message" />
 
 <table class="form-group">
     <tr>
@@ -170,8 +171,8 @@
                 themetype = page.ThemeType;
                 layouttype = page.LayoutType;
                 icon = page.Icon;
-                viewpermissions = page.ViewPermissions;
-                editpermissions = page.EditPermissions;
+                viewpermissions = UserSecurity.GetPermissions("View", page.Permissions);
+                editpermissions = UserSecurity.GetPermissions("Edit", page.Permissions);
                 createdby = page.CreatedBy;
                 createdon = page.CreatedOn;
                 modifiedby = page.ModifiedBy;
@@ -180,7 +181,7 @@
         }
         catch (Exception ex)
         {
-            message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
+            message = ex.Message;
         }
     }
 
@@ -216,8 +217,7 @@
             }
             System.Reflection.PropertyInfo property = type.GetProperty("Panes");
             page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
-            page.ViewPermissions = viewpermissions;
-            page.EditPermissions = editpermissions;
+            page.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
             await PageService.UpdatePageAsync(page);
 
             PageState.Reload = Constants.ReloadSite;
@@ -232,7 +232,7 @@
         }
         catch (Exception ex)
         {
-            message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
+            message = ex.Message;
         }
     }
 }
diff --git a/Oqtane.Client/Modules/Admin/Pages/Index.razor b/Oqtane.Client/Modules/Admin/Pages/Index.razor
index f150ab34..cd972c59 100644
--- a/Oqtane.Client/Modules/Admin/Pages/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Pages/Index.razor
@@ -1,7 +1,7 @@
-@using Oqtane.Services
+@using Oqtane.Client.Modules.Controls
+@using Oqtane.Services
 @using Oqtane.Models
 @using Oqtane.Modules
-@using Oqtane.Client.Modules.Controls
 @inherits ModuleBase
 @inject IPageService PageService
 
diff --git a/Oqtane.Client/Modules/Admin/Register/Index.razor b/Oqtane.Client/Modules/Admin/Register/Index.razor
index a3ed92a7..3ef9ed16 100644
--- a/Oqtane.Client/Modules/Admin/Register/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Register/Index.razor
@@ -9,7 +9,7 @@
 <div class="container">
     <div class="form-group">
         <label for="Username" class="control-label">Email: </label>
-        <input type="text" name="Username" class="form-control" placeholder="Username" @bind="@Username" />
+        <input type="text" name="Username" class="form-control" placeholder="Username" @bind="@Email" />
     </div>
     <div class="form-group">
         <label for="Password" class="control-label">Password: </label>
@@ -22,17 +22,17 @@
 @code {
     public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Anonymous; } }
 
-    public string Username { get; set; } = "";
+    public string Email { get; set; } = "";
     public string Password { get; set; } = "";
 
     private async Task RegisterUser()
     {
         User user = new User();
         user.SiteId = PageState.Site.SiteId;
-        user.Username = Username;
-        user.DisplayName = Username;
-        user.Roles = "Administrators;";
-        user.IsSuperUser = false;
+        user.Username = Email;
+        user.DisplayName = Email;
+        user.Email = Email;
+        user.IsHost = false;
         user.Password = Password;
         await UserService.AddUserAsync(user);
         UriHelper.NavigateTo("");
diff --git a/Oqtane.Client/Modules/Admin/Sites/Add.razor b/Oqtane.Client/Modules/Admin/Sites/Add.razor
index 32612845..06165cbb 100644
--- a/Oqtane.Client/Modules/Admin/Sites/Add.razor
+++ b/Oqtane.Client/Modules/Admin/Sites/Add.razor
@@ -2,6 +2,8 @@
 @using Oqtane.Models
 @using Oqtane.Services
 @using Oqtane.Modules
+@using Oqtane.Shared
+@using Oqtane.Security
 @inherits ModuleBase
 @inject IUriHelper UriHelper
 @inject ITenantService TenantService
@@ -102,8 +104,7 @@ else
         Type type = Type.GetType(p.ThemeType);
         System.Reflection.PropertyInfo property = type.GetProperty("Panes");
         p.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
-        p.ViewPermissions = "All Users";
-        p.EditPermissions = "Administrators";
+        p.Permissions = UserSecurity.SetPermissions("View", Constants.AllUsersRole) + UserSecurity.SetPermissions("Edit", Constants.AdminRole);
         await PageService.AddPageAsync(p);
 
         UriHelper.NavigateTo(url, true);
diff --git a/Oqtane.Client/Modules/Controls/ActionLink.razor b/Oqtane.Client/Modules/Controls/ActionLink.razor
index 3dc6ae12..deb120c0 100644
--- a/Oqtane.Client/Modules/Controls/ActionLink.razor
+++ b/Oqtane.Client/Modules/Controls/ActionLink.razor
@@ -2,6 +2,7 @@
 @using Oqtane.Modules
 @using Oqtane.Services
 @using Oqtane.Shared
+@using Oqtane.Security
 @inherits ModuleBase
 @inject IUserService UserService
 
@@ -70,19 +71,16 @@
                     authorized = true;
                     break;
                 case SecurityAccessLevel.View:
-                    authorized = UserService.IsAuthorized(PageState.User, ModuleState.ViewPermissions);
+                    authorized = UserSecurity.IsAuthorized(PageState.User, "View", ModuleState.Permissions);
                     break;
                 case SecurityAccessLevel.Edit:
-                    authorized = UserService.IsAuthorized(PageState.User, ModuleState.EditPermissions);
+                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions);
                     break;
                 case SecurityAccessLevel.Admin:
-                    authorized = UserService.IsAuthorized(PageState.User, Constants.AdminRole);
+                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole));
                     break;
                 case SecurityAccessLevel.Host:
-                    if (PageState.User != null)
-                    {
-                        authorized = PageState.User.IsSuperUser;
-                    }
+                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole));
                     break;
             }
         }
diff --git a/Oqtane.Client/Modules/Controls/ModuleMessage.razor b/Oqtane.Client/Modules/Controls/ModuleMessage.razor
index 69d1c84d..5b006331 100644
--- a/Oqtane.Client/Modules/Controls/ModuleMessage.razor
+++ b/Oqtane.Client/Modules/Controls/ModuleMessage.razor
@@ -1,30 +1,22 @@
 @using Oqtane.Modules
 @inherits ModuleBase
 
-@if (authorized)
+@if (Message != "")
 {
-    <div class="@type">
-        @Message
-    </div>
+    <div class="@type">@Message</div><br /><br />
 }
 
 @code {
-    [Parameter]
-    public MessageType Type { get; set; }
-
     [Parameter]
     public string Message { get; set; }
 
-    string type = "alert alert-success"; // optional
-    bool authorized = false;
+    [Parameter]
+    public MessageType Type { get; set; }
+
+    string type = "alert alert-danger"; 
 
     protected override void OnInitialized()
     {
-        if (PageState.User != null)
-        {
-            authorized = PageState.User.IsSuperUser;
-        }
-
         switch (Type)
         {
             case MessageType.Success:
diff --git a/Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs b/Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
index aca530af..e5fb4e85 100644
--- a/Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
+++ b/Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
@@ -29,22 +29,22 @@ namespace Oqtane.Client.Modules.HtmlText.Services
 
         public async Task<HtmlTextInfo> GetHtmlTextAsync(int ModuleId)
         {
-            return await http.GetJsonAsync<HtmlTextInfo>(apiurl + "/" + ModuleId.ToString());
+            return await http.GetJsonAsync<HtmlTextInfo>(apiurl + "/" + ModuleId.ToString() + "?entityid=" + ModuleId.ToString());
         }
 
         public async Task AddHtmlTextAsync(HtmlTextInfo htmltext)
         {
-            await http.PostJsonAsync(apiurl, htmltext);
+            await http.PostJsonAsync(apiurl + "?entityid=" + htmltext.ModuleId.ToString(), htmltext);
         }
 
         public async Task UpdateHtmlTextAsync(HtmlTextInfo htmltext)
         {
-            await http.PutJsonAsync(apiurl + "/" + htmltext.HtmlTextId.ToString(), htmltext);
+            await http.PutJsonAsync(apiurl + "/" + htmltext.HtmlTextId.ToString() + "?entityid=" + htmltext.ModuleId.ToString(), htmltext);
         }
 
-        public async Task DeleteHtmlTextAsync(int HtmlTextId)
+        public async Task DeleteHtmlTextAsync(int ModuleId)
         {
-            await http.DeleteAsync(apiurl + "/" + HtmlTextId.ToString());
+            await http.DeleteAsync(apiurl + "/" + ModuleId.ToString() + "?entityid=" + ModuleId.ToString());
         }
     }
 }
diff --git a/Oqtane.Client/Modules/HtmlText/Services/IHtmlTextService.cs b/Oqtane.Client/Modules/HtmlText/Services/IHtmlTextService.cs
index 9d3bfa98..fe880d87 100644
--- a/Oqtane.Client/Modules/HtmlText/Services/IHtmlTextService.cs
+++ b/Oqtane.Client/Modules/HtmlText/Services/IHtmlTextService.cs
@@ -12,6 +12,6 @@ namespace Oqtane.Client.Modules.HtmlText.Services
 
         Task UpdateHtmlTextAsync(HtmlTextInfo htmltext);
 
-        Task DeleteHtmlTextAsync(int HtmlTextId);
+        Task DeleteHtmlTextAsync(int ModuleId);
     }
 }
diff --git a/Oqtane.Client/Providers/IdentityAuthenticationStateProvider.cs b/Oqtane.Client/Providers/IdentityAuthenticationStateProvider.cs
index 083aa7c5..c02016a5 100644
--- a/Oqtane.Client/Providers/IdentityAuthenticationStateProvider.cs
+++ b/Oqtane.Client/Providers/IdentityAuthenticationStateProvider.cs
@@ -32,7 +32,8 @@ namespace Oqtane.Providers
             {
                 identity = new ClaimsIdentity("Identity.Application");
                 identity.AddClaim(new Claim(ClaimTypes.Name, user.Username));
-                foreach(string role in user.Roles.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
+                identity.AddClaim(new Claim(ClaimTypes.PrimarySid, user.UserId.ToString()));
+                foreach (string role in user.Roles.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
                 {
                     identity.AddClaim(new Claim(ClaimTypes.Role, role));
                 }
diff --git a/Oqtane.Client/Services/Interfaces/IUserService.cs b/Oqtane.Client/Services/Interfaces/IUserService.cs
index e1626201..9b0a0ead 100644
--- a/Oqtane.Client/Services/Interfaces/IUserService.cs
+++ b/Oqtane.Client/Services/Interfaces/IUserService.cs
@@ -21,7 +21,5 @@ namespace Oqtane.Services
         Task<User> LoginUserAsync(User User, bool SetCookie, bool IsPersistent);
 
         Task LogoutUserAsync();
-
-        bool IsAuthorized(User User, string AccessControlList);
     }
 }
diff --git a/Oqtane.Client/Services/UserService.cs b/Oqtane.Client/Services/UserService.cs
index ec35fc39..ab736094 100644
--- a/Oqtane.Client/Services/UserService.cs
+++ b/Oqtane.Client/Services/UserService.cs
@@ -67,78 +67,5 @@ namespace Oqtane.Services
             // best practices recommend post is preferrable to get for logout
             await http.PostJsonAsync(apiurl + "/logout", null); 
         }
-
-        // ACLs are stored in the format "!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]" where "!" designates Deny permissions
-        public bool IsAuthorized(User User, string AccessControlList)
-        {
-            bool isAllowed = false;
-
-            if (User != null)
-            {
-                // super user always has full access
-                isAllowed = User.IsSuperUser;
-            }
-
-            if (!isAllowed)
-            {
-                if (AccessControlList != null)
-                {
-                    foreach (string permission in AccessControlList.Split(new[] { ';' }))
-                    {
-                        bool? allowed = VerifyPermission(User, permission);
-                        if (allowed.HasValue)
-                        {
-                            isAllowed = allowed.Value;
-                            break;
-                        }
-                    }
-                }
-            }
-            return isAllowed;
-        }
-
-        private bool? VerifyPermission(User user, string permission)
-        {
-            bool? allowed = null;
-            //permissions strings are encoded with deny permissions at the beginning and grant permissions at the end for optimal performance
-            if (!String.IsNullOrEmpty(permission))
-            {
-                // deny permission
-                if (permission.StartsWith("!"))
-                {
-                    string denyRole = permission.Replace("!", "");
-                    if (denyRole == Constants.AllUsersRole || IsAllowed(user, denyRole))
-                    {
-                        allowed = false;
-                    }
-                }
-                else // grant permission
-                {
-                    if (permission == Constants.AllUsersRole || IsAllowed(user, permission))
-                    {
-                        allowed = true;
-                    }
-                }
-            }
-            return allowed;
-        }
-
-        private bool IsAllowed(User user, string permission)
-        {
-            if (user != null)
-            {
-                if ("[" + user.UserId + "]" == permission)
-                {
-                    return true;
-                }
-
-                var roles = user.Roles;
-                if (roles != null)
-                {
-                    return roles.IndexOf(";" + permission + ";") != -1;
-                }
-            }
-            return false;
-        }
     }
 }
diff --git a/Oqtane.Client/Shared/Container.razor b/Oqtane.Client/Shared/Container.razor
index 907df9c8..92aa6e62 100644
--- a/Oqtane.Client/Shared/Container.razor
+++ b/Oqtane.Client/Shared/Container.razor
@@ -34,8 +34,7 @@
                 {
                     // container does not exist with type specified
                     builder.OpenComponent(0, Type.GetType(Constants.ModuleMessageControl));
-                    builder.AddAttribute(1, "Type", MessageType.Error);
-                    builder.AddAttribute(2, "Message", "Error Loading Module Container " + container);
+                    builder.AddAttribute(1, "Message", "Error Loading Module Container " + container);
                     builder.CloseComponent();
                 }
             }
diff --git a/Oqtane.Client/Shared/Installer.razor b/Oqtane.Client/Shared/Installer.razor
index 72e662e7..a4e13401 100644
--- a/Oqtane.Client/Shared/Installer.razor
+++ b/Oqtane.Client/Shared/Installer.razor
@@ -82,10 +82,10 @@
                 <tbody>
                     <tr>
                         <td>
-                            <label for="Title" class="control-label" style="font-weight: bold">Username: </label>
+                            <label for="Title" class="control-label" style="font-weight: bold">Email: </label>
                         </td>
                         <td>
-                            <input type="text" id="Email" class="form-control" @bind="@HostUsername" />
+                            <input type="text" id="Email" class="form-control" @bind="@Email" />
                         </td>
                     </tr>
                     <tr>
@@ -115,7 +115,7 @@
     private string DatabaseName = "Oqtane-" + DateTime.Now.ToString("yyyyMMddHHmm");
     private string Username = "";
     private string Password = "";
-    private string HostUsername = "host";
+    private string Email = "";
     private string HostPassword = "";
     private string Message = "";
 
@@ -164,11 +164,11 @@
             {
                 User user = new User();
                 user.SiteId = 1;
-                user.Username = HostUsername;
-                user.DisplayName = HostUsername;
+                user.Username = Email;
+                user.DisplayName = Email;
+                user.Email = Email;
                 user.Password = HostPassword;
-                user.IsSuperUser = true;
-                user.Roles = "";
+                user.IsHost = true;
                 user = await UserService.AddUserAsync(user);
 
                 UriHelper.NavigateTo("", true);
diff --git a/Oqtane.Client/Shared/ModuleInstance.razor b/Oqtane.Client/Shared/ModuleInstance.razor
index a1d3548e..8eb83f48 100644
--- a/Oqtane.Client/Shared/ModuleInstance.razor
+++ b/Oqtane.Client/Shared/ModuleInstance.razor
@@ -36,8 +36,7 @@
             {
                 // module does not exist with typename specified
                 builder.OpenComponent(0, Type.GetType(Constants.ModuleMessageControl));
-                builder.AddAttribute(1, "Type", MessageType.Error);
-                builder.AddAttribute(2, "Message", "Error Loading Component For Module " + ModuleState.ModuleDefinitionName);
+                builder.AddAttribute(1, "Message", "Error Loading Component For Module " + ModuleState.ModuleDefinitionName);
                 builder.CloseComponent();
             }
         };
diff --git a/Oqtane.Client/Shared/Pane.razor b/Oqtane.Client/Shared/Pane.razor
index b2f803aa..3f245bf7 100644
--- a/Oqtane.Client/Shared/Pane.razor
+++ b/Oqtane.Client/Shared/Pane.razor
@@ -3,6 +3,7 @@
 @using Oqtane.Modules
 @using Oqtane.Models
 @using Oqtane.Shared
+@using Oqtane.Security
 @using System.Linq
 @inject IUserService UserService
 @inject IModuleService ModuleService
@@ -27,7 +28,7 @@
 
     protected override void OnInitialized()
     {
-        if (UserService.IsAuthorized(PageState.User, PageState.Page.EditPermissions) && Name != Constants.AdminPane)
+        if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions) && Name != Constants.AdminPane)
         {
             paneadminborder = "pane-admin-border";
             panetitle = "<div class=\"pane-admin-title\">" + Name + " Pane</div>";
@@ -60,16 +61,16 @@
                                     authorized = true;
                                     break;
                                 case SecurityAccessLevel.View:
-                                    authorized = UserService.IsAuthorized(PageState.User, module.ViewPermissions);
+                                    authorized = UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions);
                                     break;
                                 case SecurityAccessLevel.Edit:
-                                    authorized = UserService.IsAuthorized(PageState.User, module.EditPermissions);
+                                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", module.Permissions);
                                     break;
                                 case SecurityAccessLevel.Admin:
-                                    authorized = UserService.IsAuthorized(PageState.User, Constants.AdminRole);
+                                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole));
                                     break;
                                 case SecurityAccessLevel.Host:
-                                    authorized = PageState.User.IsSuperUser;
+                                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole));
                                     break;
                             }
                             if (authorized)
@@ -103,7 +104,7 @@
                     if (module != null && module.Pane == Name)
                     {
                         // check if user is authorized to view module
-                        if (UserService.IsAuthorized(PageState.User, module.ViewPermissions))
+                        if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
                         {
                             builder.OpenComponent(0, Type.GetType(Constants.DefaultContainer));
                             builder.AddAttribute(1, "Module", module);
@@ -116,7 +117,7 @@
                     foreach (Module module in PageState.Modules.Where(item => item.Pane == Name).OrderBy(x => x.Order).ToArray())
                     {
                         // check if user is authorized to view module
-                        if (UserService.IsAuthorized(PageState.User, module.ViewPermissions))
+                        if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
                         {
                             builder.OpenComponent(0, Type.GetType(Constants.DefaultContainer));
                             builder.AddAttribute(1, "Module", module);
diff --git a/Oqtane.Client/Shared/SiteRouter.razor b/Oqtane.Client/Shared/SiteRouter.razor
index 995e5b55..b57a545e 100644
--- a/Oqtane.Client/Shared/SiteRouter.razor
+++ b/Oqtane.Client/Shared/SiteRouter.razor
@@ -4,6 +4,7 @@
 @using System.Linq
 @using System.Collections.Generic
 @using Oqtane.Shared
+@using Oqtane.Security
 @using Microsoft.AspNetCore.Components.Routing
 @inject AuthenticationStateProvider AuthenticationStateProvider
 @inject SiteState SiteState
@@ -153,12 +154,12 @@
             }
 
             // extract admin route elements from path
-            string[] segments = path.Split('/');
+            string[] segments = path.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
             int result;
-            if (segments.Length >= 3 && int.TryParse(segments[segments.Length - 3], out result))
+            if (segments.Length >= 2 && int.TryParse(segments[segments.Length - 2], out result))
             {
                 // path has moduleid and control specification ie. page/moduleid/control/
-                control = segments[segments.Length - 2];
+                control = segments[segments.Length - 1];
                 moduleid = result;
                 path = path.Replace(moduleid.ToString() + "/" + control + "/", "");
             }
@@ -206,7 +207,7 @@
             if (page != null)
             {
                 // check if user is authorized to view page
-                if (UserService.IsAuthorized(user, page.ViewPermissions))
+                if (UserSecurity.IsAuthorized(user, "View", page.Permissions))
                 {
                     pagestate = new PageState();
                     pagestate.ModuleDefinitions = moduledefinitions;
@@ -278,7 +279,7 @@
         Dictionary<string, string> querystring = new Dictionary<string, string>();
         if (path.IndexOf("?") != -1)
         {
-            foreach (string kvp in path.Substring(path.IndexOf("?") + 1).Split('&'))
+            foreach (string kvp in path.Substring(path.IndexOf("?") + 1).Split(new[] { '&' }, StringSplitOptions.RemoveEmptyEntries))
             {
                 if (kvp != "")
                 {
@@ -316,7 +317,7 @@
                 string typename = moduledefinition.ControlTypeTemplate;
                 if (moduledefinition.ControlTypeRoutes != "")
                 {
-                    foreach (string route in moduledefinition.ControlTypeRoutes.Split(';'))
+                    foreach (string route in moduledefinition.ControlTypeRoutes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
                     {
                         if (route.StartsWith(control + "="))
                         {
diff --git a/Oqtane.Client/Shared/Theme.razor b/Oqtane.Client/Shared/Theme.razor
index b9431f4d..ad9abdc9 100644
--- a/Oqtane.Client/Shared/Theme.razor
+++ b/Oqtane.Client/Shared/Theme.razor
@@ -22,8 +22,7 @@
             {
                 // theme does not exist with type specified
                 builder.OpenComponent(0, Type.GetType(Constants.ModuleMessageControl));
-                builder.AddAttribute(1, "Type", MessageType.Error);
-                builder.AddAttribute(2, "Message", "Error Loading Page Theme " + PageState.Page.ThemeType);
+                builder.AddAttribute(1, "Message", "Error Loading Page Theme " + PageState.Page.ThemeType);
                 builder.CloseComponent();
             }
         };
diff --git a/Oqtane.Client/Shared/Utilities.cs b/Oqtane.Client/Shared/Utilities.cs
index fc4524f7..f4a60e71 100644
--- a/Oqtane.Client/Shared/Utilities.cs
+++ b/Oqtane.Client/Shared/Utilities.cs
@@ -35,6 +35,7 @@ namespace Oqtane.Shared
         public static string EditUrl(string alias, string path, int moduleid, string action, string parameters)
         {
             string url = NavigateUrl(alias, path, "");
+            if (url == "/") url = "";
             if (moduleid != -1)
             {
                 url += "/" + moduleid.ToString();
diff --git a/Oqtane.Client/Themes/Controls/ControlPanel.razor b/Oqtane.Client/Themes/Controls/ControlPanel.razor
index 7a51c3db..9eb030bf 100644
--- a/Oqtane.Client/Themes/Controls/ControlPanel.razor
+++ b/Oqtane.Client/Themes/Controls/ControlPanel.razor
@@ -3,6 +3,7 @@
 @using Oqtane.Models
 @using Oqtane.Themes
 @using Oqtane.Shared
+@using Oqtane.Security
 @inherits ThemeObjectBase
 @inject IUriHelper UriHelper
 @inject IUserService UserService
@@ -44,7 +45,7 @@
                 <label for="Pane" class="control-label" style="color: white !important;">Pane: </label>
                 <select class="form-control" @bind="@pane">
                     <option value="">&lt;Select Pane&gt;</option>
-                    @foreach (string pane in PageState.Page.Panes.Split(';'))
+                    @foreach (string pane in PageState.Page.Panes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
                     {
                         <option value="@pane">@pane Pane</option>
                     }
@@ -89,7 +90,7 @@
         {
             pagemanagementmoduleid = modules.FirstOrDefault().ModuleId;
         }
-        if (UserService.IsAuthorized(PageState.User, PageState.Page.EditPermissions))
+        if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
         {
             display = "display: inline";
         }
@@ -100,8 +101,7 @@
         Module module = new Module();
         module.SiteId = PageState.Site.SiteId;
         module.ModuleDefinitionName = moduledefinitionname;
-        module.ViewPermissions = PageState.Page.ViewPermissions;
-        module.EditPermissions = PageState.Page.EditPermissions;
+        module.Permissions = PageState.Page.Permissions;
         await ModuleService.AddModuleAsync(module);
 
         List<Module> modules = await ModuleService.GetModulesAsync(PageState.Site.SiteId, moduledefinitionname);
diff --git a/Oqtane.Client/Themes/Controls/Menu.razor b/Oqtane.Client/Themes/Controls/Menu.razor
index 1d841837..21bdc6b6 100644
--- a/Oqtane.Client/Themes/Controls/Menu.razor
+++ b/Oqtane.Client/Themes/Controls/Menu.razor
@@ -2,6 +2,7 @@
 @using Oqtane.Themes
 @using Oqtane.Services
 @using Oqtane.Models;
+@using Oqtane.Security
 @inherits ThemeObjectBase
 @inject IPageService PageService
 @inject IUserService UserService
@@ -18,7 +19,7 @@
     }
     @foreach (var p in pages)
     {
-        if (p.IsNavigation && UserService.IsAuthorized(PageState.User, p.ViewPermissions))
+        if (p.IsNavigation && UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
         {
             string url = NavigateUrl(p.Path);
             <li class="nav-item px-3">
diff --git a/Oqtane.Client/Themes/Controls/ModuleActions.razor b/Oqtane.Client/Themes/Controls/ModuleActions.razor
index 66c4c451..a37dec34 100644
--- a/Oqtane.Client/Themes/Controls/ModuleActions.razor
+++ b/Oqtane.Client/Themes/Controls/ModuleActions.razor
@@ -2,6 +2,7 @@
 @using Oqtane.Services
 @using Oqtane.Models
 @using Oqtane.Shared
+@using Oqtane.Security
 @inherits ContainerBase
 @inject IUriHelper UriHelper
 @inject IUserService UserService
@@ -32,7 +33,7 @@
         {
             actions.Add(new ActionViewModel { Action = "down", Name = "Move Down" });
         }
-        foreach (string pane in PageState.Page.Panes.Split(';'))
+        foreach (string pane in PageState.Page.Panes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
         {
             if (pane != ModuleState.Pane)
             {
@@ -42,7 +43,7 @@
         actions.Add(new ActionViewModel { Action = "settings", Name = "Settings" });
         actions.Add(new ActionViewModel { Action = "delete", Name = "Delete" });
 
-        if (UserService.IsAuthorized(PageState.User, ModuleState.EditPermissions))
+        if (UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions))
         {
             display = "display: inline";
         }
diff --git a/Oqtane.Server/Controllers/AliasController.cs b/Oqtane.Server/Controllers/AliasController.cs
index f09fa92d..9e9e4bae 100644
--- a/Oqtane.Server/Controllers/AliasController.cs
+++ b/Oqtane.Server/Controllers/AliasController.cs
@@ -32,7 +32,7 @@ namespace Oqtane.Controllers
 
         // POST api/<controller>
         [HttpPost]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public Alias Post([FromBody] Alias Alias)
         {
             if (ModelState.IsValid)
@@ -44,7 +44,7 @@ namespace Oqtane.Controllers
 
         // PUT api/<controller>/5
         [HttpPut("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public Alias Put(int id, [FromBody] Alias Alias)
         {
             if (ModelState.IsValid)
@@ -55,8 +55,8 @@ namespace Oqtane.Controllers
         }
 
         // DELETE api/<controller>/5
-        [Authorize]
         [HttpDelete("{id}")]
+        [Authorize(Roles = "Administrators")]
         public void Delete(int id)
         {
             Aliases.DeleteAlias(id);
diff --git a/Oqtane.Server/Controllers/InstallationController.cs b/Oqtane.Server/Controllers/InstallationController.cs
index 7390dfd7..99f0f769 100644
--- a/Oqtane.Server/Controllers/InstallationController.cs
+++ b/Oqtane.Server/Controllers/InstallationController.cs
@@ -4,9 +4,7 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Oqtane.Models;
-using Oqtane.Repository;
 using System;
-using System.Collections.Generic;
 using System.Data.SqlClient;
 using System.IO;
 using System.Linq;
diff --git a/Oqtane.Server/Controllers/ModuleController.cs b/Oqtane.Server/Controllers/ModuleController.cs
index 2a9045db..a29e5059 100644
--- a/Oqtane.Server/Controllers/ModuleController.cs
+++ b/Oqtane.Server/Controllers/ModuleController.cs
@@ -54,7 +54,7 @@ namespace Oqtane.Controllers
 
         // POST api/<controller>
         [HttpPost]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public Module Post([FromBody] Module Module)
         {
             if (ModelState.IsValid)
@@ -66,7 +66,7 @@ namespace Oqtane.Controllers
 
         // PUT api/<controller>/5
         [HttpPut("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public Module Put(int id, [FromBody] Module Module)
         {
             if (ModelState.IsValid)
@@ -78,7 +78,7 @@ namespace Oqtane.Controllers
 
         // DELETE api/<controller>/5
         [HttpDelete("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public void Delete(int id)
         {
             Modules.DeleteModule(id);
diff --git a/Oqtane.Server/Controllers/PageModuleController.cs b/Oqtane.Server/Controllers/PageModuleController.cs
index ae4f41e8..8ae9d032 100644
--- a/Oqtane.Server/Controllers/PageModuleController.cs
+++ b/Oqtane.Server/Controllers/PageModuleController.cs
@@ -32,7 +32,7 @@ namespace Oqtane.Controllers
 
         // POST api/<controller>
         [HttpPost]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public PageModule Post([FromBody] PageModule PageModule)
         {
             if (ModelState.IsValid)
@@ -44,7 +44,7 @@ namespace Oqtane.Controllers
 
         // PUT api/<controller>/5
         [HttpPut("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public PageModule Put(int id, [FromBody] PageModule PageModule)
         {
             if (ModelState.IsValid)
@@ -56,7 +56,7 @@ namespace Oqtane.Controllers
 
         // DELETE api/<controller>/5
         [HttpDelete("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public void Delete(int id)
         {
             PageModules.DeletePageModule(id);
diff --git a/Oqtane.Server/Controllers/PermissionController.cs b/Oqtane.Server/Controllers/PermissionController.cs
new file mode 100644
index 00000000..59466930
--- /dev/null
+++ b/Oqtane.Server/Controllers/PermissionController.cs
@@ -0,0 +1,65 @@
+using System.Collections.Generic;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Oqtane.Repository;
+using Oqtane.Models;
+
+namespace Oqtane.Controllers
+{
+    [Route("{site}/api/[controller]")]
+    public class PermissionController : Controller
+    {
+        private readonly IPermissionRepository Permissions;
+
+        public PermissionController(IPermissionRepository Permissions)
+        {
+            this.Permissions = Permissions;
+        }
+
+        // GET: api/<controller>
+        [HttpGet]
+        public IEnumerable<Permission> Get(string entityname, int entityid, string permissionname)
+        {
+            return Permissions.GetPermissions(entityname, entityid, permissionname);
+        }
+
+        // GET api/<controller>/5
+        [HttpGet("{id}")]
+        public Permission Get(int id)
+        {
+            return Permissions.GetPermission(id);
+        }
+
+        // POST api/<controller>
+        [HttpPost]
+        [Authorize(Roles = "Administrators")]
+        public Permission Post([FromBody] Permission Permission)
+        {
+            if (ModelState.IsValid)
+            {
+                Permission = Permissions.AddPermission(Permission);
+            }
+            return Permission;
+        }
+
+        // PUT api/<controller>/5
+        [HttpPut("{id}")]
+        [Authorize(Roles = "Administrators")]
+        public Permission Put(int id, [FromBody] Permission Permission)
+        {
+            if (ModelState.IsValid)
+            {
+                Permission = Permissions.UpdatePermission(Permission);
+            }
+            return Permission;
+        }
+
+        // DELETE api/<controller>/5
+        [HttpDelete("{id}")]
+        [Authorize(Roles = "Administrators")]
+        public void Delete(int id)
+        {
+            Permissions.DeletePermission(id);
+        }
+    }
+}
diff --git a/Oqtane.Server/Controllers/RoleController.cs b/Oqtane.Server/Controllers/RoleController.cs
index f94dbcb9..7401b2bf 100644
--- a/Oqtane.Server/Controllers/RoleController.cs
+++ b/Oqtane.Server/Controllers/RoleController.cs
@@ -39,7 +39,7 @@ namespace Oqtane.Controllers
 
         // POST api/<controller>
         [HttpPost]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public Role Post([FromBody] Role Role)
         {
             if (ModelState.IsValid)
@@ -51,7 +51,7 @@ namespace Oqtane.Controllers
 
         // PUT api/<controller>/5
         [HttpPut("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public Role Put(int id, [FromBody] Role Role)
         {
             if (ModelState.IsValid)
@@ -63,7 +63,7 @@ namespace Oqtane.Controllers
 
         // DELETE api/<controller>/5
         [HttpDelete("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public void Delete(int id)
         {
             Roles.DeleteRole(id);
diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs
index c64fd905..535b2d38 100644
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@@ -8,6 +8,7 @@ using Microsoft.AspNetCore.Identity;
 using System.Threading.Tasks;
 using System.Linq;
 using System.Security.Claims;
+using Oqtane.Shared;
 
 namespace Oqtane.Controllers
 {
@@ -54,7 +55,7 @@ namespace Oqtane.Controllers
             if (user != null)
             {
                 user.SiteId = int.Parse(siteid);
-                if (!user.IsSuperUser) // super users are part of every site by default
+                if (!user.IsHost) // host users are part of every site by default
                 {
                     SiteUser siteuser = SiteUsers.GetSiteUser(user.SiteId, id);
                     if (siteuser != null)
@@ -62,6 +63,10 @@ namespace Oqtane.Controllers
                         user.Roles = GetUserRoles(user.UserId, user.SiteId);
                     }
                 }
+                else
+                {
+                    user.Roles = ";" + Constants.HostRole + ";" + Constants.AdminRole + ";";
+                }
             }
             return user;
         }
@@ -74,7 +79,7 @@ namespace Oqtane.Controllers
             if (user != null)
             {
                 user.SiteId = int.Parse(siteid);
-                if (!user.IsSuperUser) // super users are part of every site by default
+                if (!user.IsHost) // host users are part of every site by default
                 {
                     SiteUser siteuser = SiteUsers.GetSiteUser(user.SiteId, user.UserId);
                     if (siteuser != null)
@@ -86,6 +91,10 @@ namespace Oqtane.Controllers
                         user = null;
                     }
                 }
+                else
+                {
+                    user.Roles = ";" + Constants.HostRole + ";" + Constants.AdminRole + ";";
+                }
             }
             return user;
         }
@@ -98,58 +107,66 @@ namespace Oqtane.Controllers
 
             if (ModelState.IsValid)
             {
-                IdentityUser identityuser = await IdentityUserManager.FindByNameAsync(User.Username);
-                if (identityuser == null)
+                bool authorized = HttpContext.User.IsInRole(Constants.AdminRole);
+                if (!authorized && !Users.GetUsers().Any())
                 {
-                    identityuser = new IdentityUser();
-                    identityuser.UserName = User.Username;
-                    identityuser.Email = User.Username;
-                    var result = await IdentityUserManager.CreateAsync(identityuser, User.Password);
-                    if (result.Succeeded)
+                    authorized = true; // during initial installation we need to be able to create the host user
+                }
+                if (authorized)
+                {
+                    IdentityUser identityuser = await IdentityUserManager.FindByNameAsync(User.Username);
+                    if (identityuser == null)
                     {
-                        user = Users.AddUser(User);
-                        if (!user.IsSuperUser)
+                        identityuser = new IdentityUser();
+                        identityuser.UserName = User.Username;
+                        identityuser.Email = User.Username;
+                        var result = await IdentityUserManager.CreateAsync(identityuser, User.Password);
+                        if (result.Succeeded)
                         {
-                            SiteUser siteuser = new SiteUser();
-                            siteuser.SiteId = User.SiteId;
-                            siteuser.UserId = user.UserId;
-                            SiteUsers.AddSiteUser(siteuser);
-
-                            List<Role> roles = Roles.GetRoles(user.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
-                            foreach (Role role in roles)
+                            user = Users.AddUser(User);
+                            if (!user.IsHost) // host users are part of every site by default
                             {
-                                UserRole userrole = new UserRole();
-                                userrole.UserId = user.UserId;
-                                userrole.RoleId = role.RoleId;
-                                userrole.EffectiveDate = null;
-                                userrole.ExpiryDate = null;
-                                UserRoles.AddUserRole(userrole);
+                                SiteUser siteuser = new SiteUser();
+                                siteuser.SiteId = User.SiteId;
+                                siteuser.UserId = user.UserId;
+                                SiteUsers.AddSiteUser(siteuser);
+
+                                List<Role> roles = Roles.GetRoles(user.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
+                                foreach (Role role in roles)
+                                {
+                                    UserRole userrole = new UserRole();
+                                    userrole.UserId = user.UserId;
+                                    userrole.RoleId = role.RoleId;
+                                    userrole.EffectiveDate = null;
+                                    userrole.ExpiryDate = null;
+                                    UserRoles.AddUserRole(userrole);
+                                }
                             }
                         }
                     }
-                }
-                else
-                {
-                    user = Users.GetUser(User.Username);
-                    SiteUser siteuser = SiteUsers.GetSiteUser(User.SiteId, user.UserId);
-                    if (siteuser == null)
+                    else
                     {
-                        if (!user.IsSuperUser)
+                        user = Users.GetUser(User.Username);
+                        SiteUser siteuser = SiteUsers.GetSiteUser(User.SiteId, user.UserId);
+                        if (siteuser == null)
                         {
-                            siteuser = new SiteUser();
-                            siteuser.SiteId = User.SiteId;
-                            siteuser.UserId = user.UserId;
-                            SiteUsers.AddSiteUser(siteuser);
-
-                            List<Role> roles = Roles.GetRoles(User.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
-                            foreach (Role role in roles)
+                            if (!user.IsHost) // host users are part of every site by default
                             {
-                                UserRole userrole = new UserRole();
-                                userrole.UserId = user.UserId;
-                                userrole.RoleId = role.RoleId;
-                                userrole.EffectiveDate = null;
-                                userrole.ExpiryDate = null;
-                                UserRoles.AddUserRole(userrole);
+                                siteuser = new SiteUser();
+                                siteuser.SiteId = User.SiteId;
+                                siteuser.UserId = user.UserId;
+                                SiteUsers.AddSiteUser(siteuser);
+
+                                List<Role> roles = Roles.GetRoles(User.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
+                                foreach (Role role in roles)
+                                {
+                                    UserRole userrole = new UserRole();
+                                    userrole.UserId = user.UserId;
+                                    userrole.RoleId = role.RoleId;
+                                    userrole.EffectiveDate = null;
+                                    userrole.ExpiryDate = null;
+                                    UserRoles.AddUserRole(userrole);
+                                }
                             }
                         }
                     }
@@ -161,7 +178,7 @@ namespace Oqtane.Controllers
 
         // PUT api/<controller>/5
         [HttpPut("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public User Put(int id, [FromBody] User User)
         {
             if (ModelState.IsValid)
@@ -173,7 +190,7 @@ namespace Oqtane.Controllers
 
         // DELETE api/<controller>/5?siteid=x
         [HttpDelete("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public void Delete(int id, string siteid)
         {
             SiteUser siteuser = SiteUsers.GetSiteUser(id, int.Parse(siteid));
@@ -200,7 +217,7 @@ namespace Oqtane.Controllers
                         user = Users.GetUser(identityuser.UserName);
                         if (user != null)
                         {
-                            if (!user.IsSuperUser) // super users are part of every site by default
+                            if (!user.IsHost) // host users are part of every site by default
                             {
                                 SiteUser siteuser = SiteUsers.GetSiteUser(User.SiteId, user.UserId);
                                 if (siteuser != null)
diff --git a/Oqtane.Server/Controllers/UserRoleController.cs b/Oqtane.Server/Controllers/UserRoleController.cs
index 36f6879d..4bdfba30 100644
--- a/Oqtane.Server/Controllers/UserRoleController.cs
+++ b/Oqtane.Server/Controllers/UserRoleController.cs
@@ -39,7 +39,7 @@ namespace Oqtane.Controllers
 
         // POST api/<controller>
         [HttpPost]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public UserRole Post([FromBody] UserRole UserRole)
         {
             if (ModelState.IsValid)
@@ -51,7 +51,7 @@ namespace Oqtane.Controllers
 
         // PUT api/<controller>/5
         [HttpPut("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public UserRole Put(int id, [FromBody] UserRole UserRole)
         {
             if (ModelState.IsValid)
@@ -63,7 +63,7 @@ namespace Oqtane.Controllers
 
         // DELETE api/<controller>/5
         [HttpDelete("{id}")]
-        [Authorize]
+        [Authorize(Roles = "Administrators")]
         public void Delete(int id)
         {
             UserRoles.DeleteUserRole(id);
diff --git a/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs b/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
index 6a0119d1..5fd53c83 100644
--- a/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
+++ b/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
@@ -1,8 +1,8 @@
-using System.Collections.Generic;
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Authorization;
 using Oqtane.Shared.Modules.HtmlText.Models;
 using Oqtane.Server.Modules.HtmlText.Repository;
+using Microsoft.AspNetCore.Http;
 
 namespace Oqtane.Server.Modules.HtmlText.Controllers
 {
@@ -10,25 +10,36 @@ namespace Oqtane.Server.Modules.HtmlText.Controllers
     public class HtmlTextController : Controller
     {
         private IHtmlTextRepository htmltext;
+        private int EntityId = -1; // passed as a querystring parameter for authorization and used for validation
 
-        public HtmlTextController(IHtmlTextRepository HtmlText)
+        public HtmlTextController(IHtmlTextRepository HtmlText, IHttpContextAccessor HttpContextAccessor)
         {
             htmltext = HtmlText;
+            if (HttpContextAccessor.HttpContext.Request.Query.ContainsKey("entityid"))
+            {
+                EntityId = int.Parse(HttpContextAccessor.HttpContext.Request.Query["entityid"]);
+            }
         }
 
         // GET api/<controller>/5
         [HttpGet("{id}")]
+        [Authorize(Policy = "ViewModule")]
         public HtmlTextInfo Get(int id)
         {
-            return htmltext.GetHtmlText(id);
+            HtmlTextInfo HtmlText = null;
+            if (EntityId == id)
+            {
+               HtmlText = htmltext.GetHtmlText(id);
+            }
+            return HtmlText;
         }
 
         // POST api/<controller>
         [HttpPost]
-        [Authorize]
+        [Authorize(Policy = "EditModule")]
         public HtmlTextInfo Post([FromBody] HtmlTextInfo HtmlText)
         {
-            if (ModelState.IsValid)
+            if (ModelState.IsValid && HtmlText.ModuleId == EntityId)
             {
                 HtmlText = htmltext.AddHtmlText(HtmlText);
             }
@@ -37,10 +48,10 @@ namespace Oqtane.Server.Modules.HtmlText.Controllers
 
         // PUT api/<controller>/5
         [HttpPut("{id}")]
-        [Authorize]
+        [Authorize(Policy = "EditModule")]
         public HtmlTextInfo Put(int id, [FromBody] HtmlTextInfo HtmlText)
         {
-            if (ModelState.IsValid)
+            if (ModelState.IsValid && HtmlText.ModuleId == EntityId)
             {
                 HtmlText = htmltext.UpdateHtmlText(HtmlText);
             }
@@ -49,10 +60,13 @@ namespace Oqtane.Server.Modules.HtmlText.Controllers
 
         // DELETE api/<controller>/5
         [HttpDelete("{id}")]
-        [Authorize]
+        [Authorize(Policy = "EditModule")]
         public void Delete(int id)
         {
-            htmltext.DeleteHtmlText(id);
+            if (id == EntityId)
+            {
+                htmltext.DeleteHtmlText(id);
+            }
         }
     }
 }
diff --git a/Oqtane.Server/Modules/HtmlText/Repository/HtmlTextRepository.cs b/Oqtane.Server/Modules/HtmlText/Repository/HtmlTextRepository.cs
index fc80ddfc..23e6a824 100644
--- a/Oqtane.Server/Modules/HtmlText/Repository/HtmlTextRepository.cs
+++ b/Oqtane.Server/Modules/HtmlText/Repository/HtmlTextRepository.cs
@@ -56,11 +56,11 @@ namespace Oqtane.Server.Modules.HtmlText.Repository
             }
         }
 
-        public void DeleteHtmlText(int HtmlTextId)
+        public void DeleteHtmlText(int ModuleId)
         {
             try
             {
-                HtmlTextInfo HtmlText = db.HtmlText.Find(HtmlTextId);
+                HtmlTextInfo HtmlText = db.HtmlText.Where(item => item.ModuleId == ModuleId).FirstOrDefault();
                 db.HtmlText.Remove(HtmlText);
                 db.SaveChanges();
             }
diff --git a/Oqtane.Server/Modules/HtmlText/Repository/IHtmlTextRepository.cs b/Oqtane.Server/Modules/HtmlText/Repository/IHtmlTextRepository.cs
index cd7ea0e8..95bf5f19 100644
--- a/Oqtane.Server/Modules/HtmlText/Repository/IHtmlTextRepository.cs
+++ b/Oqtane.Server/Modules/HtmlText/Repository/IHtmlTextRepository.cs
@@ -8,6 +8,6 @@ namespace Oqtane.Server.Modules.HtmlText.Repository
         HtmlTextInfo GetHtmlText(int ModuleId);
         HtmlTextInfo AddHtmlText(HtmlTextInfo HtmlText);
         HtmlTextInfo UpdateHtmlText(HtmlTextInfo HtmlText);
-        void DeleteHtmlText(int HtmlTextId);
+        void DeleteHtmlText(int ModuleId);
     }
 }
diff --git a/Oqtane.Server/Repository/Context/TenantDBContext.cs b/Oqtane.Server/Repository/Context/TenantDBContext.cs
index 62c54b0d..f214302b 100644
--- a/Oqtane.Server/Repository/Context/TenantDBContext.cs
+++ b/Oqtane.Server/Repository/Context/TenantDBContext.cs
@@ -14,6 +14,7 @@ namespace Oqtane.Repository
         public virtual DbSet<SiteUser> SiteUser { get; set; }
         public virtual DbSet<Role> Role { get; set; }
         public virtual DbSet<UserRole> UserRole { get; set; }
+        public virtual DbSet<Permission> Permission { get; set; }
         public virtual DbSet<Setting> Setting { get; set; }
 
         public TenantDBContext(ITenantResolver TenantResolver, IHttpContextAccessor accessor) : base(TenantResolver, accessor)
diff --git a/Oqtane.Server/Repository/Interfaces/IPermissionRepository.cs b/Oqtane.Server/Repository/Interfaces/IPermissionRepository.cs
new file mode 100644
index 00000000..c569d86b
--- /dev/null
+++ b/Oqtane.Server/Repository/Interfaces/IPermissionRepository.cs
@@ -0,0 +1,19 @@
+using System.Collections.Generic;
+using Oqtane.Models;
+
+namespace Oqtane.Repository
+{
+    public interface IPermissionRepository
+    {
+        IEnumerable<Permission> GetPermissions(int SiteId, string EntityName);
+        IEnumerable<Permission> GetPermissions(string EntityName, int EntityId);
+        IEnumerable<Permission> GetPermissions(string EntityName, int EntityId, string PermissionName);
+        Permission AddPermission(Permission Permission);
+        Permission UpdatePermission(Permission Permission);
+        void UpdatePermissions(int SiteId, string EntityName, int EntityId, string Permissions);
+        Permission GetPermission(int PermissionId);
+        void DeletePermission(int PermissionId);
+        string EncodePermissions(int EntityId, List<Permission> Permissions);
+        List<Permission> DecodePermissions(string Permissions, int SiteId, string EntityName, int EntityId);
+     }
+}
diff --git a/Oqtane.Server/Repository/ModuleRepository.cs b/Oqtane.Server/Repository/ModuleRepository.cs
index b8248f40..cc453ff7 100644
--- a/Oqtane.Server/Repository/ModuleRepository.cs
+++ b/Oqtane.Server/Repository/ModuleRepository.cs
@@ -8,10 +8,12 @@ namespace Oqtane.Repository
     public class ModuleRepository : IModuleRepository
     {
         private TenantDBContext db;
+        private readonly IPermissionRepository Permissions;
 
-        public ModuleRepository(TenantDBContext context)
+        public ModuleRepository(TenantDBContext context, IPermissionRepository Permissions)
         {
             db = context;
+            this.Permissions = Permissions;
         }
 
         public IEnumerable<Module> GetModules()
@@ -30,10 +32,16 @@ namespace Oqtane.Repository
         {
             try
             {
-                return db.Module
+                List<Permission> permissions = Permissions.GetPermissions(SiteId, "Module").ToList();
+                List<Module> modules = db.Module
                     .Where(item => item.SiteId == SiteId)
                     .Where(item => item.ModuleDefinitionName == ModuleDefinitionName)
                     .ToList();
+                foreach (Module module in modules)
+                {
+                    module.Permissions = Permissions.EncodePermissions(module.ModuleId, permissions);
+                }
+                return modules;
             }
             catch
             {
@@ -47,6 +55,7 @@ namespace Oqtane.Repository
             {
                 db.Module.Add(Module);
                 db.SaveChanges();
+                Permissions.UpdatePermissions(Module.SiteId, "Module", Module.ModuleId, Module.Permissions);
                 return Module;
             }
             catch
@@ -61,6 +70,7 @@ namespace Oqtane.Repository
             {
                 db.Entry(Module).State = EntityState.Modified;
                 db.SaveChanges();
+                Permissions.UpdatePermissions(Module.SiteId, "Module", Module.ModuleId, Module.Permissions);
                 return Module;
             }
             catch
@@ -73,7 +83,13 @@ namespace Oqtane.Repository
         {
             try
             {
-                return db.Module.Find(ModuleId);
+                Module module = db.Module.Find(ModuleId);
+                if (module != null)
+                {
+                    List<Permission> permissions = Permissions.GetPermissions("Module", module.ModuleId).ToList();
+                    module.Permissions = Permissions.EncodePermissions(module.ModuleId, permissions);
+                }
+                return module;
             }
             catch
             {
@@ -86,6 +102,7 @@ namespace Oqtane.Repository
             try
             {
                 Module Module = db.Module.Find(ModuleId);
+                Permissions.UpdatePermissions(Module.SiteId, "Module", ModuleId, "");
                 db.Module.Remove(Module);
                 db.SaveChanges();
             }
diff --git a/Oqtane.Server/Repository/PageModuleRepository.cs b/Oqtane.Server/Repository/PageModuleRepository.cs
index f626c472..0a8aef19 100644
--- a/Oqtane.Server/Repository/PageModuleRepository.cs
+++ b/Oqtane.Server/Repository/PageModuleRepository.cs
@@ -8,10 +8,12 @@ namespace Oqtane.Repository
     public class PageModuleRepository : IPageModuleRepository
     {
         private TenantDBContext db;
+        private readonly IPermissionRepository Permissions;
 
-        public PageModuleRepository(TenantDBContext context)
+        public PageModuleRepository(TenantDBContext context, IPermissionRepository Permissions)
         {
             db = context;
+            this.Permissions = Permissions;
         }
 
         public IEnumerable<PageModule> GetPageModules()
@@ -29,9 +31,18 @@ namespace Oqtane.Repository
         {
             try
             {
-                return db.PageModule.Where(item => item.PageId == PageId)
+                List<PageModule> pagemodules = db.PageModule.Where(item => item.PageId == PageId)
                     .Include(item => item.Module) // eager load modules
                     .ToList();
+                if (pagemodules != null && pagemodules.Any())
+                {
+                    List<Permission> permissions = Permissions.GetPermissions(pagemodules.FirstOrDefault().Module.SiteId, "Module").ToList();
+                    foreach (PageModule pagemodule in pagemodules)
+                    {
+                        pagemodule.Module.Permissions = Permissions.EncodePermissions(pagemodule.ModuleId, permissions);
+                    }
+                }
+                return pagemodules;
             }
             catch
             {
@@ -71,8 +82,14 @@ namespace Oqtane.Repository
         {
             try
             {
-                return db.PageModule.Include(item => item.Module) // eager load modules
-                    .SingleOrDefault(item => item.PageModuleId == PageModuleId); 
+                PageModule pagemodule = db.PageModule.Include(item => item.Module) // eager load modules
+                    .SingleOrDefault(item => item.PageModuleId == PageModuleId);
+                if (pagemodule != null)
+                {
+                    List<Permission> permissions = Permissions.GetPermissions("Module", pagemodule.ModuleId).ToList();
+                    pagemodule.Module.Permissions = Permissions.EncodePermissions(pagemodule.ModuleId, permissions);
+                }
+                return pagemodule;
             }
             catch
             {
diff --git a/Oqtane.Server/Repository/PageRepository.cs b/Oqtane.Server/Repository/PageRepository.cs
index fcf11a98..250f6390 100644
--- a/Oqtane.Server/Repository/PageRepository.cs
+++ b/Oqtane.Server/Repository/PageRepository.cs
@@ -8,10 +8,12 @@ namespace Oqtane.Repository
     public class PageRepository : IPageRepository
     {
         private TenantDBContext db;
+        private readonly IPermissionRepository Permissions;
 
-        public PageRepository(TenantDBContext context)
+        public PageRepository(TenantDBContext context, IPermissionRepository Permissions)
         {
             db = context;
+            this.Permissions = Permissions;
         }
 
         public IEnumerable<Page> GetPages()
@@ -30,7 +32,13 @@ namespace Oqtane.Repository
         {
             try
             {
-                return db.Page.Where(item => item.SiteId == SiteId).ToList();
+                List<Permission> permissions = Permissions.GetPermissions(SiteId, "Page").ToList();
+                List<Page> pages = db.Page.Where(item => item.SiteId == SiteId).ToList();
+                foreach(Page page in pages)
+                {
+                    page.Permissions = Permissions.EncodePermissions(page.PageId, permissions);
+                }
+                return pages;
             }
             catch
             {
@@ -44,6 +52,7 @@ namespace Oqtane.Repository
             {
                 db.Page.Add(Page);
                 db.SaveChanges();
+                Permissions.UpdatePermissions(Page.SiteId, "Page", Page.PageId, Page.Permissions);
                 return Page;
             }
             catch
@@ -58,6 +67,7 @@ namespace Oqtane.Repository
             {
                 db.Entry(Page).State = EntityState.Modified;
                 db.SaveChanges();
+                Permissions.UpdatePermissions(Page.SiteId, "Page", Page.PageId, Page.Permissions);
                 return Page;
             }
             catch
@@ -70,7 +80,13 @@ namespace Oqtane.Repository
         {
             try
             {
-                return db.Page.Find(PageId);
+                Page page = db.Page.Find(PageId);
+                if (page != null)
+                {
+                    List<Permission> permissions = Permissions.GetPermissions("Page", page.PageId).ToList();
+                    page.Permissions = Permissions.EncodePermissions(page.PageId, permissions);
+                }
+                return page;
             }
             catch
             {
@@ -83,6 +99,7 @@ namespace Oqtane.Repository
             try
             {
                 Page Page = db.Page.Find(PageId);
+                Permissions.UpdatePermissions(Page.SiteId, "Page", PageId, "");
                 db.Page.Remove(Page);
                 db.SaveChanges();
             }
diff --git a/Oqtane.Server/Repository/PermissionRepository.cs b/Oqtane.Server/Repository/PermissionRepository.cs
new file mode 100644
index 00000000..ba2aeee3
--- /dev/null
+++ b/Oqtane.Server/Repository/PermissionRepository.cs
@@ -0,0 +1,236 @@
+using Microsoft.EntityFrameworkCore;
+using System.Collections.Generic;
+using System.Linq;
+using Oqtane.Models;
+using System.Text;
+using System;
+
+namespace Oqtane.Repository
+{
+    public class PermissionRepository : IPermissionRepository
+    {
+        private TenantDBContext db;
+        private readonly IRoleRepository Roles;
+
+        public PermissionRepository(TenantDBContext context, IRoleRepository Roles)
+        {
+            db = context;
+            this.Roles = Roles;
+        }
+
+        public IEnumerable<Permission> GetPermissions(int SiteId, string EntityName)
+        {
+            try
+            {
+                return db.Permission.Where(item => item.SiteId == SiteId)
+                    .Where(item => item.EntityName == EntityName)
+                    .Include(item => item.Role); // eager load roles
+            }
+            catch
+            {
+                throw;
+            }
+        }
+
+        public IEnumerable<Permission> GetPermissions(string EntityName, int EntityId)
+        {
+            try
+            {
+                return db.Permission.Where(item => item.EntityName == EntityName)
+                    .Where(item => item.EntityId == EntityId)
+                    .Include(item => item.Role); // eager load roles
+            }
+            catch
+            {
+                throw;
+            }
+        }
+
+        public IEnumerable<Permission> GetPermissions(string EntityName, int EntityId, string PermissionName)
+        {
+            try
+            {
+                return db.Permission.Where(item => item.EntityName == EntityName)
+                    .Where(item => item.EntityId == EntityId)
+                    .Where(item => item.PermissionName == PermissionName)
+                    .Include(item => item.Role); // eager load roles
+            }
+            catch
+            {
+                throw;
+            }
+        }
+
+        public Permission AddPermission(Permission Permission)
+        {
+            try
+            {
+                db.Permission.Add(Permission);
+                db.SaveChanges();
+                return Permission;
+            }
+            catch
+            {
+                throw;
+            }
+        }
+
+        public Permission UpdatePermission(Permission Permission)
+        {
+            try
+            {
+                db.Entry(Permission).State = EntityState.Modified;
+                db.SaveChanges();
+                return Permission;
+            }
+            catch
+            {
+                throw;
+            }
+        }
+
+        public void UpdatePermissions(int SiteId, string EntityName, int EntityId, string Permissions)
+        {
+            // get current permissions and delete
+            List<Permission> permissions = db.Permission.Where(item => item.EntityName == EntityName)
+                .Where(item => item.EntityId == EntityId).ToList();
+            foreach(Permission permission in permissions)
+            {
+                db.Permission.Remove(permission);
+            }
+            // add permissions
+            permissions = DecodePermissions(Permissions, SiteId, EntityName, EntityId);
+            foreach (Permission permission in permissions)
+            {
+                db.Permission.Add(permission);
+            }
+            db.SaveChanges();
+        }
+
+        public Permission GetPermission(int PermissionId)
+        {
+            try
+            {
+                return db.Permission.Find(PermissionId);
+            }
+            catch
+            {
+                throw;
+            }
+        }
+
+        public void DeletePermission(int PermissionId)
+        {
+            try
+            {
+                Permission Permission = db.Permission.Find(PermissionId);
+                db.Permission.Remove(Permission);
+                db.SaveChanges();
+            }
+            catch
+            {
+                throw;
+            }
+        }
+
+        // permissions are stored in the format "{permissionname:!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]}" where "!" designates Deny permissions
+        public string EncodePermissions(int EntityId, List<Permission> Permissions)
+        {
+            string permissions = "";
+            string permissionname = "";
+            StringBuilder permissionsbuilder = new StringBuilder();
+            string perm = "";
+            foreach (Permission permission in Permissions.Where(item => item.EntityId == EntityId).OrderBy(item => item.PermissionName))
+            {
+                // permission collections are grouped by permissionname
+                if (permissionname != permission.PermissionName)
+                {
+                    permissionname = permission.PermissionName;
+                    permissions += permissionsbuilder.ToString();
+                    permissions += ((permissions != "") ? "}" : "") + "{" + permissionname + ":";
+                    permissionsbuilder = new StringBuilder();
+                }
+
+                // deny permissions are prefixed with a "!"
+                string prefix = !permission.IsAuthorized ? "!" : "";
+
+                // encode permission
+                if (permission.UserId == null)
+                {
+                    perm = prefix + permission.Role.Name + ";";
+                }
+                else
+                {
+                    perm = prefix + "[" + permission.UserId.ToString() + "];";
+                }
+
+                // insert Deny permissions at the beginning and append Grant permissions at the end
+                if (prefix == "!")
+                {
+                    permissionsbuilder.Insert(0, perm);
+                }
+                else
+                {
+                    permissionsbuilder.Append(perm);
+                }
+            }
+
+            if (permissionsbuilder.ToString() != "")
+            {
+                permissions += permissionsbuilder.ToString() + "}";
+            }
+
+            return permissions;
+        }
+
+        public List<Permission> DecodePermissions(string Permissions, int SiteId, string EntityName, int EntityId)
+        {
+            List<Role> roles = Roles.GetRoles(SiteId).ToList();
+            List<Permission> permissions = new List<Permission>();
+            string perm = "";
+            string permissionname;
+            string permissionstring;
+            foreach (string PermissionString in Permissions.Split(new char[] { '{' }, StringSplitOptions.RemoveEmptyEntries))
+            {
+                permissionname = PermissionString.Substring(0, PermissionString.IndexOf(":"));
+                permissionstring = PermissionString.Replace(permissionname + ":", "").Replace("}", "");
+                foreach (string Perm in permissionstring.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
+                {
+                    perm = Perm;
+                    Permission permission = new Permission();
+                    permission.SiteId = SiteId;
+                    permission.EntityName = EntityName;
+                    permission.EntityId = EntityId;
+                    permission.PermissionName = permissionname;
+                    permission.RoleId = null;
+                    permission.UserId = null;
+                    permission.IsAuthorized = true;
+
+                    if (perm.StartsWith("!"))
+                    {
+                        // deny permission
+                        perm.Replace("!", "");
+                        permission.IsAuthorized = false;
+                    }
+                    if (perm.StartsWith("[") && perm.EndsWith("]"))
+                    {
+                        // user id
+                        perm = perm.Replace("[", "").Replace("]", "");
+                        permission.UserId = int.Parse(perm);
+                    }
+                    else
+                    {
+                        // role name
+                        Role role = roles.Where(item => item.Name == perm).SingleOrDefault();
+                        if (role != null)
+                        {
+                            permission.RoleId = role.RoleId;
+                        }
+                    }
+                    permissions.Add(permission);
+                }
+            }
+            return permissions;
+        }
+    }
+}
diff --git a/Oqtane.Server/Repository/TenantResolver.cs b/Oqtane.Server/Repository/TenantResolver.cs
index 35d4b0ab..3c8de2f8 100644
--- a/Oqtane.Server/Repository/TenantResolver.cs
+++ b/Oqtane.Server/Repository/TenantResolver.cs
@@ -2,6 +2,7 @@
 using System.Linq;
 using Oqtane.Models;
 using Microsoft.AspNetCore.Http;
+using System;
 
 namespace Oqtane.Repository
 {
@@ -21,8 +22,8 @@ namespace Oqtane.Repository
             // get alias based on request context
             aliasname = accessor.HttpContext.Request.Host.Value;
             string path = accessor.HttpContext.Request.Path.Value;
-            string[] segments = path.Split('/');
-            if (segments[0] == "api" && segments[1] != "~")
+            string[] segments = path.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
+            if (segments.Length > 0 && segments[0] == "api" && segments[1] != "~")
             {
                 aliasname += "/" + segments[1];
             }
diff --git a/Oqtane.Server/Scripts/00.00.00.sql b/Oqtane.Server/Scripts/00.00.00.sql
index fe02870e..6e34d641 100644
--- a/Oqtane.Server/Scripts/00.00.00.sql
+++ b/Oqtane.Server/Scripts/00.00.00.sql
@@ -27,8 +27,6 @@ CREATE TABLE [dbo].[Page](
 	[ThemeType] [nvarchar](200) NULL,
 	[Icon] [nvarchar](50) NOT NULL,
 	[Panes] [nvarchar](50) NOT NULL,
-	[ViewPermissions] [nvarchar](500) NOT NULL,
-	[EditPermissions] [nvarchar](500) NOT NULL,
 	[ParentId] [int] NULL,
 	[Order] [int] NOT NULL,
 	[IsNavigation] [bit] NOT NULL,
@@ -48,8 +46,6 @@ CREATE TABLE [dbo].[Module](
 	[ModuleId] [int] IDENTITY(1,1) NOT NULL,
 	[SiteId] [int] NOT NULL,
 	[ModuleDefinitionName] [nvarchar](200) NOT NULL,
-	[ViewPermissions] [nvarchar](500) NOT NULL,
-	[EditPermissions] [nvarchar](500) NOT NULL,
 	[CreatedBy] [nvarchar](256) NOT NULL,
 	[CreatedOn] [datetime] NOT NULL,
 	[ModifiedBy] [nvarchar](256) NOT NULL,
@@ -80,26 +76,12 @@ CREATE TABLE [dbo].[PageModule](
 )
 GO
 
-CREATE TABLE [dbo].[HtmlText](
-	[HtmlTextId] [int] IDENTITY(1,1) NOT NULL,
-	[ModuleId] [int] NOT NULL,
-	[Content] [nvarchar](max) NOT NULL,
-	[CreatedBy] [nvarchar](256) NOT NULL,
-	[CreatedOn] [datetime] NOT NULL,
-	[ModifiedBy] [nvarchar](256) NOT NULL,
-	[ModifiedOn] [datetime] NOT NULL,
-  CONSTRAINT [PK_HtmlText] PRIMARY KEY CLUSTERED 
-  (
-	[HtmlTextId] ASC
-  )
-)
-GO
-
 CREATE TABLE [dbo].[User](
 	[UserId] [int] IDENTITY(1,1) NOT NULL,
 	[Username] [nvarchar](256) NOT NULL,
 	[DisplayName] [nvarchar](50) NOT NULL,
-	[IsSuperUser] [bit] NOT NULL,
+	[Email] [nvarchar](256) NOT NULL,
+	[IsHost] [bit] NOT NULL,
 	[CreatedBy] [nvarchar](256) NOT NULL,
 	[CreatedOn] [datetime] NOT NULL,
 	[ModifiedBy] [nvarchar](256) NOT NULL,
@@ -128,7 +110,7 @@ GO
 
 CREATE TABLE [dbo].[Role](
 	[RoleId] [int] IDENTITY(1,1) NOT NULL,
-	[SiteId] [int] NOT NULL,
+	[SiteId] [int] NULL,
 	[Name] [nvarchar](256) NOT NULL,
 	[Description] [nvarchar](50) NOT NULL,
 	[IsAutoAssigned] [bit] NOT NULL,
@@ -160,6 +142,26 @@ CREATE TABLE [dbo].[UserRole](
 )
 GO
 
+CREATE TABLE [dbo].[Permission](
+	[PermissionId] [int] IDENTITY(1,1) NOT NULL,
+	[SiteId] [int] NOT NULL,
+	[EntityName] [nvarchar](50) NOT NULL,
+	[EntityId] [int] NOT NULL,
+	[PermissionName] [nvarchar](50) NOT NULL,
+	[RoleId] [int] NULL,
+	[UserId] [int] NULL,
+	[IsAuthorized] [bit] NOT NULL,
+	[CreatedBy] [nvarchar](256) NOT NULL,
+	[CreatedOn] [datetime] NOT NULL,
+	[ModifiedBy] [nvarchar](256) NOT NULL,
+	[ModifiedOn] [datetime] NOT NULL,
+  CONSTRAINT [PK_Permission] PRIMARY KEY CLUSTERED 
+  (
+	[PermissionId] ASC
+  )
+)
+GO
+
 CREATE TABLE [dbo].[Setting](
 	[SettingId] [int] IDENTITY(1,1) NOT NULL,
 	[EntityName] [nvarchar](50) NOT NULL,
@@ -176,16 +178,27 @@ CREATE TABLE [dbo].[Setting](
   )
 )
 GO
+
+CREATE TABLE [dbo].[HtmlText](
+	[HtmlTextId] [int] IDENTITY(1,1) NOT NULL,
+	[ModuleId] [int] NOT NULL,
+	[Content] [nvarchar](max) NOT NULL,
+	[CreatedBy] [nvarchar](256) NOT NULL,
+	[CreatedOn] [datetime] NOT NULL,
+	[ModifiedBy] [nvarchar](256) NOT NULL,
+	[ModifiedOn] [datetime] NOT NULL,
+  CONSTRAINT [PK_HtmlText] PRIMARY KEY CLUSTERED 
+  (
+	[HtmlTextId] ASC
+  )
+)
+GO
+
 /*  
 
 Create foreign key relationships
 
 */
-ALTER TABLE [dbo].[HtmlText]  WITH CHECK ADD  CONSTRAINT [FK_HtmlText_Module] FOREIGN KEY([ModuleId])
-REFERENCES [dbo].[Module] ([ModuleId])
-ON DELETE CASCADE
-GO
-
 ALTER TABLE [dbo].[Module]  WITH CHECK ADD  CONSTRAINT [FK_Module_Site] FOREIGN KEY([SiteId])
 REFERENCES [dbo].[Site] ([SiteId])
 ON DELETE CASCADE
@@ -214,6 +227,11 @@ ALTER TABLE [dbo].[SiteUser]  WITH CHECK ADD  CONSTRAINT [FK_SiteUser_User] FORE
 REFERENCES [dbo].[User] ([UserId])
 GO
 
+ALTER TABLE [dbo].[HtmlText]  WITH CHECK ADD  CONSTRAINT [FK_HtmlText_Module] FOREIGN KEY([ModuleId])
+REFERENCES [dbo].[Module] ([ModuleId])
+ON DELETE CASCADE
+GO
+
 /*  
 
 Create indexes
@@ -245,120 +263,287 @@ GO
 SET IDENTITY_INSERT [dbo].[Site] OFF
 GO
 
+SET IDENTITY_INSERT [dbo].[Role] ON 
+GO
+INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (-1, null, N'All Users', N'All Users', 0, '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (0, null, N'Super Users', N'Super Users', 0, '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (1, 1, N'Administrators', N'Site Administrators', 0, '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (2, 1, N'Registered Users', N'Registered Users', 1, '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (3, 2, N'Administrators', N'Site Administrators', 0, '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (4, 2, N'Registered Users', N'Registered Users', 1, '', getdate(), '', getdate())
+GO
+SET IDENTITY_INSERT [dbo].[Role] OFF 
+GO
+
 SET IDENTITY_INSERT [dbo].[Page] ON 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (1, 1, N'Page1', N'', N'Oqtane.Client.Themes.Theme1.Theme1, Oqtane.Client', N'oi-home', N'Left;Right', N'All Users', N'Administrators', NULL, 1, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (1, 1, N'Page1', N'', N'Oqtane.Client.Themes.Theme1.Theme1, Oqtane.Client', N'oi-home', N'Left;Right', NULL, 1, 1, N'', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (2, 1, N'Page2', N'page2', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-plus', N'Top;Bottom', N'Administrators', N'Administrators', NULL, 3, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 1, 'View', -1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (3, 1, N'Page3', N'page3', N'Oqtane.Client.Themes.Theme3.Theme3, Oqtane.Client', N'oi-list-rich', N'Left;Right', N'All Users', N'Administrators', NULL, 3, 1, N'Oqtane.Client.Themes.Theme3.HorizontalLayout, Oqtane.Client', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 1, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (4, 1, N'Admin', N'admin', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', N'Administrators', N'Administrators', NULL, 7, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (2, 1, N'Page2', N'page2', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-plus', N'Top;Bottom', NULL, 3, 1, N'', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (5, 1, N'Page Management', N'admin/pages', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 1, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 2, 'View', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (6, 1, N'Login', N'login', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 0, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 2, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (7, 1, N'Register', N'register', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 0, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (3, 1, N'Page3', N'page3', N'Oqtane.Client.Themes.Theme3.Theme3, Oqtane.Client', N'oi-list-rich', N'Left;Right', NULL, 3, 1, N'Oqtane.Client.Themes.Theme3.HorizontalLayout, Oqtane.Client', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (8, 1, N'Site Management', N'admin/sites', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 0, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 3, 'View', -1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (9, 1, N'User Management', N'admin/users', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 2, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 3, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (10, 1, N'Module Management', N'admin/modules', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 3, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (4, 1, N'Admin', N'admin', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', NULL, 7, 1, N'', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (11, 1, N'Theme Management', N'admin/themes', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 4, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 4, 'View', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (12, 2, N'Page1', N'', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 4, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (13, 2, N'Page2', N'page2', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (5, 1, N'Page Management', N'admin/pages', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 1, 1, N'', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (14, 2, N'Login', N'login', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 0, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 5, 'View', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (15, 2, N'Register', N'register', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 0, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 5, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (16, 1, N'Role Management', N'admin/roles', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 5, 1, N'', '', getdate(), '', getdate())
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (6, 1, N'Login', N'login', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', NULL, 1, 0, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 6, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 6, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (7, 1, N'Register', N'register', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', NULL, 1, 0, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 7, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 7, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (8, 1, N'Site Management', N'admin/sites', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 0, 1, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 8, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 8, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (9, 1, N'User Management', N'admin/users', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 2, 1, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 9, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 9, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (10, 1, N'Module Management', N'admin/modules', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 3, 1, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 10, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 10, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (11, 1, N'Theme Management', N'admin/themes', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 4, 1, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 11, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 11, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (12, 2, N'Page1', N'', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', NULL, 1, 1, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 12, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 12, 'Edit', 3, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (13, 2, N'Page2', N'page2', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', NULL, 1, 1, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 13, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 13, 'Edit', 3, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (14, 2, N'Login', N'login', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', NULL, 1, 0, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 14, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 14, 'Edit', 3, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (15, 2, N'Register', N'register', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', NULL, 1, 0, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 15, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 15, 'Edit', 3, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (16, 1, N'Role Management', N'admin/roles', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 5, 1, N'', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 16, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 16, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
 SET IDENTITY_INSERT [dbo].[Page] OFF 
 GO
 
 SET IDENTITY_INSERT [dbo].[Module] ON 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (1, 1, N'Oqtane.Client.Modules.Weather, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (1, 1, N'Oqtane.Client.Modules.Weather, Oqtane.Client', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (2, 1, N'Oqtane.Client.Modules.Counter, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 1, 'View', -1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (3, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 1, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (4, 1, N'Oqtane.Client.Modules.Weather, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (2, 1, N'Oqtane.Client.Modules.Counter, Oqtane.Client', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (5, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 2, 'View', -1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (6, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 2, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (7, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (3, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (8, 1, N'Oqtane.Client.Modules.Admin.Pages, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 3, 'View', -1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (9, 1, N'Oqtane.Client.Modules.Admin.Login, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 3, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (10, 1, N'Oqtane.Client.Modules.Admin.Register, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (4, 1, N'Oqtane.Client.Modules.Weather, Oqtane.Client', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (11, 1, N'Oqtane.Client.Modules.Admin.Admin, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 4, 'View', -1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (12, 1, N'Oqtane.Client.Modules.Admin.Sites, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 4, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (13, 1, N'Oqtane.Client.Modules.Admin.Users, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (5, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (14, 1, N'Oqtane.Client.Modules.Admin.ModuleDefinitions, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 5, 'View', -1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (15, 1, N'Oqtane.Client.Modules.Admin.Themes, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 5, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (16, 2, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (6, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (17, 2, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 6, 'View', -1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (18, 2, N'Oqtane.Client.Modules.Admin.Login, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 6, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (19, 2, N'Oqtane.Client.Modules.Admin.Register, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (7, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
 GO
-INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (20, 1, N'Oqtane.Client.Modules.Admin.Roles, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 7, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 7, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (8, 1, N'Oqtane.Client.Modules.Admin.Pages, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 8, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 8, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (9, 1, N'Oqtane.Client.Modules.Admin.Login, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 9, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 9, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (10, 1, N'Oqtane.Client.Modules.Admin.Register, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 10, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 10, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (11, 1, N'Oqtane.Client.Modules.Admin.Admin, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 11, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 11, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (12, 1, N'Oqtane.Client.Modules.Admin.Sites, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 12, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 12, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (13, 1, N'Oqtane.Client.Modules.Admin.Users, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 13, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 13, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (14, 1, N'Oqtane.Client.Modules.Admin.ModuleDefinitions, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 14, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 14, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (15, 1, N'Oqtane.Client.Modules.Admin.Themes, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 15, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 15, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (16, 2, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 16, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 16, 'Edit', 3, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (17, 2, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 17, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 17, 'Edit', 3, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (18, 2, N'Oqtane.Client.Modules.Admin.Login, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 18, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 18, 'Edit', 3, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (19, 2, N'Oqtane.Client.Modules.Admin.Register, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 19, 'View', -1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 19, 'Edit', 3, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
+VALUES (20, 1, N'Oqtane.Client.Modules.Admin.Roles, Oqtane.Client', '', getdate(), '', getdate())
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 20, 'View', 1, null, 1, '', getdate(), '', getdate()) 
+GO
+INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 20, 'Edit', 1, null, 1, '', getdate(), '', getdate()) 
 GO
 SET IDENTITY_INSERT [dbo].[Module] OFF 
 GO
@@ -449,22 +634,4 @@ INSERT [dbo].[HtmlText] ([HtmlTextId], [ModuleId], [Content], [CreatedBy], [Crea
 VALUES (6, 17, N'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.', '', getdate(), '', getdate())
 GO
 SET IDENTITY_INSERT [dbo].[HtmlText] OFF 
-GO
-
-SET IDENTITY_INSERT [dbo].[Role] ON 
-GO
-INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (1, 1, N'Administrators', N'Site Administrators', 0, '', getdate(), '', getdate())
-GO
-INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (2, 1, N'Registered Users', N'Registered Users', 1, '', getdate(), '', getdate())
-GO
-INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (3, 2, N'Administrators', N'Site Administrators', 0, '', getdate(), '', getdate())
-GO
-INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) 
-VALUES (4, 2, N'Registered Users', N'Registered Users', 1, '', getdate(), '', getdate())
-GO
-SET IDENTITY_INSERT [dbo].[Role] OFF 
-GO
-
+GO
\ No newline at end of file
diff --git a/Oqtane.Server/Security/ClaimsPrincipalFactory.cs b/Oqtane.Server/Security/ClaimsPrincipalFactory.cs
index d62ba167..3248242e 100644
--- a/Oqtane.Server/Security/ClaimsPrincipalFactory.cs
+++ b/Oqtane.Server/Security/ClaimsPrincipalFactory.cs
@@ -4,6 +4,7 @@ using System.Security.Claims;
 using System.Threading.Tasks;
 using Oqtane.Repository;
 using Oqtane.Models;
+using Oqtane.Shared;
 
 namespace Oqtane.Security
 {
@@ -29,9 +30,11 @@ namespace Oqtane.Security
             User user = Users.GetUser(identityuser.UserName);
             if (user != null)
             {
-                if (user.IsSuperUser)
+                id.AddClaim(new Claim(ClaimTypes.PrimarySid, user.UserId.ToString()));
+                if (user.IsHost) // host users are part of every site by default
                 {
-                    id.AddClaim(new Claim(options.ClaimsIdentity.RoleClaimType, "Administrators"));
+                    id.AddClaim(new Claim(options.ClaimsIdentity.RoleClaimType, Constants.HostRole));
+                    id.AddClaim(new Claim(options.ClaimsIdentity.RoleClaimType, Constants.AdminRole));
                 }
                 else
                 {
diff --git a/Oqtane.Server/Security/PermissionHandler.cs b/Oqtane.Server/Security/PermissionHandler.cs
new file mode 100644
index 00000000..95d8d615
--- /dev/null
+++ b/Oqtane.Server/Security/PermissionHandler.cs
@@ -0,0 +1,57 @@
+using System.Linq;
+using System.Security.Claims;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Oqtane.Models;
+using Oqtane.Repository;
+
+namespace Oqtane.Security
+{
+    public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
+    {
+        private readonly IHttpContextAccessor HttpContextAccessor;
+        private readonly IPermissionRepository Permissions;
+
+        public PermissionHandler(IHttpContextAccessor HttpContextAccessor, IPermissionRepository Permissions)
+        {
+            this.HttpContextAccessor = HttpContextAccessor;
+            this.Permissions = Permissions;
+        }
+
+        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
+        {
+            // permission is scoped based on EntityId which must be passed as a querystring parameter
+            var ctx = HttpContextAccessor.HttpContext;
+            if (ctx != null && ctx.Request.Query.ContainsKey("entityid"))
+            {
+                int EntityId = int.Parse(ctx.Request.Query["entityid"]);
+                string permissions = Permissions.EncodePermissions(EntityId, Permissions.GetPermissions(requirement.EntityName, EntityId, requirement.PermissionName).ToList());
+
+                User user = new User();
+                user.UserId = -1;
+                user.Roles = "";
+
+                if (context.User != null)
+                {
+                    var idclaim = context.User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault();
+                    if (idclaim != null)
+                    {
+                        user.UserId = int.Parse(idclaim.Value);
+                        foreach (var claim in context.User.Claims.Where(item => item.Type == ClaimTypes.Role))
+                        {
+                            user.Roles += claim.Value + ";";
+                        }
+                        if (user.Roles != "") user.Roles = ";" + user.Roles;
+                    }
+                }
+
+                if (UserSecurity.IsAuthorized(user, requirement.PermissionName, permissions))
+                {
+                    context.Succeed(requirement);
+                }
+            }
+            return Task.CompletedTask;
+        }
+    }
+}
\ No newline at end of file
diff --git a/Oqtane.Server/Security/PermissionRequirement.cs b/Oqtane.Server/Security/PermissionRequirement.cs
new file mode 100644
index 00000000..7404d5bd
--- /dev/null
+++ b/Oqtane.Server/Security/PermissionRequirement.cs
@@ -0,0 +1,17 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace Oqtane.Security
+{
+    public class PermissionRequirement : IAuthorizationRequirement
+    {
+        public string EntityName { get; }
+
+        public string PermissionName { get; }
+
+        public PermissionRequirement(string EntityName, string PermissionName)
+        {
+            this.EntityName = EntityName;
+            this.PermissionName = PermissionName;
+        }
+    }
+}
diff --git a/Oqtane.Server/Startup.cs b/Oqtane.Server/Startup.cs
index a084f410..f8b8fd87 100644
--- a/Oqtane.Server/Startup.cs
+++ b/Oqtane.Server/Startup.cs
@@ -25,6 +25,7 @@ using Oqtane.Security;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication;
 using System.Net;
+using Microsoft.AspNetCore.Authorization;
 
 namespace Oqtane.Server
 {
@@ -68,8 +69,15 @@ namespace Oqtane.Server
                 });
             }
 
-            // register auth services
-            services.AddAuthorizationCore();
+            // register authorization services
+            services.AddAuthorizationCore(options =>
+            {
+                options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "View")));
+                options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "Edit")));
+                options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "View")));
+                options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "Edit")));
+            });
+            services.AddScoped<IAuthorizationHandler, PermissionHandler>();
 
             // register scoped core services
             services.AddScoped<SiteState>();
@@ -172,6 +180,7 @@ namespace Oqtane.Server
             services.AddTransient<ISiteUserRepository, SiteUserRepository>();
             services.AddTransient<IRoleRepository, RoleRepository>();
             services.AddTransient<IUserRoleRepository, UserRoleRepository>();
+            services.AddTransient<IPermissionRepository, PermissionRepository>();
             services.AddTransient<ISettingRepository, SettingRepository>();
 
             // dynamically register module services, contexts, and repository classes
@@ -275,8 +284,15 @@ namespace Oqtane.Server
                 options.User.RequireUniqueEmail = false;
             });
 
-            services.AddAuthentication(IdentityConstants.ApplicationScheme)
-                .AddCookie(IdentityConstants.ApplicationScheme);
+            // register authorization services
+            services.AddAuthorizationCore(options =>
+            {
+                options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "View")));
+                options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "Edit")));
+                options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "View")));
+                options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "Edit")));
+            });
+            services.AddScoped<IAuthorizationHandler, PermissionHandler>();
 
             services.ConfigureApplicationCookie(options =>
             {
@@ -329,6 +345,7 @@ namespace Oqtane.Server
             services.AddTransient<ISiteUserRepository, SiteUserRepository>();
             services.AddTransient<IRoleRepository, RoleRepository>();
             services.AddTransient<IUserRoleRepository, UserRoleRepository>();
+            services.AddTransient<IPermissionRepository, PermissionRepository>();
             services.AddTransient<ISettingRepository, SettingRepository>();
            
             // dynamically register module services, contexts, and repository classes
diff --git a/Oqtane.Shared/Models/Module.cs b/Oqtane.Shared/Models/Module.cs
index 04e359cf..22db7e59 100644
--- a/Oqtane.Shared/Models/Module.cs
+++ b/Oqtane.Shared/Models/Module.cs
@@ -9,14 +9,15 @@ namespace Oqtane.Models
         public int ModuleId { get; set; }
         public int SiteId { get; set; }
         public string ModuleDefinitionName { get; set; }
-        public string ViewPermissions { get; set; }
-        public string EditPermissions { get; set; }
 
         public string CreatedBy { get; set; }
         public DateTime CreatedOn { get; set; }
         public string ModifiedBy { get; set; }
         public DateTime ModifiedOn { get; set; }
 
+        [NotMapped]
+        public string Permissions { get; set; }
+
         [NotMapped]
         public int PageModuleId { get; set; }
         [NotMapped]
diff --git a/Oqtane.Shared/Models/Page.cs b/Oqtane.Shared/Models/Page.cs
index e01aa0cd..c63f3e01 100644
--- a/Oqtane.Shared/Models/Page.cs
+++ b/Oqtane.Shared/Models/Page.cs
@@ -1,4 +1,5 @@
 using System;
+using System.ComponentModel.DataAnnotations.Schema;
 
 namespace Oqtane.Models
 {
@@ -14,13 +15,15 @@ namespace Oqtane.Models
         public string LayoutType { get; set; }
         public string Icon { get; set; }
         public string Panes { get; set; }
-        public string ViewPermissions { get; set; }
-        public string EditPermissions { get; set; }
         public bool IsNavigation { get; set; }
 
         public string CreatedBy { get; set; }
         public DateTime CreatedOn { get; set; }
         public string ModifiedBy { get; set; }
         public DateTime ModifiedOn { get; set; }
+
+
+        [NotMapped]
+        public string Permissions { get; set; }
     }
 }
diff --git a/Oqtane.Shared/Models/Permission.cs b/Oqtane.Shared/Models/Permission.cs
new file mode 100644
index 00000000..0f7f7b61
--- /dev/null
+++ b/Oqtane.Shared/Models/Permission.cs
@@ -0,0 +1,23 @@
+using System;
+
+namespace Oqtane.Models
+{
+    public class Permission : IAuditable
+    {
+        public int PermissionId { get; set; }
+        public int SiteId { get; set; }
+        public string EntityName { get; set; }
+        public int EntityId { get; set; }
+        public string PermissionName { get; set; }
+        public int? RoleId { get; set; }
+        public int? UserId { get; set; }
+        public bool IsAuthorized { get; set; }
+
+        public string CreatedBy { get; set; }
+        public DateTime CreatedOn { get; set; }
+        public string ModifiedBy { get; set; }
+        public DateTime ModifiedOn { get; set; }
+
+        public Role Role { get; set; }
+    }
+}
diff --git a/Oqtane.Shared/Models/User.cs b/Oqtane.Shared/Models/User.cs
index 0cd2bcc2..ec8fca94 100644
--- a/Oqtane.Shared/Models/User.cs
+++ b/Oqtane.Shared/Models/User.cs
@@ -8,7 +8,8 @@ namespace Oqtane.Models
         public int UserId { get; set; }
         public string Username { get; set; }
         public string DisplayName { get; set; }
-        public bool IsSuperUser { get; set; }
+        public string Email { get; set; }
+        public bool IsHost { get; set; }
         [NotMapped]
         public int SiteId { get; set; }
         [NotMapped]
diff --git a/Oqtane.Shared/Security/UserSecurity.cs b/Oqtane.Shared/Security/UserSecurity.cs
new file mode 100644
index 00000000..412a6907
--- /dev/null
+++ b/Oqtane.Shared/Security/UserSecurity.cs
@@ -0,0 +1,103 @@
+using System;
+using Oqtane.Models;
+using Oqtane.Shared;
+
+namespace Oqtane.Security
+{
+    public class UserSecurity
+    {
+        // permission collections are stored in format {permissionname1:permissions}{permissionname2:permissions}...
+        public static string GetPermissions(string PermissionName, string Permissions)
+        {
+            string permissions = "";
+            foreach(string permission in Permissions.Split(new char[] { '{' }, StringSplitOptions.RemoveEmptyEntries))
+            {
+                if (permission.StartsWith(PermissionName + ":"))
+                {
+                    permissions = permission.Replace(PermissionName + ":", "").Replace("}", "");
+                    break;
+                }
+            }
+            return permissions;
+        }
+
+        public static string SetPermissions(string PermissionName, string Permissions)
+        {
+            return "{" + PermissionName + ":" + Permissions + "}";
+        }
+
+        // permissions are stored in the format "!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]" where "!" designates Deny permissions
+        public static bool IsAuthorized(User User, string PermissionName, string Permissions)
+        {
+            Permissions = GetPermissions(PermissionName, Permissions);
+            if (User == null)
+            {
+                return IsAuthorized(-1, "", Permissions); // user is not authenticated but may have access to resource
+            }
+            else
+            {
+                return IsAuthorized(User.UserId, User.Roles, Permissions);
+            }
+        }
+
+        private static bool IsAuthorized(int UserId, string Roles, string Permissions)
+        {
+            bool IsAuthorized = false;
+
+            if (Permissions != null)
+            {
+                foreach (string permission in Permissions.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
+                {
+                    bool? allowed = VerifyPermission(UserId, Roles, permission);
+                    if (allowed.HasValue)
+                    {
+                        IsAuthorized = allowed.Value;
+                        break;
+                    }
+                }
+            }
+
+            return IsAuthorized;
+        }
+
+        private static bool? VerifyPermission(int UserId, string Roles, string Permission)
+        {
+            bool? allowed = null;
+            //permissions strings are encoded with deny permissions at the beginning and grant permissions at the end for optimal performance
+            if (!String.IsNullOrEmpty(Permission))
+            {
+                // deny permission
+                if (Permission.StartsWith("!"))
+                {
+                    string denyRole = Permission.Replace("!", "");
+                    if (denyRole == Constants.AllUsersRole || IsAllowed(UserId, Roles, denyRole))
+                    {
+                        allowed = false;
+                    }
+                }
+                else // grant permission
+                {
+                    if (Permission == Constants.AllUsersRole || IsAllowed(UserId, Roles, Permission))
+                    {
+                        allowed = true;
+                    }
+                }
+            }
+            return allowed;
+        }
+
+        private static bool IsAllowed(int UserId, string Roles, string Permission)
+        {
+            if ("[" + UserId + "]" == Permission)
+            {
+                return true;
+            }
+
+            if (Roles != null)
+            {
+                return Roles.IndexOf(";" + Permission + ";") != -1;
+            }
+            return false;
+        }
+    }
+}
diff --git a/Oqtane.Client/Shared/Constants.cs b/Oqtane.Shared/Shared/Constants.cs
similarity index 95%
rename from Oqtane.Client/Shared/Constants.cs
rename to Oqtane.Shared/Shared/Constants.cs
index 4c63ff43..a3ad29c8 100644
--- a/Oqtane.Client/Shared/Constants.cs
+++ b/Oqtane.Shared/Shared/Constants.cs
@@ -14,6 +14,7 @@
 
         public const string AllUsersRole = "All Users";
         public const string AdminRole = "Administrators";
+        public const string HostRole = "Hosts";
 
         public const int ReloadApplication = 3;
         public const int ReloadSite = 2;