diff --git a/api/db/migrations/20241004081930_add_roles_to_user/migration.sql b/api/db/migrations/20241004081930_add_roles_to_user/migration.sql
new file mode 100644
index 0000000..c0833d2
--- /dev/null
+++ b/api/db/migrations/20241004081930_add_roles_to_user/migration.sql
@@ -0,0 +1,22 @@
+-- RedefineTables
+PRAGMA defer_foreign_keys=ON;
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_User" (
+    "id" INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
+    "email" TEXT NOT NULL,
+    "firstName" TEXT,
+    "lastName" TEXT,
+    "hashedPassword" TEXT,
+    "salt" TEXT,
+    "resetToken" TEXT,
+    "resetTokenExpiresAt" DATETIME,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" DATETIME NOT NULL,
+    "roles" TEXT NOT NULL DEFAULT 'user'
+);
+INSERT INTO "new_User" ("createdAt", "email", "firstName", "hashedPassword", "id", "lastName", "resetToken", "resetTokenExpiresAt", "salt", "updatedAt") SELECT "createdAt", "email", "firstName", "hashedPassword", "id", "lastName", "resetToken", "resetTokenExpiresAt", "salt", "updatedAt" FROM "User";
+DROP TABLE "User";
+ALTER TABLE "new_User" RENAME TO "User";
+CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
+PRAGMA foreign_keys=ON;
+PRAGMA defer_foreign_keys=OFF;
diff --git a/api/db/schema.prisma b/api/db/schema.prisma
index 664ddf4..0816db6 100644
--- a/api/db/schema.prisma
+++ b/api/db/schema.prisma
@@ -35,6 +35,7 @@ model User {
   resetTokenExpiresAt DateTime?
   createdAt           DateTime   @default(now())
   updatedAt           DateTime   @updatedAt
+  roles               String     @default("user")
 }
 
 model Identity {
diff --git a/api/src/lib/auth.ts b/api/src/lib/auth.ts
index e212e34..a586bac 100644
--- a/api/src/lib/auth.ts
+++ b/api/src/lib/auth.ts
@@ -36,7 +36,7 @@ export const getCurrentUser = async (session: Decoded) => {
 
   return await db.user.findUnique({
     where: { id: session.id },
-    select: { id: true },
+    select: { id: true, email: true, roles: true },
   })
 }
 
diff --git a/web/src/Routes.tsx b/web/src/Routes.tsx
index c078f70..6f64c69 100644
--- a/web/src/Routes.tsx
+++ b/web/src/Routes.tsx
@@ -16,7 +16,7 @@ import { useAuth } from './auth'
 const Routes = () => {
   return (
     <Router useAuth={useAuth}>
-      <PrivateSet unauthenticated="home">
+      <PrivateSet unauthenticated="home" roles="admin">
         <Set wrap={ScaffoldLayout} title="Posts" titleTo="posts" buttonLabel="New Post" buttonTo="newPost">
           <Route path="/admin/posts/new" page={PostNewPostPage} name="newPost" />
           <Route path="/admin/posts/{id:Int}/edit" page={PostEditPostPage} name="editPost" />
diff --git a/web/src/pages/HomePage/HomePage.tsx b/web/src/pages/HomePage/HomePage.tsx
index 5c08ba7..3e684be 100644
--- a/web/src/pages/HomePage/HomePage.tsx
+++ b/web/src/pages/HomePage/HomePage.tsx
@@ -2,7 +2,11 @@
 import { Link } from '@redwoodjs/router'
 import { Metadata } from '@redwoodjs/web'
 
+import { useAuth } from 'src/auth'
+
 const HomePage = () => {
+  const user = useAuth()
+
   return (
     <>
       <Metadata title="Home" description="Home page" />
@@ -15,6 +19,7 @@ const HomePage = () => {
           My default route is named `home`, link to me with:
           `<Link to={routes.home()}>Home</Link>`
       */}
+      {user && user.isAuthenticated + ' ' + user.hasRole('admin')}
       <Link to={'/login'}>Login</Link>
     </>
   )