diff --git a/Cargo.lock b/Cargo.lock
index 4f2df05..5cbedca 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -828,6 +828,7 @@ dependencies = [
  "rocket_cors",
  "rocket_db_pools",
  "rocket_dyn_templates",
+ "roles",
  "settings",
  "totp",
  "url",
@@ -2686,6 +2687,17 @@ dependencies = [
  "uncased",
 ]
 
+[[package]]
+name = "roles"
+version = "0.0.0"
+dependencies = [
+ "chrono",
+ "database",
+ "id",
+ "serde",
+ "thiserror",
+]
+
 [[package]]
 name = "rsa"
 version = "0.7.2"
diff --git a/crates/database/migrations/20230506170211_roles.down.sql b/crates/database/migrations/20230506170211_roles.down.sql
new file mode 100644
index 0000000..289fe8b
--- /dev/null
+++ b/crates/database/migrations/20230506170211_roles.down.sql
@@ -0,0 +1 @@
+drop table if exists roles;
diff --git a/crates/database/migrations/20230506170211_roles.up.sql b/crates/database/migrations/20230506170211_roles.up.sql
new file mode 100644
index 0000000..0deba39
--- /dev/null
+++ b/crates/database/migrations/20230506170211_roles.up.sql
@@ -0,0 +1,7 @@
+create table if not exists roles
+(
+    name        TEXT    not null primary key,
+    label       TEXT    not null,
+    created_at  TEXT    not null default CURRENT_TIMESTAMP,
+    is_archived INTEGER not null default 0
+);
diff --git a/crates/database/queries/roles/get_all.sql b/crates/database/queries/roles/get_all.sql
new file mode 100644
index 0000000..3bad7fb
--- /dev/null
+++ b/crates/database/queries/roles/get_all.sql
@@ -0,0 +1,7 @@
+select name,
+       label,
+       created_at  as "created_at: DateTime<Utc>",
+       is_archived as "is_archived: bool"
+from roles
+
+order by created_at desc
diff --git a/crates/database/queries/roles/insert.sql b/crates/database/queries/roles/insert.sql
new file mode 100644
index 0000000..3bac2ae
--- /dev/null
+++ b/crates/database/queries/roles/insert.sql
@@ -0,0 +1,2 @@
+insert into roles (name, label)
+values (?, ?)
diff --git a/crates/database/sqlx-data.json b/crates/database/sqlx-data.json
index 7c415d0..66e82fb 100644
--- a/crates/database/sqlx-data.json
+++ b/crates/database/sqlx-data.json
@@ -286,6 +286,16 @@
     },
     "query": "update refresh_tokens\n\nset used_at = CURRENT_TIMESTAMP\n\nwhere token is ?"
   },
+  "44cc12d7659e618fcb44a82697d60da940bdab3c87690ee42569ae3da1a8e791": {
+    "describe": {
+      "columns": [],
+      "nullable": [],
+      "parameters": {
+        "Right": 2
+      }
+    },
+    "query": "insert into roles (name, label)\nvalues (?, ?)\n"
+  },
   "520fe30e21f6b6c4d9a47c457675eebd144cf020e9230d154e9e4d0c8d6e01ca": {
     "describe": {
       "columns": [],
@@ -474,6 +484,42 @@
     },
     "query": "update totp_login_requests\n\nset used_at = CURRENT_TIMESTAMP\n\nwhere user is ?\n  and used_at is null"
   },
+  "5e148a43d9f64c73296b2b70deef07d2c863a93fff693aec1b47378c44bf77de": {
+    "describe": {
+      "columns": [
+        {
+          "name": "name",
+          "ordinal": 0,
+          "type_info": "Text"
+        },
+        {
+          "name": "label",
+          "ordinal": 1,
+          "type_info": "Text"
+        },
+        {
+          "name": "created_at: DateTime<Utc>",
+          "ordinal": 2,
+          "type_info": "Text"
+        },
+        {
+          "name": "is_archived: bool",
+          "ordinal": 3,
+          "type_info": "Int64"
+        }
+      ],
+      "nullable": [
+        false,
+        false,
+        false,
+        false
+      ],
+      "parameters": {
+        "Right": 0
+      }
+    },
+    "query": "select name,\n       label,\n       created_at  as \"created_at: DateTime<Utc>\",\n       is_archived as \"is_archived: bool\"\nfrom roles\n\norder by created_at desc\n"
+  },
   "5f946348ad62389fab3c97a1563d1592cbc5180abbba6d5abd44326bf0862669": {
     "describe": {
       "columns": [
diff --git a/crates/database/src/tables.rs b/crates/database/src/tables.rs
index 2f8c2e6..eadb26a 100644
--- a/crates/database/src/tables.rs
+++ b/crates/database/src/tables.rs
@@ -2,6 +2,7 @@ mod apps;
 mod authorization_codes;
 mod keys;
 mod refresh_tokens;
+mod roles;
 mod settings;
 mod totp_login_requests;
 mod users;
@@ -10,6 +11,7 @@ pub use apps::Apps;
 pub use authorization_codes::AuthorizationCodes;
 pub use keys::Keys;
 pub use refresh_tokens::RefreshTokens;
+pub use roles::Roles;
 pub use settings::Settings;
 pub use totp_login_requests::TotpLoginRequests;
 pub use users::Users;
diff --git a/crates/database/src/tables/roles.rs b/crates/database/src/tables/roles.rs
new file mode 100644
index 0000000..162b9f4
--- /dev/null
+++ b/crates/database/src/tables/roles.rs
@@ -0,0 +1,34 @@
+use crate::error::{handle_error, Error};
+use sqlx::sqlite::SqliteQueryResult;
+use sqlx::types::chrono::{DateTime, Utc};
+use sqlx::{FromRow, SqliteExecutor};
+
+#[derive(FromRow)]
+pub struct Roles {
+    pub name: String,
+    pub label: String,
+    pub created_at: DateTime<Utc>,
+    pub is_archived: bool,
+}
+
+impl Roles {
+    pub async fn insert(
+        conn: impl SqliteExecutor<'_>,
+        name: &str,
+        label: &str,
+    ) -> Result<Option<()>, Error> {
+        let query: SqliteQueryResult = sqlx::query_file!("queries/roles/insert.sql", name, label)
+            .execute(conn)
+            .await
+            .map_err(handle_error)?;
+
+        Ok((query.rows_affected() == 1).then_some(()))
+    }
+
+    pub async fn get_all(conn: impl SqliteExecutor<'_>) -> Result<Vec<Self>, Error> {
+        sqlx::query_file_as!(Self, "queries/roles/get_all.sql")
+            .fetch_all(conn)
+            .await
+            .map_err(handle_error)
+    }
+}
diff --git a/crates/ezidam/Cargo.toml b/crates/ezidam/Cargo.toml
index 9292d82..32e7805 100644
--- a/crates/ezidam/Cargo.toml
+++ b/crates/ezidam/Cargo.toml
@@ -31,3 +31,4 @@ authorization_codes = { path = "../authorization_codes" }
 refresh_tokens = { path = "../refresh_tokens" }
 email = { path = "../email" }
 totp = { path = "../totp" }
+roles = { path = "../roles" }
diff --git a/crates/ezidam/src/error/conversion.rs b/crates/ezidam/src/error/conversion.rs
index 4d84d8f..7571c5b 100644
--- a/crates/ezidam/src/error/conversion.rs
+++ b/crates/ezidam/src/error/conversion.rs
@@ -93,6 +93,12 @@ impl From<totp::Error> for Error {
     }
 }
 
+impl From<roles::Error> for Error {
+    fn from(e: roles::Error) -> Self {
+        Error::internal_server_error(e)
+    }
+}
+
 // std Types
 
 impl From<String> for Error {
diff --git a/crates/ezidam/src/icons.rs b/crates/ezidam/src/icons.rs
index 06f4098..68c23eb 100644
--- a/crates/ezidam/src/icons.rs
+++ b/crates/ezidam/src/icons.rs
@@ -48,7 +48,8 @@ impl Icon {
         "2fa-large", TwoFaLarge, r#"<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-lg icon-tabler icon-tabler-2fa" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"></path><path d="M7 16h-4l3.47 -4.66a2 2 0 1 0 -3.47 -1.54"></path><path d="M10 16v-8h4"></path><path d="M10 12l3 0"></path><path d="M17 16v-6a2 2 0 0 1 4 0v6"></path><path d="M17 13l4 0"></path></svg>"#,
         "check", Check, r#"<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-check" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"></path><path d="M5 12l5 5l10 -10"></path></svg>"#,
         "x", X, r#"<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-x" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"></path><path d="M18 6l-12 12"></path><path d="M6 6l12 12"></path></svg>"#,
-        "progress", Progress, r#"<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-progress" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"></path><path d="M10 20.777a8.942 8.942 0 0 1 -2.48 -.969"></path><path d="M14 3.223a9.003 9.003 0 0 1 0 17.554"></path><path d="M4.579 17.093a8.961 8.961 0 0 1 -1.227 -2.592"></path><path d="M3.124 10.5c.16 -.95 .468 -1.85 .9 -2.675l.169 -.305"></path><path d="M6.907 4.579a8.954 8.954 0 0 1 3.093 -1.356"></path></svg>"#
+        "progress", Progress, r#"<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-progress" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"></path><path d="M10 20.777a8.942 8.942 0 0 1 -2.48 -.969"></path><path d="M14 3.223a9.003 9.003 0 0 1 0 17.554"></path><path d="M4.579 17.093a8.961 8.961 0 0 1 -1.227 -2.592"></path><path d="M3.124 10.5c.16 -.95 .468 -1.85 .9 -2.675l.169 -.305"></path><path d="M6.907 4.579a8.954 8.954 0 0 1 3.093 -1.356"></path></svg>"#,
+        "users-group", UsersGroup, r#"<svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-users-group" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round"><path stroke="none" d="M0 0h24v24H0z" fill="none"></path><path d="M10 13a2 2 0 1 0 4 0a2 2 0 0 0 -4 0"></path><path d="M8 21v-1a2 2 0 0 1 2 -2h4a2 2 0 0 1 2 2v1"></path><path d="M15 5a2 2 0 1 0 4 0a2 2 0 0 0 -4 0"></path><path d="M17 10h2a2 2 0 0 1 2 2v1"></path><path d="M5 5a2 2 0 1 0 4 0a2 2 0 0 0 -4 0"></path><path d="M3 13v-1a2 2 0 0 1 2 -2h2"></path></svg>"#
     }
 }
 
@@ -78,6 +79,7 @@ pub fn icons_to_templates(tera: &mut Tera) {
         Icon::Check,
         Icon::X,
         Icon::Progress,
+        Icon::UsersGroup,
     ];
 
     // For each icon, it will output: ("icons/name", "<svg>...</svg>")
diff --git a/crates/ezidam/src/id.rs b/crates/ezidam/src/id.rs
index 15d3be3..db1d740 100644
--- a/crates/ezidam/src/id.rs
+++ b/crates/ezidam/src/id.rs
@@ -1,4 +1,4 @@
-use id::{AppID, Error, UserID};
+use id::{AppID, Error, RoleID, UserID};
 use rocket::http::impl_from_uri_param_identity;
 use rocket::http::uri::fmt::{Formatter, Path, UriDisplay};
 use rocket::request::FromParam;
@@ -48,3 +48,23 @@ impl UriDisplay<Path> for RocketAppID {
 }
 
 impl_from_uri_param_identity!([Path] RocketAppID);
+
+#[derive(Serialize, Deserialize, Debug)]
+#[serde(crate = "rocket::serde")]
+pub struct RocketRoleID(pub RoleID);
+
+impl<'r> FromParam<'r> for RocketRoleID {
+    type Error = Error;
+
+    fn from_param(param: &'r str) -> Result<Self, Self::Error> {
+        RoleID::from_str(param).map(Self)
+    }
+}
+
+impl UriDisplay<Path> for RocketRoleID {
+    fn fmt(&self, f: &mut Formatter<Path>) -> fmt::Result {
+        UriDisplay::fmt(&self.0 .0, f)
+    }
+}
+
+impl_from_uri_param_identity!([Path] RocketRoleID);
diff --git a/crates/ezidam/src/menu/items/admin.rs b/crates/ezidam/src/menu/items/admin.rs
index dc5f18f..086b755 100644
--- a/crates/ezidam/src/menu/items/admin.rs
+++ b/crates/ezidam/src/menu/items/admin.rs
@@ -8,6 +8,7 @@ pub enum AdminMenu {
     Dashboard,
     Apps,
     Users,
+    Roles,
     Settings,
 }
 
@@ -18,6 +19,7 @@ impl AdminMenu {
             AdminMenu::Dashboard => "dashboard",
             AdminMenu::Apps => "apps",
             AdminMenu::Users => "users",
+            AdminMenu::Roles => "roles",
             AdminMenu::Settings => "settings",
         }
     }
@@ -51,6 +53,13 @@ impl AdminMenu {
                 icon: Icon::Users.svg,
                 sub: None,
             },
+            MainItem {
+                id: AdminMenu::Roles.id(),
+                label: "Roles",
+                link: uri!(routes::admin::roles::admin_roles_list).to_string(),
+                icon: Icon::UsersGroup.svg,
+                sub: None,
+            },
             MainItem {
                 id: AdminMenu::Settings.id(),
                 label: "Server settings",
diff --git a/crates/ezidam/src/page.rs b/crates/ezidam/src/page.rs
index 0556071..71d531f 100644
--- a/crates/ezidam/src/page.rs
+++ b/crates/ezidam/src/page.rs
@@ -32,6 +32,7 @@ pub enum Page {
     AuthorizeTotp(AuthorizeTotp),
     AdminUsersView(AdminUsersView),
     AdminUsersNew(AdminUsersNew),
+    AdminRolesList(AdminRolesList),
 }
 
 impl Page {
@@ -60,6 +61,7 @@ impl Page {
             Page::AuthorizeTotp(_) => "pages/oauth/totp",
             Page::AdminUsersView(_) => "pages/admin/users/view",
             Page::AdminUsersNew(_) => "pages/admin/users/new",
+            Page::AdminRolesList(_) => "pages/admin/roles/list",
         }
     }
 
@@ -88,6 +90,7 @@ impl Page {
             Page::AuthorizeTotp(_) => "Verifying your account",
             Page::AdminUsersView(_) => "User info",
             Page::AdminUsersNew(_) => "New user",
+            Page::AdminRolesList(_) => "Roles",
         }
     }
 
@@ -118,6 +121,7 @@ impl Page {
             Page::AuthorizeTotp(_) => None,
             Page::AdminUsersView(_) => Some(AdminMenu::Users.into()),
             Page::AdminUsersNew(_) => Some(AdminMenu::Users.into()),
+            Page::AdminRolesList(_) => Some(AdminMenu::Roles.into()),
         }
     }
 
@@ -146,6 +150,7 @@ impl Page {
             Page::AuthorizeTotp(totp) => Box::new(totp),
             Page::AdminUsersView(view) => Box::new(view),
             Page::AdminUsersNew(new) => Box::new(new),
+            Page::AdminRolesList(list) => Box::new(list),
         }
     }
 }
diff --git a/crates/ezidam/src/routes/admin.rs b/crates/ezidam/src/routes/admin.rs
index cd6590c..5d90582 100644
--- a/crates/ezidam/src/routes/admin.rs
+++ b/crates/ezidam/src/routes/admin.rs
@@ -1,4 +1,5 @@
 use self::apps::*;
+use self::roles::*;
 use self::settings::*;
 use self::users::*;
 use dashboard::*;
@@ -6,6 +7,7 @@ use rocket::{routes, Route};
 
 pub mod apps;
 pub mod dashboard;
+pub mod roles;
 pub mod settings;
 pub mod users;
 
@@ -35,6 +37,7 @@ pub fn routes() -> Vec<Route> {
         admin_users_totp_secret_disable,
         admin_users_totp_backup_delete,
         admin_users_info_update,
+        admin_roles_list,
     ]
 }
 
@@ -42,6 +45,7 @@ pub mod content {
     use apps::App;
     use jwt::JwtClaims;
     use rocket::serde::Serialize;
+    use roles::Role;
     use users::User;
 
     #[derive(Serialize)]
@@ -122,4 +126,12 @@ pub mod content {
     pub struct AdminUsersNew {
         pub user: JwtClaims,
     }
+
+    #[derive(Serialize)]
+    #[serde(crate = "rocket::serde")]
+    #[derive(Clone)]
+    pub struct AdminRolesList {
+        pub user: JwtClaims,
+        pub roles: Vec<Role>,
+    }
 }
diff --git a/crates/ezidam/src/routes/admin/roles.rs b/crates/ezidam/src/routes/admin/roles.rs
new file mode 100644
index 0000000..70da22b
--- /dev/null
+++ b/crates/ezidam/src/routes/admin/roles.rs
@@ -0,0 +1,25 @@
+use crate::routes::prelude::*;
+use rocket::{get, post};
+use roles::Role;
+
+#[get("/admin/roles")]
+pub async fn admin_roles_list(
+    mut db: Connection<Database>,
+    admin: JwtAdmin,
+    flash: Option<FlashMessage<'_>>,
+) -> Result<Template> {
+    let mut transaction = db.begin().await?;
+
+    let roles = Role::get_all(&mut transaction).await?;
+
+    transaction.commit().await?;
+
+    let page = Page::AdminRolesList(super::content::AdminRolesList {
+        user: admin.0,
+        roles,
+    });
+
+    Ok(flash
+        .map(|flash| Page::with_flash(page.clone(), flash))
+        .unwrap_or_else(|| page.into()))
+}
diff --git a/crates/ezidam/templates/pages/admin/roles/list.html.tera b/crates/ezidam/templates/pages/admin/roles/list.html.tera
new file mode 100644
index 0000000..1bf5f22
--- /dev/null
+++ b/crates/ezidam/templates/pages/admin/roles/list.html.tera
@@ -0,0 +1,127 @@
+{% extends "shell" %}
+
+{% block content %}
+{% set new_role_label = "New role" %}
+{% set new_role_link = "roles/new" %}
+<div class="page-header d-print-none">
+    <div class="container-xl">
+        <div class="row align-items-center">
+            {% if roles | length != 0 %}
+            <div class="col">
+                <div class="page-pretitle">
+                    Admin dashboard
+                </div>
+                <h2 class="page-title">
+                    Roles
+                </h2>
+            </div>
+            <div class="col-auto ms-auto">
+                <div class="btn-list">
+                    <a href="{{ new_role_link }}" class="btn btn-primary d-none d-sm-inline-block">
+                        {% include "icons/plus" %}
+                        {{ new_role_label }}
+                    </a>
+                    <a href="{{ new_role_link }}" class="btn btn-primary d-sm-none btn-icon"
+                       aria-label="{{ new_role_label }}">
+                        {% include "icons/plus" %}
+                    </a>
+                </div>
+            </div>
+            {% endif %}
+        </div>
+    </div>
+</div>
+<!-- Page body -->
+<div class="page-body">
+    <div class="container-xl">
+
+        {% if flash %}
+        <div class="alert alert-{{flash.0}}" role="alert">
+            <h4 class="alert-title">{{ flash.1 }}</h4>
+        </div>
+        {% endif %}
+
+        {% if roles | length != 0 %}
+        <div class="card">
+            <div id="table-default" class="table-responsive">
+                <table class="table table-hover table-vcenter">
+                    <!-- Table header -->
+                    <thead>
+                    <tr>
+                        <th>
+                            <button class="table-sort" data-sort="sort-name">Name</button>
+                        </th>
+                        <th>
+                            <button class="table-sort" data-sort="sort-status">Status</button>
+                        </th>
+                        <th>
+                            <button class="table-sort" data-sort="sort-creation-date">Creation Date</button>
+                        </th>
+                        <th class="w-1">
+                            Actions
+                        </th>
+                    </tr>
+                    </thead>
+
+                    <!-- Table content -->
+                    <tbody class="table-tbody">
+                    {% for role in roles %}
+                    <tr>
+                        <td class="sort-name">{{ role.label }}</td>
+                        <td class="sort-status text-nowrap">
+                            {% if role.is_archived == true %}
+                            <span class="badge bg-danger me-1"></span> Archived
+                            {% else %}
+                            <span class="badge bg-success me-1"></span> Active
+                            {% endif %}
+                        </td>
+                        <td class="sort-creation-date" data-date='{{ role.created_at | date(format="%s") }}'>
+                            {{ role.created_at | date(format="%F %T", timezone=user.zoneinfo | default(value="UTC")) }}
+                        </td>
+                        <td>
+                            <a href="roles/{{ role.name }}">Details</a>
+                        </td>
+                    </tr>
+                    {% endfor %}
+                    </tbody>
+
+                </table>
+            </div>
+        </div>
+        {% else %}
+        <div class="d-flex flex-column justify-content-center">
+            <div class="empty">
+                <p class="empty-title">No roles</p>
+                <p class="empty-subtitle text-muted">
+                    Create a role to limit users in applications outside ezidam.
+                </p>
+                <div class="empty-action">
+                    <a href="{{ new_role_link }}" class="btn btn-primary">
+                        {% include "icons/plus" %}
+                        {{ new_role_label }}
+                    </a>
+                </div>
+            </div>
+        </div>
+        {% endif %}
+    </div>
+</div>
+{% endblock content %}
+
+{% block libs_js %}
+<script src="/libs/list.js/list.min.js" defer></script>
+{% endblock lib_js %}
+
+{% block additional_js %}
+<script>
+    document.addEventListener("DOMContentLoaded", function () {
+        const list = new List('table-default', {
+            sortClass: 'table-sort',
+            listClass: 'table-tbody',
+            valueNames: ['sort-name', 'sort-status',
+                {attr: 'data-date', name: 'sort-creation-date'},
+            ]
+        });
+    })
+</script>
+{% endblock additional_js %}
diff --git a/crates/id/src/lib.rs b/crates/id/src/lib.rs
index 0574ec6..62e212c 100644
--- a/crates/id/src/lib.rs
+++ b/crates/id/src/lib.rs
@@ -1,5 +1,6 @@
 mod app;
 mod key;
+mod role;
 mod user;
 mod username;
 
@@ -14,6 +15,7 @@ pub enum Error {
 
 pub use app::AppID;
 pub use key::KeyID;
+pub use role::RoleID;
 pub use user::UserID;
 pub use username::Username;
 pub use username::INVALID_USERNAME_ERROR;
diff --git a/crates/id/src/role.rs b/crates/id/src/role.rs
new file mode 100644
index 0000000..5a388a1
--- /dev/null
+++ b/crates/id/src/role.rs
@@ -0,0 +1,63 @@
+use super::Error;
+use nanoid_dictionary::{LOWERCASE, NUMBERS};
+use serde::{Deserialize, Serialize};
+use std::fmt::{Display, Formatter};
+use std::str::FromStr;
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
+pub struct RoleID(pub String);
+
+impl Display for RoleID {
+    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.0)
+    }
+}
+
+impl AsRef<str> for RoleID {
+    fn as_ref(&self) -> &str {
+        self.0.as_ref()
+    }
+}
+
+impl From<&RoleID> for String {
+    fn from(value: &RoleID) -> Self {
+        value.to_string()
+    }
+}
+
+impl FromStr for RoleID {
+    type Err = Error;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        if s.chars()
+            .all(|c| LOWERCASE.contains(&c) || NUMBERS.contains(&c) || c == '-')
+        {
+            Ok(Self(s.to_string()))
+        } else {
+            Err(Error::Invalid("Role"))
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::RoleID;
+    use std::str::FromStr;
+
+    #[test]
+    fn invalid_characters() {
+        let value = "AER Rennes tek5";
+
+        assert!(RoleID::from_str(value).is_err());
+    }
+
+    #[test]
+    fn valid_role() {
+        let value = "aer-rennes-tek5";
+        let id = RoleID::from_str(value);
+        assert!(id.is_ok());
+
+        let id = id.unwrap();
+        assert_eq!(id.as_ref(), value);
+    }
+}
diff --git a/crates/roles/Cargo.toml b/crates/roles/Cargo.toml
new file mode 100644
index 0000000..259e255
--- /dev/null
+++ b/crates/roles/Cargo.toml
@@ -0,0 +1,11 @@
+[package]
+name = "roles"
+version = "0.0.0"
+edition = "2021"
+
+[dependencies]
+database = { path = "../database" }
+id = { path = "../id" }
+thiserror = { workspace = true }
+chrono = { workspace = true }
+serde = { workspace = true }
diff --git a/crates/roles/src/database.rs b/crates/roles/src/database.rs
new file mode 100644
index 0000000..40e6be2
--- /dev/null
+++ b/crates/roles/src/database.rs
@@ -0,0 +1,26 @@
+use crate::error::Error;
+use crate::Role;
+use database::sqlx::SqliteExecutor;
+use database::Roles as DatabaseRoles;
+use id::RoleID;
+
+impl From<DatabaseRoles> for Role {
+    fn from(db: DatabaseRoles) -> Self {
+        Self {
+            name: RoleID(db.name),
+            label: db.label,
+            created_at: db.created_at,
+            is_archived: db.is_archived,
+        }
+    }
+}
+
+impl Role {
+    pub async fn get_all(conn: impl SqliteExecutor<'_>) -> Result<Vec<Self>, Error> {
+        Ok(DatabaseRoles::get_all(conn)
+            .await?
+            .into_iter()
+            .map(Self::from)
+            .collect::<Vec<_>>())
+    }
+}
diff --git a/crates/roles/src/error.rs b/crates/roles/src/error.rs
new file mode 100644
index 0000000..47def78
--- /dev/null
+++ b/crates/roles/src/error.rs
@@ -0,0 +1,8 @@
+// error
+#[derive(thiserror::Error)]
+// the rest
+#[derive(Debug)]
+pub enum Error {
+    #[error("Database: {0}")]
+    Database(#[from] database::Error),
+}
diff --git a/crates/roles/src/lib.rs b/crates/roles/src/lib.rs
new file mode 100644
index 0000000..d5f8139
--- /dev/null
+++ b/crates/roles/src/lib.rs
@@ -0,0 +1,32 @@
+mod database;
+mod error;
+
+use chrono::{DateTime, Utc};
+use id::RoleID;
+use serde::Serialize;
+
+// Exports
+pub use crate::error::Error;
+
+#[derive(Serialize, Debug, Clone)]
+pub struct Role {
+    name: RoleID,
+    label: String,
+    created_at: DateTime<Utc>,
+    is_archived: bool,
+}
+
+impl Role {
+    pub fn name(&self) -> &RoleID {
+        &self.name
+    }
+    pub fn label(&self) -> &str {
+        &self.label
+    }
+    pub fn created_at(&self) -> DateTime<Utc> {
+        self.created_at
+    }
+    pub fn is_archived(&self) -> bool {
+        self.is_archived
+    }
+}