diff --git a/src/KekRozsak/FrontBundle/Entity/UserData.php b/src/KekRozsak/FrontBundle/Entity/UserData.php
index 7ee85a3..203058c 100644
--- a/src/KekRozsak/FrontBundle/Entity/UserData.php
+++ b/src/KekRozsak/FrontBundle/Entity/UserData.php
@@ -26,7 +26,7 @@ class UserData
 	/**
 	 * @var KekRozsak\SecurityBundle\Entity\User $user
 	 * @ORM\Id
-	 * @ORM\OneToOne(targetEntity="KekRozsak\SecurityBundle\Entity\User", inversedBy="userData")
+	 * @ORM\OneToOne(targetEntity="KekRozsak\SecurityBundle\Entity\User")
 	 * @ORM\JoinColumn(name="user_id")
 	 */
 	protected $user;
diff --git a/src/KekRozsak/SecurityBundle/Controller/DefaultController.php b/src/KekRozsak/SecurityBundle/Controller/DefaultController.php
index 74bd5e9..049121a 100644
--- a/src/KekRozsak/SecurityBundle/Controller/DefaultController.php
+++ b/src/KekRozsak/SecurityBundle/Controller/DefaultController.php
@@ -77,8 +77,13 @@ class DefaultController extends Controller
 
 			if ($form->isValid(array('registration')))
 			{
+				$roleRepo = $this->getDoctrine()->getRepository('KekRozsakSecurityBundle:Role');
+				$defaultRoles = $roleRepo->findByDefault(true);
+
 				$user->setRegisteredAt(new \DateTime('now'));
 				$user->setPassword($this->get('security.encoder_factory')->getEncoder($user)->encodePassword($user->getPassword(), $user->getSalt()));
+				foreach ($defaultRoles as $role)
+					$user->addRole($role);
 				$em = $this->getDoctrine()->getEntityManager();
 				$em->persist($user);
 				$em->flush();
diff --git a/src/KekRozsak/SecurityBundle/Entity/Role.php b/src/KekRozsak/SecurityBundle/Entity/Role.php
new file mode 100644
index 0000000..e353329
--- /dev/null
+++ b/src/KekRozsak/SecurityBundle/Entity/Role.php
@@ -0,0 +1,172 @@
+<?php
+
+namespace KekRozsak\SecurityBundle\Entity;
+
+use Doctrine\ORM\Mapping as ORM;
+use Symfony\Component\Security\Core\Role\RoleInterface;
+
+use KekRozsak\SecurityBundle\Entity\User;
+
+/**
+ * KekRozsak\SecurityBundle\Entity\Role
+ *
+ * @ORM\Entity
+ * @ORM\Table(name="roles")
+ */
+class Role implements RoleInterface
+{
+	/**
+	 * @var integer $id
+	 * @ORM\Id
+	 * @ORM\GeneratedValue(strategy="AUTO")
+	 * @ORM\Column(type="integer")
+	 */
+	protected $id;
+
+	/**
+	 * Get id
+	 *
+	 * @return integer
+	 */
+	public function getId()
+	{
+		return $this->id;
+	}
+
+	/**
+	 * @var string name
+	 * @ORM\Column(type="string", length=50, unique=true, nullable=false)
+	 */
+	protected $name;
+
+	/**
+	 * Set name
+	 *
+	 * @param string $name
+	 * @return Role
+	 */
+	public function setName($name)
+	{
+		$this->name = $name;
+		return $this;
+	}
+
+	/**
+	 * Get name
+	 *
+	 * @return string
+	 */
+	public function getName()
+	{
+		return $this->name;
+	}
+
+	/**
+	 * @var boolean $default
+	 * @ORM\Column(type="boolean", nullable=false)
+	 */
+	protected $default;
+
+	/**
+	 * Set default
+	 *
+	 * @param boolean $default
+	 */
+	public function setDefault($default)
+	{
+		$this->default = $default;
+		return $this;
+	}
+
+	/**
+	 * @var boolean $admin
+	 * @ORM\Column(type="boolean", nullable=false)
+	 */
+	protected $admin;
+
+	/**
+	 * Set admin
+	 *
+	 * @param boolean $admin
+	 * @return Role
+	 */
+	public function setAdmin($admin)
+	{
+		$this->admin = $admin;
+		return $this;
+	}
+
+	/**
+	 * Get admin
+	 *
+	 * @return boolean
+	 */
+	public function isAdmin()
+	{
+		return $this->admin;
+	}
+
+	/**
+	 * @var boolean $superadmin
+	 * @ORM\Column(type="boolean", nullable=false)
+	 */
+	protected $superAdmin;
+
+	/**
+	 * Set superadmin
+	 *
+	 * @param boolean $superadmin
+	 * @return Role
+	 */
+	public function setSuperadmin($superadmin)
+	{
+		$this->superadmin = $superadmin;
+		return $this;
+	}
+
+	/**
+	 * Get superadmin
+	 *
+	 * @return boolean
+	 */
+	public function getSuperadmin()
+	{
+		return $this->superadmin;
+	}
+
+	/**
+	 * @var text description
+	 * @ORM\Column(type="string", length=150, nullable=true)
+	 */
+	protected $description;
+
+	/**
+	 * Set description
+	 *
+	 * @param string $description
+	 * @return Role
+	 */
+	public function setDescription($description = null)
+	{
+		$this->description = $description;
+		return $this;
+	}
+
+	/**
+	 * Get description
+	 *
+	 * @return string
+	 */
+	public function getDescription()
+	{
+		return $this->description;
+	}
+
+	/* Here comes the rest of RoleInterface's implementation */
+
+	public function getRole()
+	{
+		return $this->name;
+	}
+}
+
diff --git a/src/KekRozsak/SecurityBundle/Entity/User.php b/src/KekRozsak/SecurityBundle/Entity/User.php
index 704aa0b..f3b7811 100644
--- a/src/KekRozsak/SecurityBundle/Entity/User.php
+++ b/src/KekRozsak/SecurityBundle/Entity/User.php
@@ -25,6 +25,7 @@ class User implements UserInterface, AdvancedUserInterface
 	public function __construct()
 	{
 		$this->groups = new ArrayCollection();
+		$this->roles = new ArrayCollection();
 	}
 
 	/**
@@ -33,7 +34,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 * @ORM\GeneratedValue(strategy="AUTO")
 	 * @ORM\Column(type="integer")
 	 */
-	private $id;
+	protected $id;
 
 	/**
 	 * Get id
@@ -50,7 +51,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 * @ORM\Column(type="string", length=50, nullable=false, unique=true)
 	 * @Assert\NotBlank(groups="registration")
 	 */
-	private $username;
+	protected $username;
 
 	/**
 	 * Set username
@@ -79,7 +80,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 * @ORM\Column(type="string", length=50, nullable=false)
 	 * @Assert\NotBlank(groups="registration")
 	 */
-	private $password;
+	protected $password;
 
 	/**
 	 * Set password
@@ -107,7 +108,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 * @var string $displayName
 	 * @ORM\Column(type="string", length=50, unique=true, name="display_name")
 	 */
-	private $displayName;
+	protected $displayName;
 
 	/**
 	 * Set displayName
@@ -135,7 +136,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 * @var string $email
 	 * @ORM\Column(type="string", length=100, nullable=false, unique=true)
 	 */
-	private $email;
+	protected $email;
 
 	/**
 	 * Set email
@@ -163,7 +164,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 * @var DateTime $registeredAt
 	 * @ORM\Column(type="datetime", nullable=false, name="registered_at")
 	 */
-	private $registeredAt;
+	protected $registeredAt;
 
 	/**
 	 * Set registeredAt
@@ -192,7 +193,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 * @ORM\ManyToOne(targetEntity="User")
 	 * @ORM\JoinColumn(name="accepted_by_id")
 	 */
-	private $acceptedBy;
+	protected $acceptedBy;
 
 	/**
 	 * Set acceptedBy
@@ -220,7 +221,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 * @var DateTime $lastLoginAt
 	 * @ORM\Column(type="datetime", nullable=true, name="last_login_at")
 	 */
-	private $lastLoginAt;
+	protected $lastLoginAt;
 
 	/**
 	 * Set lastLoginAt;
@@ -246,10 +247,10 @@ class User implements UserInterface, AdvancedUserInterface
 
 	/**
 	 * @var \KekRozsak\FrontBundle\Entity\UserData $userData
-	 * @ORM\OneToOne(targetEntity="KekRozsak\FrontBundle\Entity\UserData", mappedBy="user", fetch="LAZY", cascade={"persist"})
+	 * @ORM\OneToMany(targetEntity="KekRozsak\FrontBundle\Entity\UserData", fetch="LAZY", cascade={"persist"}, mappedBy="user")
 	 * @ORM\JoinColumn(name="id", referencedColumnName="user_id")
 	 */
-	private $userData;
+	protected $userData;
 
 
 	/**
@@ -260,7 +261,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 */
 	public function setUserData(\KekRozsak\FrontBundle\Entity\UserData $userData = null)
 	{
-		$this->userData = $userData;
+		$this->userData = new ArrayCollection(array($userData));
 		$userData->setUser($this);
 		return $this;
 	}
@@ -272,7 +273,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 */
 	public function getUserData()
 	{
-		return $this->userData;
+		return $this->userData->get(1);
 	}
 
 	/**
@@ -280,7 +281,7 @@ class User implements UserInterface, AdvancedUserInterface
 	 * @ORM\OneToMany(targetEntity="KekRozsak\FrontBundle\Entity\UserGroupMembership", mappedBy="user")
 	 * @ORM\JoinColumn(referencedColumnName="user_id")
 	 */
-	private $groups;
+	protected $groups;
 
 	/**
 	 * Add group
@@ -304,16 +305,36 @@ class User implements UserInterface, AdvancedUserInterface
 		return $this->groups;
 	}
 
-	/* Here comes the remaining part of UserInterface implementation */
+	/**
+	 * @var Doctrine\Common\Collections\ArrayCollection $roles
+	 * @ORM\ManyToMany(targetEntity="Role")
+	 */
+	protected $roles;
 
+	/**
+	 * Add a role
+	 *
+	 * @param KekRozsak\SecurityBundle\Entity\Role $role
+	 * @return User
+	 */
+	public function addRole(\KekRozsak\SecurityBundle\Entity\Role $role)
+	{
+		$this->roles[] = $role;
+		return $this;
+	}
+
+	/**
+	 * Get all roles
+	 *
+	 * @return array
+	 */
 	public function getRoles()
 	{
-		/* As we use ACLs instead of roles, every user get the
-		 * ROLE_USER role, and nothing else
-		 */
-		return array('ROLE_USER');
+		return $this->roles->toArray();
 	}
 
+	/* Here comes the remaining part of UserInterface implementation */
+
 	public function getSalt()
 	{
 		/* As we use crypt() to encode passwords, salt is always the