diff --git a/.gitignore b/.gitignore
index adc80bcb..333247bf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,7 +2,7 @@
 
 # dependencies
 node_modules
-.pnp
+.pnp*
 .pnp.js
 
 # testing
diff --git a/apps/web/package.json b/apps/web/package.json
index e087cd7c..00f634f2 100644
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -94,7 +94,6 @@
     "tailwind-merge": "^2.4.0",
     "tailwindcss": "3.4.6",
     "tailwindcss-animate": "^1.0.7",
-    "title-case": "^4.3.1",
     "typescript": "5.5.3",
     "use-debounce": "^10.0.1",
     "usehooks-ts": "^3.1.0",
diff --git a/apps/web/src/actions/admin/event-actions.ts b/apps/web/src/actions/admin/event-actions.ts
index 24ee4b71..722c8dfb 100644
--- a/apps/web/src/actions/admin/event-actions.ts
+++ b/apps/web/src/actions/admin/event-actions.ts
@@ -1,21 +1,25 @@
 "use server";
 
+import { PermissionType } from "@/lib/constants/permission";
 import { adminAction } from "@/lib/safe-action";
-import { newEventFormSchema as editEventFormSchema } from "@/validators/event";
-import { editEvent as modifyEvent } from "db/functions";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { newEventFormSchema, editEventFormSchema } from "@/validators/event";
+import { createNewEvent, editEvent as modifyEvent } from "db/functions";
 import { deleteEvent as removeEvent } from "db/functions";
 import { revalidatePath } from "next/cache";
 import { z } from "zod";
 
 export const editEvent = adminAction
 	.schema(editEventFormSchema)
-	.action(async ({ parsedInput }) => {
-		const { id, ...options } = parsedInput;
-
+	.action(async ({ parsedInput: { id, ...options }, ctx: { user } }) => {
 		if (id === undefined) {
 			throw new Error("The event's ID is not defined");
 		}
 
+		if (!userHasPermission(user, PermissionType.EDIT_EVENTS)) {
+			throw new Error("You do not have permission to edit events.");
+		}
+
 		try {
 			await modifyEvent(id, options);
 			revalidatePath("/admin/events");
@@ -29,9 +33,28 @@ export const editEvent = adminAction
 		}
 	});
 
+export const createEvent = adminAction
+	.schema(newEventFormSchema)
+	.action(async ({ parsedInput, ctx: { user } }) => {
+		if (!userHasPermission(user, PermissionType.CREATE_EVENTS)) {
+			throw new Error("You do not have permission to create events.");
+		}
+
+		const res = await createNewEvent(parsedInput);
+		return {
+			success: true,
+			message: "Event created successfully.",
+			redirect: `/schedule/${res[0].eventID}`,
+		};
+	});
+
 export const deleteEventAction = adminAction
 	.schema(z.object({ eventID: z.number().positive().int() }))
-	.action(async ({ parsedInput }) => {
+	.action(async ({ parsedInput, ctx: { user } }) => {
+		if (!userHasPermission(user, PermissionType.DELETE_EVENTS)) {
+			throw new Error("You do not have permission to delete events.");
+		}
+
 		await removeEvent(parsedInput.eventID);
 		revalidatePath("/admin/events");
 		return { success: true };
diff --git a/apps/web/src/actions/admin/modify-nav-item.ts b/apps/web/src/actions/admin/modify-nav-item.ts
index 11c575b7..35407525 100644
--- a/apps/web/src/actions/admin/modify-nav-item.ts
+++ b/apps/web/src/actions/admin/modify-nav-item.ts
@@ -6,6 +6,8 @@ import { redisSAdd, redisHSet, removeNavItem } from "@/lib/utils/server/redis";
 import { revalidatePath } from "next/cache";
 
 import { Redis } from "@upstash/redis";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
 
 const redis = Redis.fromEnv();
 
@@ -25,6 +27,12 @@ const navAdminPage = "/admin/toggles/landing";
 export const setItem = adminAction
 	.schema(metadataSchema)
 	.action(async ({ parsedInput: { name, url }, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_NAVLINKS)) {
+			throw new Error(
+				"You do not have permission to manage navigation links.",
+			);
+		}
+
 		await redisSAdd("config:navitemslist", encodeURIComponent(name));
 		await redisHSet(`config:navitems:${encodeURIComponent(name)}`, {
 			url,
@@ -37,29 +45,45 @@ export const setItem = adminAction
 
 export const editItem = adminAction
 	.schema(editMetadataSchema)
-	.action(async ({ parsedInput: { name, url, existingName } }) => {
-		const pipe = redis.pipeline();
+	.action(
+		async ({ parsedInput: { name, url, existingName }, ctx: { user } }) => {
+			if (!userHasPermission(user, PermissionType.MANAGE_NAVLINKS)) {
+				throw new Error(
+					"You do not have permission to manage navigation links.",
+				);
+			}
 
-		if (existingName != name) {
-			pipe.srem("config:navitemslist", encodeURIComponent(existingName));
-		}
+			const pipe = redis.pipeline();
 
-		pipe.sadd("config:navitemslist", encodeURIComponent(name));
-		pipe.hset(`config:navitems:${encodeURIComponent(name)}`, {
-			url,
-			name,
-			enabled: true,
-		});
+			if (existingName != name) {
+				pipe.srem(
+					"config:navitemslist",
+					encodeURIComponent(existingName),
+				);
+			}
 
-		await pipe.exec();
+			pipe.sadd("config:navitemslist", encodeURIComponent(name));
+			pipe.hset(`config:navitems:${encodeURIComponent(name)}`, {
+				url,
+				name,
+				enabled: true,
+			});
 
-		revalidatePath(navAdminPage);
-		return { success: true };
-	});
+			await pipe.exec();
+
+			revalidatePath(navAdminPage);
+			return { success: true };
+		},
+	);
 
 export const removeItem = adminAction
 	.schema(z.string())
 	.action(async ({ parsedInput: name, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_NAVLINKS)) {
+			throw new Error(
+				"You do not have permission to manage navigation links.",
+			);
+		}
 		await removeNavItem(name);
 		// await new Promise((resolve) => setTimeout(resolve, 1500));
 		revalidatePath(navAdminPage);
@@ -73,6 +97,11 @@ export const toggleItem = adminAction
 			parsedInput: { name, statusToSet },
 			ctx: { user, userId },
 		}) => {
+			if (!userHasPermission(user, PermissionType.MANAGE_NAVLINKS)) {
+				throw new Error(
+					"You do not have permission to manage navigation links.",
+				);
+			}
 			await redisHSet(`config:navitems:${encodeURIComponent(name)}`, {
 				enabled: statusToSet,
 			});
diff --git a/apps/web/src/actions/admin/registration-actions.ts b/apps/web/src/actions/admin/registration-actions.ts
index 9ad5c027..e62d70d4 100644
--- a/apps/web/src/actions/admin/registration-actions.ts
+++ b/apps/web/src/actions/admin/registration-actions.ts
@@ -4,6 +4,8 @@ import { z } from "zod";
 import { adminAction } from "@/lib/safe-action";
 import { redisSet } from "@/lib/utils/server/redis";
 import { revalidatePath } from "next/cache";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
 
 const defaultRegistrationToggleSchema = z.object({
 	enabled: z.boolean(),
@@ -16,6 +18,12 @@ const defaultRSVPLimitSchema = z.object({
 export const toggleRegistrationEnabled = adminAction
 	.schema(defaultRegistrationToggleSchema)
 	.action(async ({ parsedInput: { enabled }, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_REGISTRATION)) {
+			throw new Error(
+				"You do not have permission to manage registration settings.",
+			);
+		}
+
 		await redisSet("config:registration:registrationEnabled", enabled);
 		revalidatePath("/admin/toggles/registration");
 		return { success: true, statusSet: enabled };
@@ -24,6 +32,12 @@ export const toggleRegistrationEnabled = adminAction
 export const toggleRegistrationMessageEnabled = adminAction
 	.schema(defaultRegistrationToggleSchema)
 	.action(async ({ parsedInput: { enabled }, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_REGISTRATION)) {
+			throw new Error(
+				"You do not have permission to manage registration settings.",
+			);
+		}
+
 		await redisSet(
 			"config:registration:registrationMessageEnabled",
 			enabled,
@@ -35,6 +49,12 @@ export const toggleRegistrationMessageEnabled = adminAction
 export const toggleRSVPs = adminAction
 	.schema(defaultRegistrationToggleSchema)
 	.action(async ({ parsedInput: { enabled }, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_REGISTRATION)) {
+			throw new Error(
+				"You do not have permission to manage registration settings.",
+			);
+		}
+
 		await redisSet("config:registration:allowRSVPs", enabled);
 		revalidatePath("/admin/toggles/registration");
 		return { success: true, statusSet: enabled };
@@ -43,6 +63,12 @@ export const toggleRSVPs = adminAction
 export const setRSVPLimit = adminAction
 	.schema(defaultRSVPLimitSchema)
 	.action(async ({ parsedInput: { rsvpLimit }, ctx: { user, userId } }) => {
+		if (!userHasPermission(user, PermissionType.MANAGE_REGISTRATION)) {
+			throw new Error(
+				"You do not have permission to manage registration settings.",
+			);
+		}
+
 		await redisSet("config:registration:maxRSVPs", rsvpLimit);
 		revalidatePath("/admin/toggles/registration");
 		return { success: true, statusSet: rsvpLimit };
diff --git a/apps/web/src/actions/admin/role-actions.ts b/apps/web/src/actions/admin/role-actions.ts
new file mode 100644
index 00000000..c26da902
--- /dev/null
+++ b/apps/web/src/actions/admin/role-actions.ts
@@ -0,0 +1,139 @@
+"use server";
+
+import { z } from "zod";
+import { adminAction } from "@/lib/safe-action";
+import { db } from "db";
+import { roles, userCommonData } from "db/schema";
+import { eq } from "db/drizzle";
+import { revalidatePath } from "next/cache";
+import { PermissionType } from "@/lib/constants/permission";
+import {
+	userHasPermission,
+	compareUserPosition,
+} from "@/lib/utils/server/admin";
+
+const createRoleSchema = z.object({
+	name: z.string().min(1).max(50),
+	position: z.number().int().nonnegative(),
+	permissions: z.number().nonnegative(),
+	color: z.string().optional(),
+});
+
+const editRoleSchema = z.object({
+	roleId: z.number().int().positive(),
+	name: z.string().min(1).max(50).optional(),
+	position: z.number().int().nonnegative().optional(),
+	permissions: z.number().optional(),
+	color: z.string().optional(),
+});
+
+const deleteRoleSchema = z.object({
+	roleId: z.number().int().positive(),
+});
+
+export const createRole = adminAction
+	.schema(createRoleSchema)
+	.action(
+		async ({
+			parsedInput: { name, position, permissions, color },
+			ctx: { user },
+		}) => {
+			if (!userHasPermission(user, PermissionType.CREATE_ROLES)) {
+				if (!compareUserPosition(user, position)) {
+					/* This prevents creation of roles higher-or-equal to the current user's position */
+
+					throw new Error(
+						"You do not have permission to create a role at this position.",
+					);
+				}
+			}
+
+			const existing = await db.query.roles.findFirst({
+				where: eq(roles.name, name),
+			});
+			if (existing)
+				throw new Error("Role with that name already exists.");
+
+			await db
+				.insert(roles)
+				.values({ name, position, permissions, color });
+			revalidatePath("/admin/roles");
+			return { success: true };
+		},
+	);
+
+export const editRole = adminAction
+	.schema(editRoleSchema)
+	.action(
+		async ({
+			parsedInput: { roleId, name, position, permissions, color },
+			ctx: { user },
+		}) => {
+			const role = await db.query.roles.findFirst({
+				where: eq(roles.id, roleId),
+			});
+			console.log(user);
+			if (!role) throw new Error("Role not found");
+
+			if (
+				!userHasPermission(user, PermissionType.EDIT_ROLES) ||
+				!compareUserPosition(user, role.position)
+			) {
+				throw new Error(
+					"You do not have permission to edit this role.",
+				);
+			}
+			if (
+				position !== undefined &&
+				!compareUserPosition(user, position)
+			) {
+				throw new Error(
+					"You do not have permission to move a role to that position.",
+				);
+			}
+
+			await db
+				.update(roles)
+				.set({
+					name: name ?? role.name,
+					position: position ?? role.position,
+					permissions: permissions ?? role.permissions,
+					color: color ?? role.color,
+				})
+				.where(eq(roles.id, roleId));
+
+			revalidatePath("/admin/roles");
+			return { success: true };
+		},
+	);
+
+export const deleteRole = adminAction
+	.schema(deleteRoleSchema)
+	.action(async ({ parsedInput: { roleId }, ctx: { user } }) => {
+		const role = await db.query.roles.findFirst({
+			where: eq(roles.id, roleId),
+		});
+		if (!role) throw new Error("Role not found");
+
+		const userCount = await db.query.userCommonData.findMany({
+			where: eq(userCommonData.role_id, roleId),
+		});
+
+		if (userCount.length > 0) {
+			throw new Error("Cannot delete a role that is assigned to users.");
+		}
+
+		if (!userHasPermission(user, PermissionType.DELETE_ROLES)) {
+			if (!compareUserPosition(user, role.position)) {
+				/* This prevents deletion of roles higher-or-equal to the current user's position */
+
+				throw new Error(
+					"You do not have permission to delete this role.",
+				);
+			}
+		}
+
+		await db.delete(roles).where(eq(roles.id, roleId));
+		revalidatePath("/admin/roles");
+		return { success: true };
+	});
diff --git a/apps/web/src/actions/admin/scanner-admin-actions.ts b/apps/web/src/actions/admin/scanner-admin-actions.ts
index 3447db0d..2267e479 100644
--- a/apps/web/src/actions/admin/scanner-admin-actions.ts
+++ b/apps/web/src/actions/admin/scanner-admin-actions.ts
@@ -5,6 +5,8 @@ import { z } from "zod";
 import { db, sql } from "db";
 import { scans, userCommonData } from "db/schema";
 import { eq, and } from "db/drizzle";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
 
 export const createScan = volunteerAction
 	.schema(
@@ -56,6 +58,10 @@ export const getScan = volunteerAction
 			parsedInput: { eventID, userID },
 			ctx: { user, userId: adminUserID },
 		}) => {
+			if (!userHasPermission(user, PermissionType.CHECK_IN)) {
+				throw new Error("You do not have permission to view scans.");
+			}
+
 			const scan = await db.query.scans.findFirst({
 				where: and(
 					eq(scans.eventID, eventID),
@@ -79,7 +85,11 @@ const checkInUserSchema = z.object({
 
 export const checkInUserToHackathon = volunteerAction
 	.schema(checkInUserSchema)
-	.action(async ({ parsedInput: { userID } }) => {
+	.action(async ({ parsedInput: { userID }, ctx: { user } }) => {
+		if (!userHasPermission(user, PermissionType.CHECK_IN)) {
+			throw new Error("You do not have permission to check in users.");
+		}
+
 		// Set checkinTimestamp
 		await db
 			.update(userCommonData)
diff --git a/apps/web/src/actions/admin/user-actions.ts b/apps/web/src/actions/admin/user-actions.ts
index 919a9320..a1f48cdb 100644
--- a/apps/web/src/actions/admin/user-actions.ts
+++ b/apps/web/src/actions/admin/user-actions.ts
@@ -3,37 +3,55 @@
 import { adminAction } from "@/lib/safe-action";
 import { returnValidationErrors } from "next-safe-action";
 import { z } from "zod";
-import { perms } from "config";
-import { userCommonData } from "db/schema";
+import { userCommonData, bannedUsers, roles } from "db/schema";
 import { db } from "db";
 import { eq } from "db/drizzle";
 import { revalidatePath } from "next/cache";
+import {
+	compareUserPosition,
+	userHasPermission,
+} from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { getUser } from "db/functions";
 
 export const updateRole = adminAction
 	.schema(
 		z.object({
 			userIDToUpdate: z.string(),
-			roleToSet: z.enum(perms),
+			roleIdToSet: z.number().positive().int(),
 		}),
 	)
 	.action(
 		async ({
-			parsedInput: { userIDToUpdate, roleToSet },
+			parsedInput: { userIDToUpdate, roleIdToSet },
 			ctx: { user, userId },
 		}) => {
-			if (
-				user.role !== "super_admin" &&
-				(roleToSet === "super_admin" ||
-					roleToSet === "admin" ||
-					roleToSet === "volunteer")
-			) {
-				returnValidationErrors(z.null(), {
-					_errors: ["You are not allowed to do this!"],
-				});
+			const userToUpdate = await getUser(userIDToUpdate);
+			const roleToSet = await db.query.roles.findFirst({
+				where: eq(roles.id, roleIdToSet),
+			});
+
+			if (!roleToSet) {
+				throw new Error("Role does not exist");
+			}
+
+			if (!userToUpdate) {
+				throw new Error("User to update not found.");
+			}
+
+			if (!userHasPermission(user, PermissionType.CHANGE_USER_ROLES)) {
+				if (
+					!compareUserPosition(user, userToUpdate.role.position) ||
+					!compareUserPosition(user, roleToSet.position)
+				) {
+					throw new Error(
+						"You do not have permission to set this role.",
+					);
+				}
 			}
 			await db
 				.update(userCommonData)
-				.set({ role: roleToSet })
+				.set({ role_id: roleIdToSet })
 				.where(eq(userCommonData.clerkID, userIDToUpdate));
 			revalidatePath(`/admin/users/${userIDToUpdate}`);
 			return { success: true };
@@ -60,3 +78,57 @@ export const setUserApproval = adminAction
 			return { success: true };
 		},
 	);
+
+export const banUser = adminAction
+	.schema(
+		z.object({
+			userIDToUpdate: z.string(),
+			reason: z.string(),
+		}),
+	)
+	.action(
+		async ({
+			parsedInput: { userIDToUpdate, reason },
+			ctx: { user, userId },
+		}) => {
+			const userToBan = await getUser(userIDToUpdate);
+
+			if (
+				!userHasPermission(user, PermissionType.BAN_USERS) ||
+				!compareUserPosition(user, userToBan!.role.position)
+			) {
+				throw new Error("You do not have permission to ban users.");
+			}
+
+			await db.insert(bannedUsers).values({
+				userID: userIDToUpdate,
+				reason: reason,
+				bannedByID: user.clerkID,
+			});
+			revalidatePath(`/admin/users/${userIDToUpdate}`);
+			return { success: true };
+		},
+	);
+
+export const removeUserBan = adminAction
+	.schema(
+		z.object({
+			userIDToUpdate: z.string(),
+		}),
+	)
+	.action(async ({ parsedInput: { userIDToUpdate }, ctx: { user } }) => {
+		const userToBan = await getUser(userIDToUpdate);
+
+		if (
+			!userHasPermission(user, PermissionType.BAN_USERS) ||
+			!compareUserPosition(user, userToBan!.role.position)
+		) {
+			throw new Error("You do not have permission to ban users.");
+		}
+
+		await db
+			.delete(bannedUsers)
+			.where(eq(bannedUsers.userID, userIDToUpdate));
+		revalidatePath(`/admin/users/${userIDToUpdate}`);
+		return { success: true };
+	});
diff --git a/apps/web/src/actions/registration.ts b/apps/web/src/actions/registration.ts
index d3928fc0..7e27f0f0 100644
--- a/apps/web/src/actions/registration.ts
+++ b/apps/web/src/actions/registration.ts
@@ -7,7 +7,7 @@ import { returnValidationErrors } from "next-safe-action";
 import { hackerRegistrationFormValidator } from "@/validators/shared/registration";
 import { userCommonData, userHackerData } from "db/schema";
 import { currentUser } from "@clerk/nextjs/server";
-import c from "config";
+import c, { defaultRoleId } from "config";
 import { DatabaseError } from "db/types";
 import {
 	UNIQUE_KEY_CONSTRAINT_VIOLATION_CODE,
@@ -60,6 +60,7 @@ export const registerHacker = authenticatedAction
 					skills: userData.skills.map((v) => v.text.toLowerCase()),
 					isFullyRegistered: true,
 					dietRestrictions: userData.dietRestrictions,
+					role_id: defaultRoleId,
 				});
 
 				await tx.insert(userHackerData).values({
diff --git a/apps/web/src/app/admin/check-in/page.tsx b/apps/web/src/app/admin/check-in/page.tsx
index af117b82..2d35a8ed 100644
--- a/apps/web/src/app/admin/check-in/page.tsx
+++ b/apps/web/src/app/admin/check-in/page.tsx
@@ -1,11 +1,20 @@
 import CheckinScanner from "@/components/admin/scanner/CheckinScanner";
 import { getUser } from "db/functions";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { notFound } from "next/navigation";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page({
 	searchParams,
 }: {
 	searchParams: { [key: string]: string | undefined };
 }) {
+	const user = await getCurrentUser();
+	if (!userHasPermission(user, PermissionType.CHECK_IN)) {
+		return notFound();
+	}
+
 	if (!searchParams.user)
 		return (
 			<div>
@@ -19,7 +28,6 @@ export default async function Page({
 		);
 
 	const scanUser = await getUser(searchParams.user);
-	console.log(scanUser);
 	if (!scanUser) {
 		return (
 			<div>
diff --git a/apps/web/src/app/admin/events/edit/[slug]/page.tsx b/apps/web/src/app/admin/events/edit/[slug]/page.tsx
index f49cbaaf..aa2c4346 100644
--- a/apps/web/src/app/admin/events/edit/[slug]/page.tsx
+++ b/apps/web/src/app/admin/events/edit/[slug]/page.tsx
@@ -1,12 +1,20 @@
 import { getEventById } from "db/functions";
 import { notFound } from "next/navigation";
 import EditEventForm from "@/components/events/admin/EditEventForm";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function EditEventPage({
 	params,
 }: {
 	params: { slug: string };
 }) {
+	const user = await getCurrentUser();
+	if (!userHasPermission(user, PermissionType.EDIT_EVENTS)) {
+		return notFound();
+	}
+
 	const eventId = parseInt(params.slug);
 
 	if (!eventId) {
diff --git a/apps/web/src/app/admin/events/new/page.tsx b/apps/web/src/app/admin/events/new/page.tsx
index 0050480d..95ec6faa 100644
--- a/apps/web/src/app/admin/events/new/page.tsx
+++ b/apps/web/src/app/admin/events/new/page.tsx
@@ -1,6 +1,14 @@
 import NewEventForm from "@/components/events/admin/NewEventForm";
+import { PermissionType } from "@/lib/constants/permission";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { getCurrentUser } from "@/lib/utils/server/user";
+import { notFound } from "next/navigation";
 
-export default function Page() {
+export default async function Page() {
+	const user = await getCurrentUser();
+	if (!userHasPermission(user, PermissionType.CREATE_EVENTS)) {
+		return notFound();
+	}
 	const defaultDate = new Date();
 
 	return (
diff --git a/apps/web/src/app/admin/events/page.tsx b/apps/web/src/app/admin/events/page.tsx
index d43e3b4d..1120e5cc 100644
--- a/apps/web/src/app/admin/events/page.tsx
+++ b/apps/web/src/app/admin/events/page.tsx
@@ -5,29 +5,25 @@ import { columns } from "@/components/events/shared/EventColumns";
 import { Button } from "@/components/shadcn/ui/button";
 import { PlusCircle } from "lucide-react";
 import Link from "next/link";
-import { getAllEvents, getUser } from "db/functions";
-import { auth } from "@clerk/nextjs/server";
+import { getAllEvents } from "db/functions";
 import FullScreenMessage from "@/components/shared/FullScreenMessage";
-import { isUserAdmin } from "@/lib/utils/server/admin";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { notFound } from "next/navigation";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page() {
-	const { userId, redirectToSignIn } = await auth();
-	if (!userId) {
-		return redirectToSignIn();
-	}
+	const user = await getCurrentUser();
 
-	const userData = await getUser(userId);
-	if (!userData) {
-		return (
-			<FullScreenMessage
-				title="Access Denied"
-				message="You are not an admin. If you belive this is a mistake, please contact a administrator."
-			/>
-		);
+	if (!userHasPermission(user, PermissionType.VIEW_EVENTS)) {
+		return notFound();
 	}
 
 	const events = await getAllEvents();
-	const isUserAuthorized = isUserAdmin(userData);
+	const isUserAuthorized = userHasPermission(
+		user,
+		PermissionType.CREATE_EVENTS,
+	);
 	return (
 		<div className="mx-auto max-w-7xl px-5 pt-44">
 			<div className="mb-5 grid w-full grid-cols-2">
diff --git a/apps/web/src/app/admin/layout.tsx b/apps/web/src/app/admin/layout.tsx
index 47cd9a1f..a9f02eda 100644
--- a/apps/web/src/app/admin/layout.tsx
+++ b/apps/web/src/app/admin/layout.tsx
@@ -1,35 +1,24 @@
 import c from "config";
 import Image from "next/image";
-import { auth } from "@clerk/nextjs/server";
 import Link from "next/link";
 import { Button } from "@/components/shadcn/ui/button";
 import DashNavItem from "@/components/dash/shared/DashNavItem";
 import FullScreenMessage from "@/components/shared/FullScreenMessage";
 import ProfileButton from "@/components/shared/ProfileButton";
-import { Suspense } from "react";
+import React, { Suspense } from "react";
 import ClientToast from "@/components/shared/ClientToast";
-import { redirect } from "next/navigation";
-import { getUser } from "db/functions";
+import { isUserAdmin, userHasPermission } from "../../lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 interface AdminLayoutProps {
 	children: React.ReactNode;
 }
 
 export default async function AdminLayout({ children }: AdminLayoutProps) {
-	const { userId } = await auth();
+	const user = await getCurrentUser();
 
-	if (!userId) {
-		return redirect("/sign-in");
-	}
-
-	const user = await getUser(userId);
-
-	if (
-		!user ||
-		(user.role !== "admin" &&
-			user.role !== "super_admin" &&
-			user.role !== "volunteer")
-	) {
+	if (!isUserAdmin(user)) {
 		console.log("Denying admin access to user", user);
 		return (
 			<FullScreenMessage
@@ -41,7 +30,7 @@ export default async function AdminLayout({ children }: AdminLayoutProps) {
 
 	return (
 		<>
-			<ClientToast />
+			<ClientToast duration={2500} position="top-right" />
 			<div className="fixed z-20 grid h-16 w-full grid-cols-2 bg-nav px-5">
 				<div className="flex items-center gap-x-4">
 					<Link href={"/"} className="mr-5 flex items-center gap-x-2">
@@ -85,12 +74,31 @@ export default async function AdminLayout({ children }: AdminLayoutProps) {
 				<div className="flex items-center justify-end gap-x-4 md:hidden"></div>
 			</div>
 			<div className="fixed z-20 mt-16 flex h-12 w-full border-b border-b-border bg-nav px-5">
-				{Object.entries(c.dashPaths.admin).map(([name, path]) =>
-					["Users", "Toggles"].includes(name) &&
-					user.role === "volunteer" ? null : (
-						<DashNavItem key={name} name={name} path={path} />
-					),
-				)}
+				{Object.entries(c.dashPaths.admin).map(([name, path]) => {
+					// Gate specific admin nav items by permission
+					if (
+						name === "Users" &&
+						!userHasPermission(user, PermissionType.VIEW_USERS)
+					)
+						return null;
+					if (
+						name === "Events" &&
+						!userHasPermission(user, PermissionType.VIEW_EVENTS)
+					)
+						return null;
+					if (
+						name === "Roles" &&
+						!userHasPermission(user, PermissionType.VIEW_ROLES)
+					)
+						return null;
+					if (
+						name === "Toggles" &&
+						!userHasPermission(user, PermissionType.MANAGE_NAVLINKS)
+					)
+						return null;
+					// Keep other configured admin paths visible by default
+					return <DashNavItem key={name} name={name} path={path} />;
+				})}
 			</div>
 			<Suspense fallback={<p>Loading...</p>}>{children}</Suspense>
 		</>
diff --git a/apps/web/src/app/admin/page.tsx b/apps/web/src/app/admin/page.tsx
index 39fb7b45..46952290 100644
--- a/apps/web/src/app/admin/page.tsx
+++ b/apps/web/src/app/admin/page.tsx
@@ -8,27 +8,16 @@ import {
 } from "@/components/shadcn/ui/card";
 import { Users, UserCheck, User2, TimerReset, MailCheck } from "lucide-react";
 import type { User } from "db/types";
-import { auth } from "@clerk/nextjs/server";
 import { notFound } from "next/navigation";
-import { getAllUsers, getUser } from "db/functions";
+import { getAllUsers } from "db/functions";
 import Link from "next/link";
 import { getRequestContext } from "@cloudflare/next-on-pages";
 import { formatInTimeZone } from "date-fns-tz";
 import { getClientTimeZone } from "@/lib/utils/client/shared";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page() {
-	const { userId } = await auth();
-	if (!userId) return notFound();
-
-	const adminUser = await getUser(userId);
-	if (
-		!adminUser ||
-		(adminUser.role !== "admin" &&
-			adminUser.role !== "super_admin" &&
-			adminUser.role !== "volunteer")
-	) {
-		return notFound();
-	}
+	const adminUser = await getCurrentUser();
 
 	const allUsers = (await getAllUsers()) ?? [];
 
diff --git a/apps/web/src/app/admin/roles/page.tsx b/apps/web/src/app/admin/roles/page.tsx
new file mode 100644
index 00000000..f5bcc550
--- /dev/null
+++ b/apps/web/src/app/admin/roles/page.tsx
@@ -0,0 +1,29 @@
+import { db } from "db";
+import RolesManager from "@/components/admin/roles/RolesManager";
+import { notFound } from "next/navigation";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { getCurrentUser } from "@/lib/utils/server/user";
+import { Suspense } from "react";
+
+export default async function Page() {
+	// server-side fetch roles and current user
+	const resRoles = await db.query.roles.findMany();
+	const user = await getCurrentUser();
+
+	if (!userHasPermission(user, PermissionType.VIEW_ROLES)) return notFound();
+
+	// pass serializable data to client
+	return (
+		<div className="mx-auto max-w-7xl px-5 pt-40">
+			<h1 className="mb-4 text-2xl font-bold">Roles</h1>
+			<Suspense
+				fallback={
+					<div className="py-8 text-center">Loading roles...</div>
+				}
+			>
+				<RolesManager roles={resRoles} currentUser={user} />
+			</Suspense>
+		</div>
+	);
+}
diff --git a/apps/web/src/app/admin/scanner/[id]/page.tsx b/apps/web/src/app/admin/scanner/[id]/page.tsx
index 473be983..10378306 100644
--- a/apps/web/src/app/admin/scanner/[id]/page.tsx
+++ b/apps/web/src/app/admin/scanner/[id]/page.tsx
@@ -3,7 +3,11 @@ import FullScreenMessage from "@/components/shared/FullScreenMessage";
 import { db } from "db";
 import { eq, and } from "db/drizzle";
 import { getHacker } from "db/functions";
-import { events, userCommonData, scans } from "db/schema";
+import { events, scans } from "db/schema";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { notFound } from "next/dist/client/components/navigation";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page({
 	params,
@@ -14,6 +18,12 @@ export default async function Page({
 }) {
 	// TODO: maybe move event existant check into a layout so it holds state?
 
+	const user = await getCurrentUser();
+
+	if (!userHasPermission(user, PermissionType.CREATE_SCANS)) {
+		return notFound();
+	}
+
 	if (!params || !params.id || isNaN(parseInt(params.id))) {
 		return (
 			<FullScreenMessage
@@ -49,7 +59,9 @@ export default async function Page({
 		);
 	}
 
-	const scanUser = await getHacker(searchParams.user);
+	const scanUser = searchParams.user
+		? await getHacker(searchParams.user)
+		: null;
 
 	const scan = !scanUser
 		? null
diff --git a/apps/web/src/app/admin/toggles/layout.tsx b/apps/web/src/app/admin/toggles/layout.tsx
index 71e48895..db8db932 100644
--- a/apps/web/src/app/admin/toggles/layout.tsx
+++ b/apps/web/src/app/admin/toggles/layout.tsx
@@ -1,20 +1,35 @@
 import ToggleItem from "@/components/admin/toggles/ToggleItem";
+import Restricted from "@/components/Restricted";
+import { PermissionType } from "@/lib/constants/permission";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { getCurrentUser } from "@/lib/utils/server/user";
+import { notFound } from "next/navigation";
 
 interface ToggleLayoutProps {
 	children: React.ReactNode;
 }
 
-export default function Layout({ children }: ToggleLayoutProps) {
+export default async function Layout({ children }: ToggleLayoutProps) {
+	const user = await getCurrentUser();
+
+	if (!userHasPermission(user, PermissionType.MANAGE_NAVLINKS))
+		return notFound();
+
 	return (
 		<div className="mx-auto grid max-w-5xl grid-cols-5 gap-x-3 pt-44">
 			<div className="min-h-screen">
 				<ToggleItem name="Toggles" path="/admin/toggles" />
 				<ToggleItem name="Landing Page" path="/admin/toggles/landing" />
 
-				<ToggleItem
-					name="Registration & RSVP"
-					path="/admin/toggles/registration"
-				/>
+				<Restricted
+					permissions={[PermissionType.MANAGE_REGISTRATION]}
+					user={user}
+				>
+					<ToggleItem
+						name="Registration & RSVP"
+						path="/admin/toggles/registration"
+					/>
+				</Restricted>
 			</div>
 			<div className="col-span-4">{children}</div>
 		</div>
diff --git a/apps/web/src/app/admin/toggles/registration/page.tsx b/apps/web/src/app/admin/toggles/registration/page.tsx
index 626b97d7..0da223e0 100644
--- a/apps/web/src/app/admin/toggles/registration/page.tsx
+++ b/apps/web/src/app/admin/toggles/registration/page.tsx
@@ -1,7 +1,11 @@
 import { RegistrationToggles } from "@/components/admin/toggles/RegistrationSettings";
+import { PermissionType } from "@/lib/constants/permission";
+import { userHasPermission } from "@/lib/utils/server/admin";
 import { redisMGet } from "@/lib/utils/server/redis";
 import { parseRedisBoolean, parseRedisNumber } from "@/lib/utils/server/redis";
+import { getCurrentUser } from "@/lib/utils/server/user";
 import c from "config";
+import { notFound } from "next/dist/client/components/navigation";
 
 export default async function Page() {
 	const [defaultRegistrationEnabled, defaultRSVPsEnabled, defaultRSVPLimit]: (
@@ -13,6 +17,11 @@ export default async function Page() {
 		"config:registration:maxRSVPs",
 	);
 
+	const user = await getCurrentUser();
+
+	if (!userHasPermission(user, PermissionType.MANAGE_REGISTRATION))
+		return notFound();
+
 	return (
 		<div>
 			<div className="flex items-center justify-start pb-10">
diff --git a/apps/web/src/app/admin/users/[slug]/page.tsx b/apps/web/src/app/admin/users/[slug]/page.tsx
index f4333182..de613c26 100644
--- a/apps/web/src/app/admin/users/[slug]/page.tsx
+++ b/apps/web/src/app/admin/users/[slug]/page.tsx
@@ -10,35 +10,50 @@ import {
 	ProfileInfo,
 } from "@/components/admin/users/ServerSections";
 import {
-  DropdownMenu,
-  DropdownMenuTrigger,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuSeparator
+	DropdownMenu,
+	DropdownMenuTrigger,
+	DropdownMenuContent,
+	DropdownMenuItem,
+	DropdownMenuSeparator,
 } from "@/components/shadcn/ui/dropdown-menu";
 import { auth } from "@clerk/nextjs/server";
 import { notFound } from "next/navigation";
-import { isUserAdmin } from "@/lib/utils/server/admin";
+import { userHasPermission } from "@/lib/utils/server/admin";
 import ApproveUserButton from "@/components/admin/users/ApproveUserButton";
 import c from "config";
 import { getHacker, getUser } from "db/functions";
+import BanUserDialog from "@/components/admin/users/BanUserDialog";
+import { db, eq } from "db";
+import { bannedUsers } from "db/schema";
+import RemoveUserBanDialog from "@/components/admin/users/RemoveUserBanDialog";
+import { PermissionType } from "@/lib/constants/permission";
+import Restricted from "@/components/Restricted";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page({ params }: { params: { slug: string } }) {
-	const { userId } = await auth();
+	const admin = await getCurrentUser();
+	if (!userHasPermission(admin, PermissionType.VIEW_USERS)) return notFound();
 
-	if (!userId) return notFound();
+	const subject = await getHacker(params.slug);
 
-	const admin = await getUser(userId);
-	if (!admin || !isUserAdmin(admin)) return notFound();
-
-	const user = await getHacker(params.slug);
-
-	if (!user) {
+	if (!subject) {
 		return <p className="text-center font-bold">User Not Found</p>;
 	}
 
+	const banInstance = await db.query.bannedUsers.findFirst({
+		where: eq(bannedUsers.userID, subject.clerkID),
+	});
+
 	return (
 		<main className="mx-auto max-w-5xl pt-44">
+			{!!banInstance && (
+				<div className="absolute left-0 top-28 w-screen bg-destructive p-2 text-center">
+					<strong>
+						This user has been suspended, reason for suspension:{" "}
+					</strong>
+					{banInstance.reason}
+				</div>
+			)}
 			<div className="mb-5 grid w-full grid-cols-3">
 				<div className="flex items-center">
 					<div>
@@ -49,65 +64,100 @@ export default async function Page({ params }: { params: { slug: string } }) {
 						{/* <p className="text-sm text-muted-foreground">{users.length} Total Users</p> */}
 					</div>
 				</div>
-				<div className="col-span-2 hidden md:flex items-center justify-end gap-2 ">
-					<Link href={`/@${user.hackerTag}`} target="_blank">
+				<div className="col-span-2 hidden items-center justify-end gap-2 md:flex">
+					<Link href={`/@${subject.hackerTag}`} target="_blank">
 						<Button variant={"outline"}>Hacker Profile</Button>
 					</Link>
 
-					<Link href={`mailto:${user.email}`}>
+					<Link href={`mailto:${subject.email}`}>
 						<Button variant={"outline"}>Email Hacker</Button>
 					</Link>
 
-					<UpdateRoleDialog
-						name={`${user.firstName} ${user.lastName}`}
-						canMakeAdmins={admin.role === "super_admin"}
-						currPermision={user.role}
-						userID={user.clerkID}
-					/>
-					{(c.featureFlags.core.requireUsersApproval as boolean) && (
-						<ApproveUserButton
-							userIDToUpdate={user.clerkID}
-							currentApproval={user.isApproved}
-						/>
-					)}
-				</div>
-				<div className="col-span-2 flex md:hidden items-center justify-end pr-4">
-				<DropdownMenu>
-					<DropdownMenuTrigger asChild>
-					<Button variant={"outline"} >
-						Admin Actions
-					</Button>
-					</DropdownMenuTrigger>
-					<DropdownMenuContent align="end" className="min-w-[160px]">
-					<DropdownMenuItem className="justify-center">
-						<Link href={`/@${user.hackerTag}`} target="_blank">
-						<Button variant={"outline"}>Hacker Profile</Button>
-						</Link>
-					</DropdownMenuItem>
-					<DropdownMenuSeparator />
-					<DropdownMenuItem className="justify-center">
-						<Link href={`mailto:${user.email}`}>
-						<Button variant={"outline"}>Email Hacker</Button>
-						</Link>
-					</DropdownMenuItem>
-					<DropdownMenuSeparator />
-					<div className="px-2 py-1.5 text-sm text-center hover:bg-accent rounded-sm cursor-pointer">
+					<Restricted
+						user={admin}
+						permissions={PermissionType.CHANGE_USER_ROLES}
+						targetRolePosition={subject.role.position}
+						position="higher"
+					>
 						<UpdateRoleDialog
-						name={`${user.firstName} ${user.lastName}`}
-						canMakeAdmins={admin.role === "super_admin"}
-						currPermision={user.role}
-						userID={user.clerkID}
+							name={`${subject.firstName} ${subject.lastName}`}
+							currentRoleId={subject.role_id}
+							userID={subject.clerkID}
 						/>
-					</div>
+					</Restricted>
+
+					<Restricted
+						user={admin}
+						permissions={PermissionType.BAN_USERS}
+						targetRolePosition={subject.role.position}
+						position="higher"
+					>
+						{!!banInstance ? (
+							<RemoveUserBanDialog
+								name={`${subject.firstName} ${subject.lastName}`}
+								reason={banInstance.reason!}
+								userID={subject.clerkID}
+							/>
+						) : (
+							<BanUserDialog
+								name={`${subject.firstName} ${subject.lastName}`}
+								userID={subject.clerkID}
+							/>
+						)}
+					</Restricted>
 
 					{(c.featureFlags.core.requireUsersApproval as boolean) && (
 						<ApproveUserButton
-							userIDToUpdate={user.clerkID}
-							currentApproval={user.isApproved}
+							userIDToUpdate={subject.clerkID}
+							currentApproval={subject.isApproved}
 						/>
 					)}
-					</DropdownMenuContent>
-				</DropdownMenu>
+				</div>
+				<div className="col-span-2 flex items-center justify-end pr-4 md:hidden">
+					<DropdownMenu>
+						<DropdownMenuTrigger asChild>
+							<Button variant={"outline"}>Admin Actions</Button>
+						</DropdownMenuTrigger>
+						<DropdownMenuContent
+							align="end"
+							className="min-w-[160px]"
+						>
+							<DropdownMenuItem className="justify-center">
+								<Link
+									href={`/@${subject.hackerTag}`}
+									target="_blank"
+								>
+									<Button variant={"outline"}>
+										Hacker Profile
+									</Button>
+								</Link>
+							</DropdownMenuItem>
+							<DropdownMenuSeparator />
+							<DropdownMenuItem className="justify-center">
+								<Link href={`mailto:${subject.email}`}>
+									<Button variant={"outline"}>
+										Email Hacker
+									</Button>
+								</Link>
+							</DropdownMenuItem>
+							<DropdownMenuSeparator />
+							<div className="cursor-pointer rounded-sm px-2 py-1.5 text-center text-sm hover:bg-accent">
+								<UpdateRoleDialog
+									name={`${subject.firstName} ${subject.lastName}`}
+									currentRoleId={subject.role_id}
+									userID={subject.clerkID}
+								/>
+							</div>
+
+							{(c.featureFlags.core
+								.requireUsersApproval as boolean) && (
+								<ApproveUserButton
+									userIDToUpdate={subject.clerkID}
+									currentApproval={subject.isApproved}
+								/>
+							)}
+						</DropdownMenuContent>
+					</DropdownMenu>
 				</div>
 			</div>
 			<div className="mt-20 grid min-h-[500px] w-full grid-cols-3">
@@ -116,27 +166,27 @@ export default async function Page({ params }: { params: { slug: string } }) {
 						<Image
 							className="object-cover object-center"
 							fill
-							src={user.profilePhoto}
-							alt={`Profile Photo for ${user.firstName} ${user.lastName}`}
+							src={subject.profilePhoto}
+							alt={`Profile Photo for ${subject.firstName} ${subject.lastName}`}
 						/>
 					</div>
 					<h1 className="mt-4 text-3xl font-semibold">
-						{user.firstName} {user.lastName}
+						{subject.firstName} {subject.lastName}
 					</h1>
 					<h2 className="font-mono text-muted-foreground">
-						@{user.hackerTag}
+						@{subject.hackerTag}
 					</h2>
 					{/* <p className="mt-5 text-sm">{team.bio}</p> */}
 					<div className="mt-5 flex gap-x-2">
 						<Badge className="no-select">
 							Joined{" "}
-							{user.signupTime
+							{subject.signupTime
 								.toDateString()
 								.split(" ")
 								.slice(1)
 								.join(" ")}
 						</Badge>
-						{user.isRSVPed && (
+						{subject.isRSVPed && (
 							<Badge className="no-select bg-gradient-to-r from-teal-400 to-blue-500 bg-clip-padding text-center hover:from-teal-500 hover:to-blue-600">
 								<CalendarCheck className="mr-1 h-3 w-3" />
 								RSVP
@@ -145,9 +195,9 @@ export default async function Page({ params }: { params: { slug: string } }) {
 					</div>
 				</div>
 				<div className="col-span-2 overflow-x-hidden">
-					<PersonalInfo user={user} />
-					<ProfileInfo user={user} />
-					<AccountInfo user={user} />
+					<PersonalInfo user={subject} />
+					<ProfileInfo user={subject} />
+					<AccountInfo user={subject} />
 				</div>
 			</div>
 		</main>
diff --git a/apps/web/src/app/admin/users/page.tsx b/apps/web/src/app/admin/users/page.tsx
index 6e762102..fedcb66d 100644
--- a/apps/web/src/app/admin/users/page.tsx
+++ b/apps/web/src/app/admin/users/page.tsx
@@ -4,20 +4,15 @@ import { columns } from "@/components/admin/users/UserColumns";
 import { Button } from "@/components/shadcn/ui/button";
 import { FolderInput } from "lucide-react";
 import { getAllUsers } from "db/functions";
-import { userCommonData } from "db/schema";
-import { getUser } from "db/functions";
-import { auth } from "@clerk/nextjs/server";
 import { notFound } from "next/navigation";
-import { isUserAdmin } from "@/lib/utils/server/admin";
+import { userHasPermission } from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 // This begs a question where we might want to have an option later on to sort by the role as we might want different things
 export default async function Page() {
-	const { userId } = await auth();
-
-	if (!userId) return notFound();
-
-	const admin = await getUser(userId);
-	if (!admin || !isUserAdmin(admin)) return notFound();
+	const user = await getCurrentUser();
+	if (!userHasPermission(user, PermissionType.VIEW_USERS)) return notFound();
 
 	const userData = await getAllUsers();
 
diff --git a/apps/web/src/app/api/admin/events/create/route.ts b/apps/web/src/app/api/admin/events/create/route.ts
deleted file mode 100644
index 6606ef35..00000000
--- a/apps/web/src/app/api/admin/events/create/route.ts
+++ /dev/null
@@ -1,56 +0,0 @@
-import { auth } from "@clerk/nextjs/server";
-import { db } from "db";
-import { events } from "db/schema";
-import { newEventFormSchema } from "@/validators/event";
-import { BasicRedirValidator } from "@/validators/shared/basicRedir";
-import { NextResponse } from "next/server";
-import { z } from "zod";
-import superjson from "superjson";
-import c from "config";
-import { getUser } from "db/functions";
-
-// Make this a server action
-export async function POST(req: Request) {
-	const { userId } = await auth();
-
-	if (!userId) return new Response("Unauthorized", { status: 401 });
-
-	const reqUserRecord = await getUser(userId);
-	if (
-		!reqUserRecord ||
-		(reqUserRecord.role !== "super_admin" && reqUserRecord.role !== "admin")
-	) {
-		return new Response("Unauthorized", { status: 401 });
-	}
-
-	const body = superjson.parse(await req.text());
-	const parsedBody = newEventFormSchema.safeParse(body);
-
-	if (!parsedBody.success) {
-		return new Response("Malformed request body.", { status: 400 });
-	}
-
-	const res = await db
-		.insert(events)
-		.values({
-			title: parsedBody.data.title,
-			description: parsedBody.data.description,
-			startTime: parsedBody.data.startTime,
-			endTime: parsedBody.data.endTime,
-			location: parsedBody.data.location,
-			type: parsedBody.data.type,
-			host:
-				parsedBody.data.host && parsedBody.data.host.length > 0
-					? parsedBody.data.host
-					: `${c.hackathonName}`,
-		})
-		.returning();
-
-	return NextResponse.json<z.infer<typeof BasicRedirValidator>>({
-		success: true,
-		message: "Event created successfully.",
-		redirect: `/schedule/${res[0].id}`,
-	});
-}
-
-export const runtime = "edge";
diff --git a/apps/web/src/app/api/admin/export/route.ts b/apps/web/src/app/api/admin/export/route.ts
index d44f4508..ffeebcf0 100644
--- a/apps/web/src/app/api/admin/export/route.ts
+++ b/apps/web/src/app/api/admin/export/route.ts
@@ -1,3 +1,5 @@
+import { PermissionType } from "@/lib/constants/permission";
+import { isUserAdmin, userHasPermission } from "@/lib/utils/server/admin";
 import { auth } from "@clerk/nextjs/server";
 import { getAllHackers, getUser } from "db/functions";
 
@@ -36,9 +38,13 @@ export async function GET() {
 	if (!userId) return new Response("Unauthorized", { status: 401 });
 
 	const reqUserRecord = await getUser(userId);
+	if (!reqUserRecord) {
+		return new Response("Unauthorized", { status: 401 });
+	}
+
 	if (
-		!reqUserRecord ||
-		(reqUserRecord.role !== "super_admin" && reqUserRecord.role !== "admin")
+		!isUserAdmin(reqUserRecord) ||
+		!userHasPermission(reqUserRecord, PermissionType.VIEW_USERS)
 	) {
 		return new Response("Unauthorized", { status: 401 });
 	}
diff --git a/apps/web/src/app/dash/layout.tsx b/apps/web/src/app/dash/layout.tsx
index 0c118199..5e85035c 100644
--- a/apps/web/src/app/dash/layout.tsx
+++ b/apps/web/src/app/dash/layout.tsx
@@ -28,8 +28,7 @@ export default async function DashLayout({ children }: DashLayoutProps) {
 
 	if (
 		(c.featureFlags.core.requireUsersApproval as boolean) === true &&
-		user.isApproved === false &&
-		user.role === "hacker"
+		user.isApproved === false
 	) {
 		return redirect("/i/approval");
 	}
diff --git a/apps/web/src/app/dash/page.tsx b/apps/web/src/app/dash/page.tsx
index 1438131e..0706c249 100644
--- a/apps/web/src/app/dash/page.tsx
+++ b/apps/web/src/app/dash/page.tsx
@@ -11,15 +11,13 @@ import {
 	QuickQR,
 } from "@/components/dash/overview/ServerBubbles";
 import { getUser } from "db/functions";
+import { getCurrentUser } from "@/lib/utils/server/user";
 
 export default async function Page() {
-	const { userId } = await auth();
-	if (!userId) return null;
-	const user = await getUser(userId);
-	if (!user) return null;
+	const user = await getCurrentUser();
 
 	const qrPayload = createQRpayload({
-		userID: userId,
+		userID: user.clerkID,
 		createdAt: new Date(),
 	});
 
diff --git a/apps/web/src/app/dash/pass/page.tsx b/apps/web/src/app/dash/pass/page.tsx
index 3746e840..baf48a46 100644
--- a/apps/web/src/app/dash/pass/page.tsx
+++ b/apps/web/src/app/dash/pass/page.tsx
@@ -101,7 +101,7 @@ function EventPass({ qrPayload, user, clerk, guild }: EventPassProps) {
 								c.startDate,
 								"h:mma, MMM d, yyyy",
 							)}`}</p>
-							<p className="font-mono text-xs text-right">
+							<p className="text-right font-mono text-xs">
 								{c.prettyLocation}
 							</p>
 						</div>
diff --git a/apps/web/src/app/discord-verify/page.tsx b/apps/web/src/app/discord-verify/page.tsx
index ef55b7e7..10c00a00 100644
--- a/apps/web/src/app/discord-verify/page.tsx
+++ b/apps/web/src/app/discord-verify/page.tsx
@@ -44,8 +44,7 @@ export default async function Page({
 
 	if (
 		(c.featureFlags.core.requireUsersApproval as boolean) === true &&
-		user.isApproved === false &&
-		user.role === "hacker"
+		user.isApproved === false
 	) {
 		return redirect("/i/approval");
 	}
diff --git a/apps/web/src/app/globals.css b/apps/web/src/app/globals.css
index a35dbcef..8494cab5 100644
--- a/apps/web/src/app/globals.css
+++ b/apps/web/src/app/globals.css
@@ -139,7 +139,6 @@
 }
 
 @keyframes pulseDot {
-
 	0%,
 	100% {
 		transform: scale(1);
@@ -148,4 +147,4 @@
 	50% {
 		transform: scale(1.1);
 	}
-}
\ No newline at end of file
+}
diff --git a/apps/web/src/app/rsvp/page.tsx b/apps/web/src/app/rsvp/page.tsx
index 162b77ec..1c531a35 100644
--- a/apps/web/src/app/rsvp/page.tsx
+++ b/apps/web/src/app/rsvp/page.tsx
@@ -37,8 +37,7 @@ export default async function RsvpPage({
 
 	if (
 		(c.featureFlags.core.requireUsersApproval as boolean) === true &&
-		user.isApproved === false &&
-		user.role === "hacker"
+		user.isApproved === false
 	) {
 		return redirect("/i/approval");
 	}
diff --git a/apps/web/src/app/suspended/page.tsx b/apps/web/src/app/suspended/page.tsx
new file mode 100644
index 00000000..ee9e6110
--- /dev/null
+++ b/apps/web/src/app/suspended/page.tsx
@@ -0,0 +1,40 @@
+import { getCurrentUser } from "@/lib/utils/server/user";
+import { auth } from "@clerk/nextjs/server";
+import { db, eq } from "db";
+import { getUser } from "db/functions";
+import { bannedUsers } from "db/schema";
+
+export default async function Page() {
+	const user = await getCurrentUser();
+
+	const banInstance = await db.query.bannedUsers.findFirst({
+		where: eq(bannedUsers.userID, user.clerkID),
+	});
+	if (!banInstance) return null;
+
+	return (
+		<div className="flex h-screen w-screen justify-center pt-16">
+			<div className="h-fit max-w-md border-2 border-accent p-6">
+				<h1 className="text-center text-2xl font-bold text-destructive">
+					Account Suspended
+				</h1>
+				<h1 className="pt-2 text-center text-lg font-medium">
+					Dear {user.firstName} {user.lastName},
+				</h1>
+				<h3 className="w-full text-center opacity-90">
+					{" "}
+					Your account was suspended
+				</h3>
+				<p className="w-full py-3 opacity-85">
+					<strong>Reason: </strong>
+					{banInstance.reason}
+				</p>
+				<footer className="border-t-2 border-accent pt-1 opacity-75">
+					Contact administration for further assistance.
+				</footer>
+			</div>
+		</div>
+	);
+}
+
+export const runtime = "edge";
diff --git a/apps/web/src/components/Restricted.tsx b/apps/web/src/components/Restricted.tsx
new file mode 100644
index 00000000..52b46e56
--- /dev/null
+++ b/apps/web/src/components/Restricted.tsx
@@ -0,0 +1,48 @@
+import {
+	compareUserPosition,
+	userHasPermission,
+} from "@/lib/utils/server/admin";
+import { PermissionType } from "@/lib/constants/permission";
+import { UserWithRole } from "db/types";
+import { ReactNode } from "react";
+
+function Restricted({
+	user,
+	permissions,
+	children,
+	position = "higher",
+	targetRolePosition = undefined,
+}: {
+	user: UserWithRole;
+	permissions: PermissionType | [PermissionType];
+	children: ReactNode;
+	position?: "higher" | "lower" | "equal";
+	targetRolePosition?: number;
+}) {
+	if (!userHasPermission(user, permissions)) {
+		return <></>;
+	}
+	if (targetRolePosition !== undefined) {
+		if (
+			position === "higher" &&
+			!compareUserPosition(user, targetRolePosition)
+		) {
+			return <></>;
+		}
+		if (
+			position === "lower" &&
+			compareUserPosition(user, targetRolePosition) !== -1
+		) {
+			return <></>;
+		}
+		if (
+			position === "equal" &&
+			compareUserPosition(user, targetRolePosition) !== 0
+		) {
+			return <></>;
+		}
+	}
+	return <>{children}</>;
+}
+
+export default Restricted;
diff --git a/apps/web/src/components/admin/roles/CreateRoleDialog.tsx b/apps/web/src/components/admin/roles/CreateRoleDialog.tsx
new file mode 100644
index 00000000..2a7cc8ea
--- /dev/null
+++ b/apps/web/src/components/admin/roles/CreateRoleDialog.tsx
@@ -0,0 +1,177 @@
+"use client";
+
+import { useState } from "react";
+import {
+	Dialog,
+	DialogContent,
+	DialogHeader,
+	DialogTitle,
+	DialogTrigger,
+} from "@/components/shadcn/ui/dialog";
+import { Button } from "@/components/shadcn/ui/button";
+import { Input } from "@/components/shadcn/ui/input";
+import { Label } from "@/components/shadcn/ui/label";
+import { PermissionType } from "@/lib/constants/permission";
+import { PermissionMask } from "@/lib/utils/shared/permission";
+import { useAction } from "next-safe-action/hooks";
+import { createRole } from "@/actions/admin/role-actions";
+import { toast } from "sonner";
+import Restricted from "@/components/Restricted";
+import { UserWithRole } from "db/types";
+import { userHasPermission } from "@/lib/utils/server/admin";
+
+export default function CreateRoleDialog({
+	currentUser,
+	nextPosition,
+}: {
+	currentUser: UserWithRole;
+	nextPosition: number;
+}) {
+	const [open, setOpen] = useState(false);
+	const [name, setName] = useState("");
+	const [permissionsMask, setPermissionsMask] = useState(0);
+	const [color, setColor] = useState("#000000");
+	const { execute: doCreate } = useAction(createRole, {
+		onError: ({ error }) => {
+			toast.error(
+				"Failed to create role: " +
+					(error.serverError || "Unknown error"),
+			);
+		},
+		onSuccess: () => {
+			toast.success("Role created");
+			setOpen(false);
+			setName("");
+			setPermissionsMask(0);
+			setColor("#000000");
+		},
+	});
+
+	const permissionEntries = Object.keys(PermissionType)
+		.filter((k) => isNaN(Number(k)))
+		.map((k) => ({
+			name: k.replaceAll("_", " "),
+			value: (PermissionType as any)[k] as number,
+		}));
+
+	const hasPermLocal = (perm: PermissionType) => {
+		const mask = new PermissionMask(permissionsMask);
+		return mask.has(perm);
+	};
+
+	// Check if user can assign this permission (they must have it themselves)
+	const canAssignPermission = (perm: PermissionType) => {
+		return userHasPermission(currentUser, perm);
+	};
+
+	const togglePerm = (perm: PermissionType) => {
+		if (!canAssignPermission(perm)) return;
+		setPermissionsMask(new PermissionMask(permissionsMask).toggle(perm));
+	};
+
+	const handleCreate = () => {
+		if (!name.trim()) {
+			toast.error("Role name is required");
+			return;
+		}
+		doCreate({
+			name: name.trim(),
+			position: nextPosition,
+			permissions: permissionsMask,
+			color: color || undefined,
+		});
+	};
+	return (
+		<Restricted
+			user={currentUser}
+			permissions={PermissionType.CREATE_ROLES}
+		>
+			<Dialog open={open} onOpenChange={setOpen}>
+				<DialogTrigger asChild>
+					<Button>Create New Role</Button>
+				</DialogTrigger>
+				<DialogContent className="max-w-2xl">
+					<DialogHeader>
+						<DialogTitle>Create New Role</DialogTitle>
+					</DialogHeader>
+					<div className="grid grid-cols-2 gap-12">
+						<div>
+							<div className="mb-4">
+								<Label htmlFor="name">Role Name</Label>
+								<Input
+									id="name"
+									value={name}
+									onChange={(e) => setName(e.target.value)}
+									placeholder="Enter role name"
+								/>
+							</div>
+							<h4 className="mb-2 font-semibold">Permissions</h4>
+							<div className="space-y-2">
+								{permissionEntries.map((p) => (
+									<div
+										key={p.name}
+										className="flex items-center justify-between"
+									>
+										<div className="flex items-center gap-x-2">
+											<input
+												type="checkbox"
+												checked={hasPermLocal(p.value)}
+												disabled={
+													!canAssignPermission(
+														p.value,
+													)
+												}
+												onChange={() =>
+													togglePerm(p.value)
+												}
+											/>
+											<span
+												className={
+													!canAssignPermission(
+														p.value,
+													)
+														? "text-muted-foreground"
+														: ""
+												}
+											>
+												{p.name}
+											</span>
+										</div>
+										<div className="text-sm text-muted-foreground">
+											{hasPermLocal(p.value)
+												? "Enabled"
+												: "Disabled"}
+											{!canAssignPermission(p.value) &&
+												" (You can't assign this permission)"}
+										</div>
+									</div>
+								))}
+							</div>
+						</div>
+						<div>
+							<h4 className="mb-2 font-semibold">Appearance</h4>
+							<div className="flex items-center gap-x-2">
+								<Label htmlFor="color">Color</Label>
+								<input
+									id="color"
+									type="color"
+									value={color}
+									onChange={(e) => setColor(e.target.value)}
+								/>
+							</div>
+						</div>
+					</div>
+					<div className="mt-4 flex justify-end gap-2">
+						<Button
+							variant="outline"
+							onClick={() => setOpen(false)}
+						>
+							Cancel
+						</Button>
+						<Button onClick={handleCreate}>Create Role</Button>
+					</div>
+				</DialogContent>
+			</Dialog>
+		</Restricted>
+	);
+}
diff --git a/apps/web/src/components/admin/roles/DeleteRoleDialog.tsx b/apps/web/src/components/admin/roles/DeleteRoleDialog.tsx
new file mode 100644
index 00000000..0c5a1631
--- /dev/null
+++ b/apps/web/src/components/admin/roles/DeleteRoleDialog.tsx
@@ -0,0 +1,72 @@
+"use client";
+
+import { useState } from "react";
+import { Button } from "@/components/shadcn/ui/button";
+import {
+	Dialog,
+	DialogContent,
+	DialogHeader,
+	DialogTitle,
+	DialogTrigger,
+} from "@/components/shadcn/ui/dialog";
+import { useAction } from "next-safe-action/hooks";
+import { deleteRole } from "@/actions/admin/role-actions";
+import { toast } from "sonner";
+import { UserWithRole } from "db/types";
+import { InferSelectModel } from "drizzle-orm";
+import { roles } from "db/schema";
+
+type Role = InferSelectModel<typeof roles>;
+
+export default function DeleteRoleDialog({
+	role,
+	class_name,
+}: {
+	role: Role;
+	currentUser: UserWithRole;
+	class_name?: string;
+}) {
+	const [open, setOpen] = useState(false);
+	const { execute: doDelete } = useAction(deleteRole, {
+		onError: ({ error }) => {
+			toast.error(
+				"Failed to delete role: " +
+					(error.serverError || "Unknown error"),
+			);
+		},
+		onSuccess: () => {
+			toast.success("Role deleted successfully");
+			setOpen(false);
+		},
+	});
+
+	return (
+		<Dialog open={open} onOpenChange={setOpen}>
+			<DialogTrigger asChild>
+				<Button variant="destructive" className={class_name}>
+					Delete
+				</Button>
+			</DialogTrigger>
+			<DialogContent>
+				<DialogHeader>
+					<DialogTitle>Delete Role</DialogTitle>
+				</DialogHeader>
+				<p>
+					Are you sure you want to delete the role "{role.name}"? This
+					action cannot be undone.
+				</p>
+				<div className="mt-4 flex justify-end gap-2">
+					<Button variant="outline" onClick={() => setOpen(false)}>
+						Cancel
+					</Button>
+					<Button
+						variant="destructive"
+						onClick={() => doDelete({ roleId: role.id })}
+					>
+						Delete
+					</Button>
+				</div>
+			</DialogContent>
+		</Dialog>
+	);
+}
diff --git a/apps/web/src/components/admin/roles/RoleCard.tsx b/apps/web/src/components/admin/roles/RoleCard.tsx
new file mode 100644
index 00000000..802e3d5d
--- /dev/null
+++ b/apps/web/src/components/admin/roles/RoleCard.tsx
@@ -0,0 +1,210 @@
+"use client";
+
+import { useState, useEffect } from "react";
+import { Button } from "@/components/shadcn/ui/button";
+import {
+	AccordionItem,
+	AccordionTrigger,
+	AccordionContent,
+} from "@/components/shadcn/ui/accordion";
+import Restricted from "@/components/Restricted";
+import { PermissionType } from "@/lib/constants/permission";
+import { PermissionMask } from "@/lib/utils/shared/permission";
+import { ChevronUp, ChevronDown } from "lucide-react";
+import RoleBadge from "@/components/dash/shared/RoleBadge";
+import { UserWithRole } from "db/types";
+import { InferSelectModel } from "drizzle-orm";
+import { roles } from "db/schema";
+import {
+	compareUserPosition,
+	userHasPermission,
+} from "@/lib/utils/server/admin";
+import DeleteRoleDialog from "@/components/admin/roles/DeleteRoleDialog";
+
+type Role = InferSelectModel<typeof roles>;
+
+export default function RoleCard({
+	role,
+	currentUser,
+	onRoleChange,
+	onMove,
+	index,
+	total,
+}: {
+	role: Role;
+	currentUser: UserWithRole;
+	onRoleChange: (r: Role) => void;
+	onMove: (roleId: number, dir: "up" | "down") => void;
+	index: number;
+	total: number;
+}) {
+	const [permissionsMask, setPermissionsMask] = useState<number>(
+		role.permissions ?? 0,
+	);
+	const [color, setColor] = useState<string | null>(role.color ?? "");
+
+	useEffect(() => {
+		setPermissionsMask(role.permissions ?? 0);
+		setColor(role.color ?? "");
+	}, [role]);
+
+	const hasPermLocal = (perm: PermissionType) => {
+		const mask = new PermissionMask(permissionsMask);
+		return mask.has(perm);
+	};
+
+	// Whether current user may toggle this permission on target role (they must have EDIT_ROLES and higher position)
+	const canEditRole = (() => {
+		try {
+			return (
+				userHasPermission(currentUser, PermissionType.EDIT_ROLES) &&
+				compareUserPosition(currentUser, role.position)
+			);
+		} catch (e) {
+			return false;
+		}
+	})();
+
+	// user cannot toggle individual permission bits they don't personally have
+	function canTogglePermission(perm: PermissionType) {
+		return userHasPermission(currentUser, perm) && canEditRole;
+	}
+
+	function togglePerm(perm: PermissionType) {
+		if (!canTogglePermission(perm)) return;
+		const next = new PermissionMask(role.permissions).toggle(perm);
+		setPermissionsMask(next);
+		onRoleChange({ ...role, permissions: next, color });
+	}
+
+	function onColorChange(v: string) {
+		setColor(v);
+		onRoleChange({ ...role, permissions: permissionsMask, color: v });
+	}
+
+	// Build a list of PermissionType entries
+	const permissionEntries = Object.keys(PermissionType)
+		.filter((k) => isNaN(Number(k)))
+		.map((k) => ({
+			name: k.replaceAll("_", " "),
+			value: (PermissionType as any)[k] as number,
+		}));
+
+	return (
+		<AccordionItem
+			value={String(role.id)}
+			className={`p-4 ${canEditRole ? "" : "opacity-40"}`}
+		>
+			<AccordionTrigger asChild>
+				<div className="flex w-full items-center gap-x-3">
+					<div className="flex items-center gap-x-2">
+						<div className="flex flex-col">
+							<div className="flex items-center gap-x-1">
+								<Button
+									size="icon"
+									variant="ghost"
+									onClick={(e) => {
+										e.stopPropagation();
+										onMove(role.id, "up");
+									}}
+									disabled={
+										index === 0 ||
+										!canEditRole ||
+										role.position - 1 ==
+											currentUser.role?.position
+									}
+								>
+									<ChevronUp />
+								</Button>
+								<Button
+									size="icon"
+									variant="ghost"
+									onClick={(e) => {
+										e.stopPropagation();
+										onMove(role.id, "down");
+									}}
+									disabled={
+										index === total - 1 || !canEditRole
+									}
+								>
+									<ChevronDown />
+								</Button>
+							</div>
+						</div>
+						<RoleBadge role={role} />
+					</div>
+
+					<div className="ml-auto mr-4 flex items-center gap-x-2"></div>
+				</div>
+			</AccordionTrigger>
+			<AccordionContent>
+				<div className="grid grid-cols-[1.5fr_0.5fr_0.5fr] gap-12">
+					<div>
+						<h4 className="font-semibold">Permissions</h4>
+						<div className="mt-2 space-y-2">
+							{permissionEntries.map((p) => (
+								<div
+									key={p.name}
+									className="flex items-center justify-between"
+								>
+									<div className="flex items-center gap-x-2">
+										<input
+											type="checkbox"
+											checked={hasPermLocal(p.value)}
+											disabled={
+												!canTogglePermission(p.value) ||
+												!canEditRole
+											}
+											onChange={() => togglePerm(p.value)}
+										/>
+										<span>{p.name}</span>
+									</div>
+									<div className="text-sm text-muted-foreground">
+										{hasPermLocal(p.value)
+											? "Enabled"
+											: "Disabled"}
+									</div>
+								</div>
+							))}
+						</div>
+					</div>
+					<div>
+						<h4 className="font-semibold">Appearance</h4>
+						<div className="mt-2 flex flex-col gap-y-2">
+							<div className="flex items-center gap-x-2">
+								<label className="text-sm">Color</label>
+								{canEditRole ? (
+									<input
+										type="color"
+										value={color || "#000000"}
+										onChange={(e) =>
+											onColorChange(e.target.value)
+										}
+									/>
+								) : (
+									<span className="text-sm text-muted-foreground">
+										{role.color || "—"}
+									</span>
+								)}
+							</div>
+						</div>
+					</div>
+					<div>
+						<Restricted
+							user={currentUser}
+							permissions={PermissionType.DELETE_ROLES}
+							targetRolePosition={role.position}
+							position="higher"
+						>
+							<DeleteRoleDialog
+								role={role}
+								currentUser={currentUser}
+								class_name="mt-4"
+							/>
+						</Restricted>
+					</div>
+				</div>
+			</AccordionContent>
+		</AccordionItem>
+	);
+}
diff --git a/apps/web/src/components/admin/roles/RolesManager.tsx b/apps/web/src/components/admin/roles/RolesManager.tsx
new file mode 100644
index 00000000..bc258b10
--- /dev/null
+++ b/apps/web/src/components/admin/roles/RolesManager.tsx
@@ -0,0 +1,150 @@
+"use client";
+
+import { useState, useEffect } from "react";
+import RoleCard from "@/components/admin/roles/RoleCard";
+import { Accordion } from "@/components/shadcn/ui/accordion";
+import { Button } from "@/components/shadcn/ui/button";
+import { useAction } from "next-safe-action/hooks";
+import { editRole } from "@/actions/admin/role-actions";
+import { toast } from "sonner";
+import CreateRoleDialog from "@/components/admin/roles/CreateRoleDialog";
+import Restricted from "@/components/Restricted";
+import { PermissionType } from "@/lib/constants/permission";
+
+export default function RolesManager({
+	roles: initialRoles,
+	currentUser,
+}: {
+	roles: any[];
+	currentUser: any;
+}) {
+	const [roles, setRoles] = useState(() =>
+		[...initialRoles].sort((a, b) => a.position - b.position),
+	);
+	const [dirty, setDirty] = useState(false);
+	const { execute: doEdit } = useAction(editRole, {
+		onError: ({ error }) => {
+			toast.error(
+				"Failed to save role: " +
+					(error.serverError || "Unknown error"),
+			);
+		},
+		onSuccess: () => {
+			// Individual success not needed since we save all at once
+		},
+	});
+
+	useEffect(() => {
+		setRoles([...initialRoles].sort((a, b) => a.position - b.position));
+	}, [initialRoles]);
+
+	const nextPosition =
+		roles.length > 0 ? Math.max(...roles.map((r) => r.position)) + 1 : 1;
+
+	function onRoleChange(updated: any) {
+		setRoles((prev) => {
+			const next = prev.map((r) =>
+				r.id === updated.id ? { ...r, ...updated } : r,
+			);
+			setDirty(true);
+			return next;
+		});
+	}
+
+	function onMove(roleId: number, dir: "up" | "down") {
+		setRoles((prev) => {
+			const idx = prev.findIndex((r) => r.id === roleId);
+			if (idx === -1) return prev;
+			const next = [...prev];
+			const swapIdx = dir === "up" ? idx - 1 : idx + 1;
+			if (swapIdx < 0 || swapIdx >= next.length) return prev;
+			// swap positions
+			const a = next[idx];
+			const b = next[swapIdx];
+			const aPos = a.position;
+			next[idx] = { ...a, position: b.position };
+			next[swapIdx] = { ...b, position: aPos };
+			setDirty(true);
+			// resort after swap
+			return next.sort((a, b) => a.position - b.position);
+		});
+	}
+
+	const total = roles.length;
+
+	async function saveAll() {
+		// Compute which roles actually changed compared to the original `initialRoles`
+		const changedRoles = roles.filter((r) => {
+			const orig = initialRoles.find((o: any) => o.id === r.id);
+			if (!orig) return true;
+			const origPerm = orig.permissions ?? 0;
+			const rPerm = r.permissions ?? 0;
+			const origColor = orig.color ?? null;
+			const rColor = r.color ?? null;
+			return (
+				orig.name !== r.name ||
+				orig.position !== r.position ||
+				origPerm !== rPerm ||
+				origColor !== rColor
+			);
+		});
+
+		if (changedRoles.length === 0) {
+			toast.success("No changes to save");
+			setDirty(false);
+			return;
+		}
+
+		const promises = changedRoles.map((r) =>
+			doEdit({
+				roleId: r.id,
+				name: r.name,
+				position: r.position,
+				permissions: r.permissions,
+				color: r.color ?? null,
+			}),
+		);
+
+		try {
+			await Promise.all(promises);
+			toast.success("All changes saved successfully");
+			setDirty(false);
+		} catch (e: any) {
+			// Errors are handled by onError callback
+			console.error(e);
+		}
+	}
+
+	return (
+		<div>
+			<div className="mb-4 flex justify-end">
+				<Restricted
+					user={currentUser}
+					permissions={PermissionType.CREATE_ROLES}
+				>
+					<CreateRoleDialog
+						currentUser={currentUser}
+						nextPosition={nextPosition}
+					/>
+				</Restricted>
+			</div>
+			<Accordion type="multiple" className="w-full">
+				{roles.map((r, i) => (
+					<RoleCard
+						key={r.id}
+						role={r}
+						currentUser={currentUser}
+						onRoleChange={onRoleChange}
+						onMove={onMove}
+						index={i}
+						total={total}
+					/>
+				))}
+			</Accordion>
+
+			<div className="fixed bottom-0 right-0 m-8">
+				{dirty ? <Button onClick={saveAll}>Save Changes</Button> : null}
+			</div>
+		</div>
+	);
+}
diff --git a/apps/web/src/components/admin/scanner/PassScanner.tsx b/apps/web/src/components/admin/scanner/PassScanner.tsx
index f7c1d936..e6429b55 100644
--- a/apps/web/src/components/admin/scanner/PassScanner.tsx
+++ b/apps/web/src/components/admin/scanner/PassScanner.tsx
@@ -63,7 +63,7 @@ export default function PassScanner({
 		: "Not Checked In";
 	const guild =
 		Object.keys(c.groups)[scanUser?.hackerData.group || 0] ?? "None";
-	const role = scanUser?.role ? scanUser?.role : "Not Found";
+	const role = scanUser?.role?.name ? scanUser?.role?.name : "Not Found";
 
 	function handleScanCreate() {
 		const params = new URLSearchParams(searchParams.toString());
diff --git a/apps/web/src/components/admin/users/BanUserDialog.tsx b/apps/web/src/components/admin/users/BanUserDialog.tsx
new file mode 100644
index 00000000..1e0204dd
--- /dev/null
+++ b/apps/web/src/components/admin/users/BanUserDialog.tsx
@@ -0,0 +1,79 @@
+"use client";
+import {
+	Dialog,
+	DialogContent,
+	DialogDescription,
+	DialogFooter,
+	DialogHeader,
+	DialogTitle,
+	DialogTrigger,
+} from "@/components/shadcn/ui/dialog";
+import { Button } from "@/components/shadcn/ui/button";
+import { toast } from "sonner";
+import { useAction } from "next-safe-action/hooks";
+import { banUser } from "@/actions/admin/user-actions";
+import { useState } from "react";
+import { Textarea } from "@/components/shadcn/ui/textarea";
+
+interface BanUserDialogProps {
+	userID: string;
+	name: string;
+}
+
+export default function BanUserDialog({ userID, name }: BanUserDialogProps) {
+	const [reason, setReason] = useState("");
+	const [open, setOpen] = useState(false);
+
+	const { execute } = useAction(banUser, {
+		async onSuccess() {
+			toast.dismiss();
+			toast.success("Successfully Banned!");
+		},
+		async onError(e) {
+			toast.dismiss();
+			toast.error("An error occurred while banning this user.");
+			console.error(e);
+		},
+	});
+
+	return (
+		<Dialog open={open} onOpenChange={setOpen}>
+			<DialogTrigger asChild>
+				<Button variant={"destructive"}>Ban</Button>
+			</DialogTrigger>
+			<DialogContent className="sm:max-w-[425px]">
+				<DialogHeader>
+					<DialogTitle>Ban {name}.</DialogTitle>
+					<DialogDescription>
+						Ban this user (not permanent action).
+					</DialogDescription>
+				</DialogHeader>
+				<div className="grid gap-4 py-4">
+					<div className="flex">
+						<Textarea
+							placeholder="Reason"
+							rows={3}
+							onChange={(event) => setReason(event.target.value)}
+						/>
+					</div>
+				</div>
+				<DialogFooter>
+					<Button
+						onClick={() => {
+							toast.loading("Banning User...", { duration: 0 });
+							execute({
+								userIDToUpdate: userID,
+								reason: reason,
+							});
+							setOpen(false);
+						}}
+						type="submit"
+						variant={"destructive"}
+					>
+						<span className="text-nowrap">Ban</span>
+					</Button>
+				</DialogFooter>
+			</DialogContent>
+		</Dialog>
+	);
+}
diff --git a/apps/web/src/components/admin/users/RemoveUserBanDialog.tsx b/apps/web/src/components/admin/users/RemoveUserBanDialog.tsx
new file mode 100644
index 00000000..a592e88d
--- /dev/null
+++ b/apps/web/src/components/admin/users/RemoveUserBanDialog.tsx
@@ -0,0 +1,67 @@
+"use client";
+import {
+	Dialog,
+	DialogContent,
+	DialogTrigger,
+} from "@/components/shadcn/ui/dialog";
+import { Button } from "@/components/shadcn/ui/button";
+import { toast } from "sonner";
+import { useAction } from "next-safe-action/hooks";
+import { removeUserBan } from "@/actions/admin/user-actions";
+import { useState } from "react";
+
+interface BanUserDialogProps {
+	userID: string;
+	name: string;
+	reason: string;
+}
+
+export default function RemoveUserBanDialog({
+	userID,
+	reason,
+	name,
+}: BanUserDialogProps) {
+	const [open, setOpen] = useState(false);
+
+	const { execute } = useAction(removeUserBan, {
+		async onSuccess() {
+			toast.dismiss();
+			toast.success("Suspension successfully removed!");
+		},
+		async onError(e) {
+			toast.dismiss();
+			toast.error("An error occurred while removing suspension.");
+			console.error(e);
+		},
+	});
+
+	return (
+		<Dialog open={open} onOpenChange={setOpen}>
+			<DialogTrigger asChild>
+				<Button variant={"destructive"}>Unban</Button>
+			</DialogTrigger>
+			<DialogContent>
+				<div className="font-bold">
+					Are you sure you want to unban {name}?
+				</div>
+				<div className="pt-2">
+					<strong className="font-medium">Reason for ban:</strong>{" "}
+					{reason}
+				</div>
+				<Button
+					onClick={() => {
+						toast.loading("Unbanning User...", { duration: 0 });
+						execute({
+							userIDToUpdate: userID,
+						});
+						setOpen(false);
+					}}
+					type="submit"
+					variant={"destructive"}
+				>
+					<span className="text-nowrap">Unban</span>
+				</Button>
+			</DialogContent>
+		</Dialog>
+	);
+}
diff --git a/apps/web/src/components/admin/users/ServerSections.tsx b/apps/web/src/components/admin/users/ServerSections.tsx
index 21b7c6cb..951654ee 100644
--- a/apps/web/src/components/admin/users/ServerSections.tsx
+++ b/apps/web/src/components/admin/users/ServerSections.tsx
@@ -1,9 +1,9 @@
 import UserInfoSection from "@/components/admin/users/UserInfoSection";
 import type { Hacker } from "db/types";
-import { titleCase } from "title-case";
 import { Button } from "@/components/shadcn/ui/button";
 import Link from "next/link";
 import { clerkClient } from "@clerk/nextjs/server";
+import { titleCase } from "@/lib/utils/shared/string";
 
 export function PersonalInfo({ user }: { user: Hacker }) {
 	return (
diff --git a/apps/web/src/components/admin/users/UpdateRoleDialog.tsx b/apps/web/src/components/admin/users/UpdateRoleDialog.tsx
index edf59a25..cea26185 100644
--- a/apps/web/src/components/admin/users/UpdateRoleDialog.tsx
+++ b/apps/web/src/components/admin/users/UpdateRoleDialog.tsx
@@ -16,30 +16,34 @@ import {
 	SelectValue,
 } from "@/components/shadcn/ui/select";
 import { Button } from "@/components/shadcn/ui/button";
-import { perms } from "config";
 import { toast } from "sonner";
 import { useAction } from "next-safe-action/hooks";
 import { updateRole } from "@/actions/admin/user-actions";
 import { useState } from "react";
-import { titleCase } from "title-case";
 import { Badge } from "@/components/shadcn/ui/badge";
+import { db } from "db";
+import { titleCase } from "@/lib/utils/shared/string";
 
 interface UpdateRoleDialogProps {
 	userID: string;
 	name: string;
-	currPermision: (typeof perms)[number];
-	canMakeAdmins: boolean;
+	currentRoleId: number;
 }
 
-export default function UpdateRoleDialog({
+export default async function UpdateRoleDialog({
 	userID,
-	currPermision,
-	canMakeAdmins,
+	currentRoleId,
 	name,
 }: UpdateRoleDialogProps) {
-	const [roleToSet, setRoleToSet] = useState(currPermision);
+	const [roleToSet, setRoleToSet] = useState(currentRoleId);
 	const [open, setOpen] = useState(false);
 
+	const roles = await db.query.roles.findMany();
+
+	const currentRoleName = titleCase(
+		roles.find((r) => r.id === currentRoleId)?.name.replace("_", " ") || "",
+	);
+
 	const { execute } = useAction(updateRole, {
 		async onSuccess() {
 			toast.dismiss();
@@ -66,41 +70,15 @@ export default function UpdateRoleDialog({
 				</DialogHeader>
 				<div className="grid gap-4 py-4">
 					<div className="flex">
-						{/* <Label htmlFor="name" className="text-right">
-                        HackerTag
-                    </Label>
-                    <Input
-                        onChange={(e) => setHackerTag(e.target.value)}
-                        id="name"
-                        placeholder="@HackerTag"
-                        className="col-span-3"
-                    /> */}
-						<Select
-							onValueChange={(v) =>
-								setRoleToSet(v as (typeof perms)[number])
-							}
-						>
+						<Select onValueChange={(v) => setRoleToSet(Number(v))}>
 							<SelectTrigger className="w-[180px]">
-								<SelectValue
-									placeholder={titleCase(
-										currPermision.replace("_", " "),
-									)}
-								/>
+								<SelectValue placeholder={currentRoleName} />
 							</SelectTrigger>
 							<SelectContent>
-								{/* <SelectItem value="light">Light</SelectItem>
-								<SelectItem value="dark">Dark</SelectItem>
-								<SelectItem value="system">System</SelectItem> */}
-								{perms.map((perm) => {
-									if (
-										!canMakeAdmins &&
-										(perm === "admin" ||
-											perm === "super_admin")
-									)
-										return null;
+								{roles.map(({ id, name }) => {
 									return (
-										<SelectItem key={perm} value={perm}>
-											{titleCase(perm.replace("_", " "))}
+										<SelectItem key={id} value={String(id)}>
+											{titleCase(name.replace("_", " "))}
 										</SelectItem>
 									);
 								})}
@@ -109,27 +87,23 @@ export default function UpdateRoleDialog({
 					</div>
 				</div>
 				<DialogFooter>
-					{roleToSet !== currPermision ? (
+					{roleToSet !== currentRoleId ? (
 						<div className="flex h-full w-full items-center justify-center gap-x-2 self-end sm:justify-start">
-							<Badge>
-								{titleCase(currPermision.replace("_", " "))}
-							</Badge>
+							<Badge>{currentRoleName}</Badge>
 							<span>&rarr;</span>
-							<Badge>
-								{titleCase(roleToSet.replace("_", " "))}
-							</Badge>
+							<Badge>{currentRoleName}</Badge>
 						</div>
 					) : null}
 					<Button
 						onClick={() => {
-							if (roleToSet === currPermision) {
+							if (roleToSet === currentRoleId) {
 								return toast.warning(
 									"The user already has this role.",
 								);
 							}
 							toast.loading("Updating role...", { duration: 0 });
 							execute({
-								roleToSet,
+								roleIdToSet: roleToSet,
 								userIDToUpdate: userID,
 							});
 							setOpen(false);
diff --git a/apps/web/src/components/admin/users/UserColumns.tsx b/apps/web/src/components/admin/users/UserColumns.tsx
index 63ecc115..85ff7b6f 100644
--- a/apps/web/src/components/admin/users/UserColumns.tsx
+++ b/apps/web/src/components/admin/users/UserColumns.tsx
@@ -21,21 +21,14 @@ import type { Column, Row } from "@tanstack/react-table";
 import { dataTableFuzzyFilter } from "@/lib/utils/client/shared";
 import { Badge } from "@/components/shadcn/ui/badge";
 
-const userValidator = createSelectSchema(userCommonData);
+const userValidator = createSelectSchema(userCommonData).extend({
+	role: z.object({
+		name: z.string(),
+	}),
+});
 
 // default fuzzy search and add filters by each column if possible
-export type userValidatorType = Pick<
-	z.infer<typeof userValidator>,
-	| "clerkID"
-	| "signupTime"
-	| "firstName"
-	| "lastName"
-	| "email"
-	| "role"
-	| "isRSVPed"
-	| "hackerTag"
-	| "checkinTimestamp"
->;
+export type userValidatorType = z.infer<typeof userValidator>;
 
 type UserColumnType = Column<userValidatorType, unknown>;
 
@@ -73,7 +66,7 @@ export const columns: ColumnDef<userValidatorType>[] = [
 		filterFn: dataTableFuzzyFilter,
 	},
 	{
-		accessorKey: "role",
+		accessorKey: "role.name",
 		header: ({ column }) => (
 			<UserTableHeader name="Role" column={column} hasFilter={true} />
 		),
@@ -124,13 +117,6 @@ export const columns: ColumnDef<userValidatorType>[] = [
 			</span>
 		),
 	},
-	// {
-	// 	accessorKey: "role",
-	// 	header: ({ column }) => (
-	// 		<UserTableHeader name="Role" column={column} hasFilter={true} />
-	// 	),
-	// 	filterFn: "includesString",
-	// },
 	{
 		accessorKey: "signupTime",
 		header: ({ column }) => (
diff --git a/apps/web/src/components/dash/shared/RoleBadge.tsx b/apps/web/src/components/dash/shared/RoleBadge.tsx
index 78381f1b..b9aecb1e 100644
--- a/apps/web/src/components/dash/shared/RoleBadge.tsx
+++ b/apps/web/src/components/dash/shared/RoleBadge.tsx
@@ -1,30 +1,39 @@
-import c from "config";
 import { Badge } from "@/components/shadcn/ui/badge";
 import { BadgeCheck } from "lucide-react";
+import { roles } from "db/schema";
+import { InferSelectModel } from "drizzle-orm";
 
 interface RoleBadgeProps {
-	role: keyof typeof c.roleBadges;
+	role: InferSelectModel<typeof roles>;
+}
+
+function getContrastColor(hex: string) {
+	// fallback
+	if (!hex) return "#000";
+	const cleaned = hex.replace("#", "");
+	const r = parseInt(cleaned.substring(0, 2), 16);
+	const g = parseInt(cleaned.substring(2, 4), 16);
+	const b = parseInt(cleaned.substring(4, 6), 16);
+	// luminance formula
+	const luminance = (0.2126 * r + 0.7152 * g + 0.0722 * b) / 255;
+	return luminance > 0.6 ? "#000" : "#fff";
 }
 
 export default function RoleBadge({ role }: RoleBadgeProps) {
+	const bg = role.color || "#e5e7eb"; // default gray-200
+	const fg = getContrastColor(bg);
+
 	return (
 		<Badge
-			style={{ backgroundColor: c.roleBadges[role].color }}
-			className={`${c.roleBadges[role].checked ? "px-1" : ""} gap-x-1`}
+			style={{ backgroundColor: bg, height: "32px" }}
+			className={`gap-x-1 px-2`}
 		>
-			<span style={{ color: c.roleBadges[role].foreground }}>
-				{c.roleBadges[role].title}
+			<span style={{ color: fg }} className="weight-700 uppercase">
+				{role.name.replace(/_/g, " ")}
 			</span>
-			{c.roleBadges[role].checked ? (
-				<BadgeCheck
-					className="text-lg"
-					style={{
-						color:
-							typeof c.roleBadges[role].checked == "boolean"
-								? `color-mix(in hsl longer hue, ${c.roleBadges[role].color} 95%, ${c.roleBadges[role].foreground})`
-								: (c.roleBadges[role].checked as string),
-					}}
-				/>
+			{/* show check icon if this role has any permissions (simple heuristic) */}
+			{role.permissions ? (
+				<BadgeCheck className="weight-700" style={{ color: fg }} />
 			) : null}
 		</Badge>
 	);
diff --git a/apps/web/src/components/events/admin/NewEventForm.tsx b/apps/web/src/components/events/admin/NewEventForm.tsx
index efc9c0d1..a486ded3 100644
--- a/apps/web/src/components/events/admin/NewEventForm.tsx
+++ b/apps/web/src/components/events/admin/NewEventForm.tsx
@@ -25,9 +25,9 @@ import { Textarea } from "@/components/shadcn/ui/textarea";
 import c from "config";
 import { DateTimePicker } from "@/components/shadcn/ui/date-time-picker/date-time-picker";
 import { parseAbsolute, getLocalTimeZone } from "@internationalized/date";
-import { zpostSafe } from "@/lib/utils/client/zfetch";
-import { BasicRedirValidator } from "@/validators/shared/basicRedir";
-import { useState } from "react";
+import { useAction } from "next-safe-action/hooks";
+import { createEvent } from "@/actions/admin/event-actions";
+import { useCallback, useState } from "react";
 import { LoaderPinwheel } from "lucide-react";
 import { useRouter } from "next/navigation";
 import { ONE_HOUR_IN_MILLISECONDS } from "@/lib/constants";
@@ -41,6 +41,31 @@ export default function NewEventForm({ defaultDate }: NewEventFormProps) {
 	const router = useRouter();
 	const userLocalTimeZone = getLocalTimeZone();
 
+	const { execute } = useAction(createEvent, {
+		onExecute: () => setLoading(true),
+		onSettled: () => setLoading(false),
+		onSuccess: () => {
+			toast.success(
+				"Event Created Successfully! Redirecting to event...",
+			);
+			setTimeout(() => {
+				router.push("/admin/events");
+			}, 2000);
+		},
+		onError: ({ error }) => {
+			let description: string;
+
+			if (error.validationErrors?._errors) {
+				// User is not super admin
+				description = error.validationErrors._errors[0];
+			} else {
+				description = error.serverError || "An unknown error occurred";
+			}
+
+			toast.error("Unable to edit event", { description });
+		},
+	});
+
 	const form = useForm<z.infer<typeof newEventFormSchema>>({
 		resolver: zodResolver(newEventFormSchema),
 		defaultValues: {
@@ -54,26 +79,19 @@ export default function NewEventForm({ defaultDate }: NewEventFormProps) {
 		},
 	});
 
-	async function onSubmit(values: z.infer<typeof newEventFormSchema>) {
-		setLoading(true);
-		const res = await zpostSafe({
-			url: "/api/admin/events/create",
-			body: values,
-			superReq: true,
-			vReq: newEventFormSchema,
-			vRes: BasicRedirValidator,
-		});
-		setLoading(false);
-		if (res.success) {
-			toast.success("Event Created Successfully! Redirecting to event");
-			router.push(res.data.redirect);
-		} else {
-			toast.error(
-				"Failed to create event, please try again. Error:\n\n" +
-					res.error,
-			);
-		}
-	}
+	const onSubmit = useCallback(
+		(values: z.infer<typeof newEventFormSchema>) => {
+			if (form.formState.isDirty) {
+				execute(values);
+			} else {
+				toast.error("Failed to create event", {
+					description:
+						"Please make changes to the form before submitting it!",
+				});
+			}
+		},
+		[form.formState.isDirty],
+	);
 
 	return (
 		<Form {...form}>
diff --git a/apps/web/src/components/shadcn/ui/accordion.tsx b/apps/web/src/components/shadcn/ui/accordion.tsx
index 6d13f3a9..20851dab 100644
--- a/apps/web/src/components/shadcn/ui/accordion.tsx
+++ b/apps/web/src/components/shadcn/ui/accordion.tsx
@@ -28,13 +28,15 @@ const AccordionTrigger = React.forwardRef<
 		<AccordionPrimitive.Trigger
 			ref={ref}
 			className={cn(
-				"flex flex-1 items-center justify-between py-4 font-medium transition-all hover:underline [&[data-state=open]>svg]:rotate-180",
+				"flex flex-1 items-center justify-between py-4 font-medium transition-all [&[data-state=open]>svg]:rotate-180",
 				className,
 			)}
 			{...props}
 		>
-			{children}
-			<ChevronDown className="h-4 w-4 shrink-0 transition-transform duration-200" />
+			<div>
+				{children}
+				<ChevronDown className="h-4 w-4 shrink-0 transition-transform duration-200" />
+			</div>
 		</AccordionPrimitive.Trigger>
 	</AccordionPrimitive.Header>
 ));
diff --git a/apps/web/src/components/shadcn/ui/button.tsx b/apps/web/src/components/shadcn/ui/button.tsx
index b50a2e1b..4006280b 100644
--- a/apps/web/src/components/shadcn/ui/button.tsx
+++ b/apps/web/src/components/shadcn/ui/button.tsx
@@ -22,7 +22,7 @@ const buttonVariants = cva(
 			},
 			size: {
 				default: "h-10 px-4 py-2",
-				sm: "h-9 rounded-md px-3",
+				sm: "h-7 rounded-md px-2",
 				lg: "h-11 rounded-md px-8",
 				icon: "h-10 w-10",
 			},
diff --git a/apps/web/src/components/shared/ClientToast.tsx b/apps/web/src/components/shared/ClientToast.tsx
index 9fd01e7c..9da362f0 100644
--- a/apps/web/src/components/shared/ClientToast.tsx
+++ b/apps/web/src/components/shared/ClientToast.tsx
@@ -3,8 +3,20 @@ import { Toaster } from "sonner";
 
 interface clientToastOptions {
 	richColors?: boolean;
+	duration?: number;
+	position?: "top-right" | "top-left" | "bottom-right" | "bottom-left";
 }
 
-export default function ClientToast({ richColors = true }: clientToastOptions) {
-	return <Toaster richColors={richColors} />;
+export default function ClientToast({
+	richColors = true,
+	duration,
+	position,
+}: clientToastOptions) {
+	return (
+		<Toaster
+			richColors={richColors}
+			duration={duration}
+			position={position}
+		/>
+	);
 }
diff --git a/apps/web/src/components/shared/ProfileButton.tsx b/apps/web/src/components/shared/ProfileButton.tsx
index 83730ab3..e406b25a 100644
--- a/apps/web/src/components/shared/ProfileButton.tsx
+++ b/apps/web/src/components/shared/ProfileButton.tsx
@@ -21,6 +21,8 @@ import DefaultDropdownTrigger from "../dash/shared/DefaultDropDownTrigger";
 import MobileNavBarLinks from "./MobileNavBarLinks";
 import { getUser } from "db/functions";
 import { clientLogOut } from "@/lib/utils/server/user";
+import Restricted from "../Restricted";
+import { PermissionType } from "@/lib/constants/permission";
 
 export default async function ProfileButton() {
 	const clerkUser = await auth();
@@ -153,15 +155,15 @@ export default async function ProfileButton() {
 							Event Pass
 						</DropdownMenuItem>
 					</Link>
-					{["admin", "super_admin", "volunteer"].includes(
-						user.role,
-					) && (
+
+					<Restricted user={user} permissions={PermissionType.ADMIN}>
 						<Link href={`/admin`}>
 							<DropdownMenuItem className="cursor-pointer text-hackathon">
 								Admin
 							</DropdownMenuItem>
 						</Link>
-					)}
+					</Restricted>
+
 					<MobileNavBarLinks />
 					<DropdownMenuSeparator className="bg-[rgb(228,228,231)] dark:bg-[rgb(39,39,42)]" />
 					<Link href={`/bug-report`}>
diff --git a/apps/web/src/lib/constants/permission.ts b/apps/web/src/lib/constants/permission.ts
new file mode 100644
index 00000000..651d78a5
--- /dev/null
+++ b/apps/web/src/lib/constants/permission.ts
@@ -0,0 +1,28 @@
+export enum PermissionType {
+	//! DANGER: DO NOT CHANGE ANYTHING (NAMINGS, VALUES) OR REARRANGE. CAN CAUSE MAJOR ISSUES.
+	ADMIN = 1 << 0, // can access admin panel
+
+	VIEW_ROLES = 1 << 1,
+	CREATE_ROLES = 1 << 2,
+	EDIT_ROLES = 1 << 3,
+	DELETE_ROLES = 1 << 4,
+
+	VIEW_USERS = 1 << 5,
+	CHANGE_USER_ROLES = 1 << 6,
+	BAN_USERS = 1 << 7,
+
+	VIEW_EVENTS = 1 << 8,
+	CREATE_EVENTS = 1 << 9,
+	EDIT_EVENTS = 1 << 10,
+	DELETE_EVENTS = 1 << 11,
+
+	CHECK_IN = 1 << 12,
+	CREATE_SCANS = 1 << 13,
+
+	MANAGE_NAVLINKS = 1 << 14,
+	MANAGE_REGISTRATION = 1 << 15,
+
+	/* You can add new permissions following the pattern:
+		NEW_PERMISSION = 1 << n,
+	*/
+}
diff --git a/apps/web/src/lib/safe-action.ts b/apps/web/src/lib/safe-action.ts
index 822408a9..c6dc74b3 100644
--- a/apps/web/src/lib/safe-action.ts
+++ b/apps/web/src/lib/safe-action.ts
@@ -1,5 +1,6 @@
 import {
 	createSafeActionClient,
+	DEFAULT_SERVER_ERROR_MESSAGE,
 	returnValidationErrors,
 } from "next-safe-action";
 import { auth } from "@clerk/nextjs/server";
@@ -7,7 +8,12 @@ import { getUser } from "db/functions";
 import { z } from "zod";
 import { isUserAdmin } from "./utils/server/admin";
 
-export const publicAction = createSafeActionClient();
+export const publicAction = createSafeActionClient({
+	handleServerError: (error) => {
+		if (error instanceof Error && error.message) return error.message;
+		return DEFAULT_SERVER_ERROR_MESSAGE;
+	},
+});
 
 export const authenticatedAction = publicAction.use(
 	// TODO: Add registration check here?
@@ -25,10 +31,7 @@ export const authenticatedAction = publicAction.use(
 export const volunteerAction = authenticatedAction.use(
 	async ({ next, ctx }) => {
 		const user = await getUser(ctx.userId);
-		if (
-			!user ||
-			!["admin", "super_admin", "volunteer"].includes(user.role)
-		) {
+		if (!user || !isUserAdmin(user)) {
 			returnValidationErrors(z.null(), {
 				_errors: ["Unauthorized (Not Admin)"],
 			});
diff --git a/apps/web/src/lib/utils/server/admin.ts b/apps/web/src/lib/utils/server/admin.ts
index d91062cb..16113606 100644
--- a/apps/web/src/lib/utils/server/admin.ts
+++ b/apps/web/src/lib/utils/server/admin.ts
@@ -1,5 +1,35 @@
-import type { User } from "db/types";
+import { PermissionMask } from "@/lib/utils/shared/permission";
+import { PermissionType } from "@/lib/constants/permission";
+import { UserWithRole } from "db/types";
 
-export function isUserAdmin(user: User) {
-	return ["admin", "super_admin"].includes(user.role);
+export function userHasPermission(
+	user: UserWithRole,
+	permissions: PermissionType | [PermissionType],
+): boolean {
+	const userPermissionMask = new PermissionMask(user.role?.permissions || 0);
+
+	if (Array.isArray(permissions)) {
+		return permissions.every((permission) =>
+			userPermissionMask.has(permission),
+		);
+	}
+
+	return userPermissionMask.has(permissions);
+}
+
+export function isUserAdmin(user: UserWithRole): boolean {
+	return userHasPermission(user, PermissionType.ADMIN);
+}
+
+export function compareUserPosition(
+	user: UserWithRole,
+	targetRolePosition: number,
+): 1 | -1 | 0 {
+	const userRolePosition = user.role?.position ?? Number.MAX_SAFE_INTEGER;
+	if (userRolePosition < targetRolePosition) {
+		return 1;
+	} else if (userRolePosition == targetRolePosition) {
+		return 0;
+	}
+	return -1;
 }
diff --git a/apps/web/src/lib/utils/server/user.ts b/apps/web/src/lib/utils/server/user.ts
index 4789dea3..64159848 100644
--- a/apps/web/src/lib/utils/server/user.ts
+++ b/apps/web/src/lib/utils/server/user.ts
@@ -1,5 +1,23 @@
+import { auth } from "@clerk/nextjs/server";
+import { getUser } from "db/functions";
+import { UserWithRole } from "db/types";
 import { redirect } from "next/navigation";
+import { cache } from "react";
 export async function clientLogOut() {
 	"use server";
 	redirect("/");
 }
+
+export const getCurrentUser = cache(async (): Promise<UserWithRole> => {
+	"use server";
+	const { userId } = await auth();
+	if (!userId) {
+		return redirect("/login");
+	}
+	const user = await getUser(userId);
+	if (!user) {
+		return redirect("/login");
+	}
+
+	return user;
+});
diff --git a/apps/web/src/lib/utils/shared/permission.ts b/apps/web/src/lib/utils/shared/permission.ts
new file mode 100644
index 00000000..cb47a7b1
--- /dev/null
+++ b/apps/web/src/lib/utils/shared/permission.ts
@@ -0,0 +1,35 @@
+import { PermissionType } from "@/lib/constants/permission";
+
+class PermissionMask {
+	mask: number;
+
+	constructor(mask: number) {
+		this.mask = mask;
+	}
+
+	has(perm: PermissionType): boolean {
+		return (this.mask & perm) !== 0;
+	}
+
+	add(perm: PermissionType): number {
+		return this.mask | perm;
+	}
+
+	remove(perm: PermissionType): number {
+		return this.mask & ~perm;
+	}
+
+	toggle(perm: PermissionType): number {
+		return this.mask ^ perm;
+	}
+
+	hasAny(perms: PermissionType[]): boolean {
+		return perms.some((p) => (this.mask & p) !== 0);
+	}
+
+	hasAll(perms: PermissionType[]): boolean {
+		return perms.every((p) => (this.mask & p) !== 0);
+	}
+}
+
+export { PermissionMask };
diff --git a/apps/web/src/lib/utils/shared/string.ts b/apps/web/src/lib/utils/shared/string.ts
new file mode 100644
index 00000000..762bf0b5
--- /dev/null
+++ b/apps/web/src/lib/utils/shared/string.ts
@@ -0,0 +1,12 @@
+export function titleCase(str: string): string {
+	if (!str) {
+		return "";
+	}
+	return str
+		.toLowerCase()
+		.split(" ")
+		.map(function (word) {
+			return word.charAt(0).toUpperCase() + word.substr(1);
+		})
+		.join(" ");
+}
diff --git a/apps/web/src/middleware.ts b/apps/web/src/middleware.ts
index 0884dde4..7e739264 100644
--- a/apps/web/src/middleware.ts
+++ b/apps/web/src/middleware.ts
@@ -1,7 +1,9 @@
 import { clerkMiddleware, createRouteMatcher } from "@clerk/nextjs/server";
 import { NextResponse } from "next/server";
-import type { NextRequest } from "next/server";
 import { publicRoutes } from "config";
+import { bannedUsers } from "db/schema";
+import { db } from "db";
+import { eq } from "db/drizzle";
 
 const isPublicRoute = createRouteMatcher(publicRoutes);
 
@@ -19,6 +21,14 @@ export default clerkMiddleware(async (auth, req) => {
 
 	if (!isPublicRoute(req)) {
 		await auth.protect();
+
+		const isBanned = !!(await db.query.bannedUsers.findFirst({
+			where: eq(bannedUsers.userID, (await auth()).userId!),
+		}));
+
+		if (isBanned) {
+			return NextResponse.rewrite(new URL("/suspended", req.url));
+		}
 	}
 
 	return NextResponse.next();
diff --git a/apps/web/src/validators/event.ts b/apps/web/src/validators/event.ts
index 00827bcb..fa1687b7 100644
--- a/apps/web/src/validators/event.ts
+++ b/apps/web/src/validators/event.ts
@@ -16,4 +16,6 @@ export const newEventFormSchema = createInsertSchema(events, {
 	path: ["startTime"],
 });
 
+export const editEventFormSchema = newEventFormSchema;
+
 export const eventDataTableValidator = createSelectSchema(events);
diff --git a/apps/web/src/validators/shared/registration.ts b/apps/web/src/validators/shared/registration.ts
index e41ab2a7..45f16b6d 100644
--- a/apps/web/src/validators/shared/registration.ts
+++ b/apps/web/src/validators/shared/registration.ts
@@ -178,7 +178,7 @@ export const hackerRegistrationFormValidator = z
 		clerkID: true,
 		isFullyRegistered: true,
 		signupTime: true,
-		role: true,
+		role_id: true,
 		isRSVPed: true,
 		isApproved: true,
 		group: true,
@@ -210,7 +210,7 @@ export const hackerRegistrationValidatorLocalStorage =
 			clerkID: true,
 			isFullyRegistered: true,
 			signupTime: true,
-			role: true,
+			role_id: true,
 			isRSVPed: true,
 			isApproved: true,
 			group: true,
diff --git a/packages/config/hackkit.config.ts b/packages/config/hackkit.config.ts
index daf34ec2..5957964c 100644
--- a/packages/config/hackkit.config.ts
+++ b/packages/config/hackkit.config.ts
@@ -912,6 +912,8 @@ const c = {
 			Overview: "/admin",
 			Users: "/admin/users",
 			Events: "/admin/events",
+			Roles: "/admin/roles",
+			Toggles: "/admin/toggles",
 			"Hackathon Check-in": "/admin/check-in",
 		},
 	},
@@ -988,14 +990,14 @@ const staticUploads = {
 
 // Its important that this is kept in sync with the database schema.
 
-const perms = [
-	"hacker",
-	"volunteer",
-	"mentor",
-	"mlh",
-	"admin",
-	"super_admin",
-] as const;
+// const perms = [
+// 	"hacker",
+// 	"volunteer",
+// 	"mentor",
+// 	"mlh",
+// 	"admin",
+// 	"super_admin",
+// ] as const;
 
 const discordInviteStatus = ["pending", "accepted", "declined"] as const;
 
@@ -1020,13 +1022,15 @@ const publicRoutes = [
 	/^\/sign-up(\/.*)?$/,
 ];
 
+const defaultRoleId = 2;
+
 export default c;
 export {
 	defaultTheme,
-	perms,
 	discordInviteStatus,
 	ticketStatus,
 	discordVerificationStatus,
 	publicRoutes,
 	staticUploads,
+	defaultRoleId,
 };
diff --git a/packages/db/drizzle/0001_smooth_squadron_supreme.sql b/packages/db/drizzle/0001_smooth_squadron_supreme.sql
new file mode 100644
index 00000000..90410431
--- /dev/null
+++ b/packages/db/drizzle/0001_smooth_squadron_supreme.sql
@@ -0,0 +1,21 @@
+-- Drop old stuff (safe if they don't exist)
+DROP TABLE IF EXISTS `invites`;
+DROP TABLE IF EXISTS `teams`;
+
+-- Remove the old column from user_hacker_data (SQLite ≥ 3.35 supports DROP COLUMN)
+ALTER TABLE `user_hacker_data` DROP COLUMN `team_id`;
+
+-- Create the final banned_users table in its desired shape
+CREATE TABLE `banned_users` (
+  `id`          INTEGER PRIMARY KEY NOT NULL,
+  `user_id`     TEXT(255) NOT NULL,
+  `reason`      TEXT,
+  `created_at`  INTEGER DEFAULT (current_timestamp) NOT NULL,
+  `banned_by_id` TEXT(255) NOT NULL,
+  FOREIGN KEY (`user_id`)
+    REFERENCES `user_common_data`(`clerk_id`)
+    ON UPDATE NO ACTION ON DELETE CASCADE,
+  FOREIGN KEY (`banned_by_id`)
+    REFERENCES `user_common_data`(`clerk_id`)
+    ON UPDATE NO ACTION ON DELETE CASCADE
+);
\ No newline at end of file
diff --git a/packages/db/drizzle/0002_slimy_talos.sql b/packages/db/drizzle/0002_slimy_talos.sql
new file mode 100644
index 00000000..8849d570
--- /dev/null
+++ b/packages/db/drizzle/0002_slimy_talos.sql
@@ -0,0 +1,46 @@
+CREATE TABLE `roles` (
+	`id` integer PRIMARY KEY NOT NULL,
+	`name` text(50) NOT NULL,
+	`position` integer NOT NULL,
+	`permissions` integer NOT NULL,
+	`color` text(7)
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `roles_name_unique` ON `roles` (`name`);--> statement-breakpoint
+PRAGMA foreign_keys=OFF;--> statement-breakpoint
+CREATE TABLE `__new_user_common_data` (
+	`clerk_id` text(255) PRIMARY KEY NOT NULL,
+	`first_name` text(50) NOT NULL,
+	`last_name` text(50) NOT NULL,
+	`email` text(255) NOT NULL,
+	`hacker_tag` text(50) NOT NULL,
+	`age` integer NOT NULL,
+	`gender` text(50) NOT NULL,
+	`race` text(75) NOT NULL,
+	`ethnicity` text(50) NOT NULL,
+	`shirt_size` text(5) NOT NULL,
+	`diet_restrictions` text DEFAULT '[]' NOT NULL,
+	`accommodation_note` text,
+	`discord` text(60),
+	`pronouns` text(20) NOT NULL,
+	`bio` text NOT NULL,
+	`skills` text DEFAULT '[]' NOT NULL,
+	`profile_photo` text(255) NOT NULL,
+	`phone_number` text(30) NOT NULL,
+	`country_of_residence` text(3) NOT NULL,
+	`is_fully_registered` integer DEFAULT false NOT NULL,
+	`signup_time` integer DEFAULT (current_timestamp) NOT NULL,
+	`is_searchable` integer DEFAULT true NOT NULL,
+	`role_id` integer NOT NULL,
+	`checkin_timestamp` integer,
+	`is_rsvped` integer DEFAULT false NOT NULL,
+	`is_approved` integer DEFAULT false NOT NULL,
+	FOREIGN KEY (`role_id`) REFERENCES `roles`(`id`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
+INSERT INTO `__new_user_common_data`("clerk_id", "first_name", "last_name", "email", "hacker_tag", "age", "gender", "race", "ethnicity", "shirt_size", "diet_restrictions", "accommodation_note", "discord", "pronouns", "bio", "skills", "profile_photo", "phone_number", "country_of_residence", "is_fully_registered", "signup_time", "is_searchable", "role_id", "checkin_timestamp", "is_rsvped", "is_approved") SELECT "clerk_id", "first_name", "last_name", "email", "hacker_tag", "age", "gender", "race", "ethnicity", "shirt_size", "diet_restrictions", "accommodation_note", "discord", "pronouns", "bio", "skills", "profile_photo", "phone_number", "country_of_residence", "is_fully_registered", "signup_time", "is_searchable", "role_id", "checkin_timestamp", "is_rsvped", "is_approved" FROM `user_common_data`;--> statement-breakpoint
+DROP TABLE `user_common_data`;--> statement-breakpoint
+ALTER TABLE `__new_user_common_data` RENAME TO `user_common_data`;--> statement-breakpoint
+PRAGMA foreign_keys=ON;--> statement-breakpoint
+CREATE UNIQUE INDEX `user_common_data_email_unique` ON `user_common_data` (`email`);--> statement-breakpoint
+CREATE UNIQUE INDEX `user_common_data_hacker_tag_unique` ON `user_common_data` (`hacker_tag`);
\ No newline at end of file
diff --git a/packages/db/drizzle/meta/0002_snapshot.json b/packages/db/drizzle/meta/0002_snapshot.json
new file mode 100644
index 00000000..cfccd3df
--- /dev/null
+++ b/packages/db/drizzle/meta/0002_snapshot.json
@@ -0,0 +1,1093 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "ac2c99f0-61d0-47e5-84d4-b9b178dbcc25",
+  "prevId": "8d3401ea-653e-49d5-a664-790d98e2bab6",
+  "tables": {
+    "banned_users": {
+      "name": "banned_users",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "reason": {
+          "name": "reason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        },
+        "banned_by_id": {
+          "name": "banned_by_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "banned_users_user_id_user_common_data_clerk_id_fk": {
+          "name": "banned_users_user_id_user_common_data_clerk_id_fk",
+          "tableFrom": "banned_users",
+          "tableTo": "user_common_data",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "clerk_id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "banned_users_banned_by_id_user_common_data_clerk_id_fk": {
+          "name": "banned_users_banned_by_id_user_common_data_clerk_id_fk",
+          "tableFrom": "banned_users",
+          "tableTo": "user_common_data",
+          "columnsFrom": [
+            "banned_by_id"
+          ],
+          "columnsTo": [
+            "clerk_id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "chat_messages": {
+      "name": "chat_messages",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "chat_id": {
+          "name": "chat_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "message": {
+          "name": "message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "author_id": {
+          "name": "author_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "chats": {
+      "name": "chats",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "ticket_id": {
+          "name": "ticket_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "author": {
+          "name": "author",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "chats_ticket_id_tickets_id_fk": {
+          "name": "chats_ticket_id_tickets_id_fk",
+          "tableFrom": "chats",
+          "tableTo": "tickets",
+          "columnsFrom": [
+            "ticket_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "chats_to_users": {
+      "name": "chats_to_users",
+      "columns": {
+        "chat_id": {
+          "name": "chat_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "chats_to_users_chat_id_chats_id_fk": {
+          "name": "chats_to_users_chat_id_chats_id_fk",
+          "tableFrom": "chats_to_users",
+          "tableTo": "chats",
+          "columnsFrom": [
+            "chat_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        },
+        "chats_to_users_user_id_user_common_data_clerk_id_fk": {
+          "name": "chats_to_users_user_id_user_common_data_clerk_id_fk",
+          "tableFrom": "chats_to_users",
+          "tableTo": "user_common_data",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "clerk_id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "chats_to_users_user_id_chat_id_pk": {
+          "columns": [
+            "user_id",
+            "chat_id"
+          ],
+          "name": "chats_to_users_user_id_chat_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "discord_verification": {
+      "name": "discord_verification",
+      "columns": {
+        "code": {
+          "name": "code",
+          "type": "text(255)",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        },
+        "clerk_id": {
+          "name": "clerk_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "discord_user_id": {
+          "name": "discord_user_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "discord_user_tag": {
+          "name": "discord_user_tag",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "discord_profile_photo": {
+          "name": "discord_profile_photo",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "discord_name": {
+          "name": "discord_name",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'pending'"
+        },
+        "guild": {
+          "name": "guild",
+          "type": "text(100)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "error_log": {
+      "name": "error_log",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text(50)",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "route": {
+          "name": "route",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "message": {
+          "name": "message",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "events": {
+      "name": "events",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "start_time": {
+          "name": "start_time",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "end_time": {
+          "name": "end_time",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "location": {
+          "name": "location",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'TBD'"
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "host": {
+          "name": "host",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "hidden": {
+          "name": "hidden",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "files": {
+      "name": "files",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text(255)",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "presigned_url": {
+          "name": "presigned_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "key": {
+          "name": "key",
+          "type": "text(500)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "validated": {
+          "name": "validated",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "owner_id": {
+          "name": "owner_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "files_id_unique": {
+          "name": "files_id_unique",
+          "columns": [
+            "id"
+          ],
+          "isUnique": true
+        },
+        "files_key_unique": {
+          "name": "files_key_unique",
+          "columns": [
+            "key"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "roles": {
+      "name": "roles",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "integer",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "position": {
+          "name": "position",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "permissions": {
+          "name": "permissions",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "color": {
+          "name": "color",
+          "type": "text(7)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "roles_name_unique": {
+          "name": "roles_name_unique",
+          "columns": [
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "scans": {
+      "name": "scans",
+      "columns": {
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "event_id": {
+          "name": "event_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "count": {
+          "name": "count",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {
+        "scans_user_id_event_id_pk": {
+          "columns": [
+            "user_id",
+            "event_id"
+          ],
+          "name": "scans_user_id_event_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "tickets": {
+      "name": "tickets",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "title": {
+          "name": "title",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'awaiting'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "tickets_to_users": {
+      "name": "tickets_to_users",
+      "columns": {
+        "ticket_id": {
+          "name": "ticket_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "user_id": {
+          "name": "user_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "tickets_to_users_ticket_id_tickets_id_fk": {
+          "name": "tickets_to_users_ticket_id_tickets_id_fk",
+          "tableFrom": "tickets_to_users",
+          "tableTo": "tickets",
+          "columnsFrom": [
+            "ticket_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        },
+        "tickets_to_users_user_id_user_common_data_clerk_id_fk": {
+          "name": "tickets_to_users_user_id_user_common_data_clerk_id_fk",
+          "tableFrom": "tickets_to_users",
+          "tableTo": "user_common_data",
+          "columnsFrom": [
+            "user_id"
+          ],
+          "columnsTo": [
+            "clerk_id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {
+        "tickets_to_users_user_id_ticket_id_pk": {
+          "columns": [
+            "user_id",
+            "ticket_id"
+          ],
+          "name": "tickets_to_users_user_id_ticket_id_pk"
+        }
+      },
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "user_common_data": {
+      "name": "user_common_data",
+      "columns": {
+        "clerk_id": {
+          "name": "clerk_id",
+          "type": "text(255)",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "first_name": {
+          "name": "first_name",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "last_name": {
+          "name": "last_name",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "email": {
+          "name": "email",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "hacker_tag": {
+          "name": "hacker_tag",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "age": {
+          "name": "age",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "gender": {
+          "name": "gender",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "race": {
+          "name": "race",
+          "type": "text(75)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "ethnicity": {
+          "name": "ethnicity",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "shirt_size": {
+          "name": "shirt_size",
+          "type": "text(5)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "diet_restrictions": {
+          "name": "diet_restrictions",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "accommodation_note": {
+          "name": "accommodation_note",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "discord": {
+          "name": "discord",
+          "type": "text(60)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "pronouns": {
+          "name": "pronouns",
+          "type": "text(20)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "bio": {
+          "name": "bio",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "skills": {
+          "name": "skills",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'[]'"
+        },
+        "profile_photo": {
+          "name": "profile_photo",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "phone_number": {
+          "name": "phone_number",
+          "type": "text(30)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "country_of_residence": {
+          "name": "country_of_residence",
+          "type": "text(3)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "is_fully_registered": {
+          "name": "is_fully_registered",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "signup_time": {
+          "name": "signup_time",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "(current_timestamp)"
+        },
+        "is_searchable": {
+          "name": "is_searchable",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": true
+        },
+        "role_id": {
+          "name": "role_id",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "checkin_timestamp": {
+          "name": "checkin_timestamp",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "is_rsvped": {
+          "name": "is_rsvped",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "is_approved": {
+          "name": "is_approved",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        }
+      },
+      "indexes": {
+        "user_common_data_email_unique": {
+          "name": "user_common_data_email_unique",
+          "columns": [
+            "email"
+          ],
+          "isUnique": true
+        },
+        "user_common_data_hacker_tag_unique": {
+          "name": "user_common_data_hacker_tag_unique",
+          "columns": [
+            "hacker_tag"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "user_common_data_role_id_roles_id_fk": {
+          "name": "user_common_data_role_id_roles_id_fk",
+          "tableFrom": "user_common_data",
+          "tableTo": "roles",
+          "columnsFrom": [
+            "role_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "no action",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "user_hacker_data": {
+      "name": "user_hacker_data",
+      "columns": {
+        "clerk_id": {
+          "name": "clerk_id",
+          "type": "text(255)",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "university": {
+          "name": "university",
+          "type": "text(200)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "major": {
+          "name": "major",
+          "type": "text(200)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "school_id": {
+          "name": "school_id",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "level_of_study": {
+          "name": "level_of_study",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "hackathons_attended": {
+          "name": "hackathons_attended",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "software_experience": {
+          "name": "software_experience",
+          "type": "text(25)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "heard_from": {
+          "name": "heard_from",
+          "type": "text(50)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "github": {
+          "name": "github",
+          "type": "text(100)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "linkedin": {
+          "name": "linkedin",
+          "type": "text(100)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "personal_website": {
+          "name": "personal_website",
+          "type": "text(100)",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "resume": {
+          "name": "resume",
+          "type": "text(255)",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'https://static.acmutsa.org/No%20Resume%20Provided.pdf'"
+        },
+        "group": {
+          "name": "group",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_accepted_mlh_coc": {
+          "name": "has_accepted_mlh_coc",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "has_shared_data_with_mlh": {
+          "name": "has_shared_data_with_mlh",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "is_emailable": {
+          "name": "is_emailable",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "user_hacker_data_clerk_id_user_common_data_clerk_id_fk": {
+          "name": "user_hacker_data_clerk_id_user_common_data_clerk_id_fk",
+          "tableFrom": "user_hacker_data",
+          "tableTo": "user_common_data",
+          "columnsFrom": [
+            "clerk_id"
+          ],
+          "columnsTo": [
+            "clerk_id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {
+      "\"user_common_data\".\"role\"": "\"user_common_data\".\"role_id\""
+    }
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/packages/db/drizzle/meta/_journal.json b/packages/db/drizzle/meta/_journal.json
index 2a20f144..c9d98403 100644
--- a/packages/db/drizzle/meta/_journal.json
+++ b/packages/db/drizzle/meta/_journal.json
@@ -8,6 +8,20 @@
       "when": 1740069435681,
       "tag": "0000_chilly_lady_mastermind",
       "breakpoints": true
+    },
+    {
+      "idx": 1,
+      "version": "6",
+      "when": 1759264799447,
+      "tag": "0001_smooth_squadron_supreme",
+      "breakpoints": true
+    },
+    {
+      "idx": 2,
+      "version": "6",
+      "when": 1760146195966,
+      "tag": "0002_slimy_talos",
+      "breakpoints": true
     }
   ]
 }
\ No newline at end of file
diff --git a/packages/db/functions/hacker.ts b/packages/db/functions/hacker.ts
index f32623e7..d1022455 100644
--- a/packages/db/functions/hacker.ts
+++ b/packages/db/functions/hacker.ts
@@ -34,13 +34,13 @@ export function getAllHackers(): Promise<Hacker[] | undefined> {
 export function getHacker(
 	clerkID: string,
 	//withTeam: boolean,
-): Promise<Hacker | undefined> {
+) {
 	// return withTeam
 	// 	? _getHackerByIDWithTeam.execute({ _clerkID: clerkID })
 	// 	: _getHackerByIDAlone.execute({ _clerkID: clerkID });
 	return db.query.userCommonData.findFirst({
 		where: eq(userCommonData.clerkID, clerkID),
-		with: { hackerData: true },
+		with: { hackerData: true, role: true },
 	});
 }
 
@@ -63,12 +63,12 @@ export function getHacker(
 export function getHackerByTag(
 	hackerTag: string,
 	//withTeam: boolean,
-): Promise<Hacker | undefined> {
+) {
 	// return withTeam
 	// 	? _getHackerByTagWithTeam.execute({ _hackerTag: hackerTag })
 	// 	: _getHackerByTagAlone.execute({ _hackerTag: hackerTag });
 	return db.query.userCommonData.findFirst({
 		where: eq(userCommonData.hackerTag, hackerTag),
-		with: { hackerData: true },
+		with: { hackerData: true, role: true },
 	});
 }
diff --git a/packages/db/functions/user.ts b/packages/db/functions/user.ts
index 068d397e..60575a90 100644
--- a/packages/db/functions/user.ts
+++ b/packages/db/functions/user.ts
@@ -6,13 +6,18 @@ import { HackerData, User } from "../types";
 
 export function getAllUsers() {
 	// return _getAllUsers.execute();
-	return db.query.userCommonData.findMany();
+	return db.query.userCommonData.findMany({
+		with: {
+			role: true,
+		},
+	});
 }
 
 export async function getAllUsersWithHackerData() {
 	return db.query.userCommonData.findMany({
 		with: {
 			hackerData: true,
+			role: true,
 		},
 	});
 }
@@ -25,10 +30,13 @@ export async function getAllUsersWithHackerData() {
 // 	})
 // 	.prepare("getUser");
 
-export function getUser(clerkID: string): Promise<User | undefined> {
+export function getUser(clerkID: string) {
 	// return _getUser.execute({ _clerkID: clerkID });
 	return db.query.userCommonData.findFirst({
-		where: eq(userCommonData.clerkID, clerkID),
+		where: (fields, { eq }) => eq(fields.clerkID, clerkID),
+		with: {
+			role: true,
+		},
 	});
 }
 
diff --git a/packages/db/schema.ts b/packages/db/schema.ts
index 607a71ca..d45b5616 100644
--- a/packages/db/schema.ts
+++ b/packages/db/schema.ts
@@ -19,7 +19,6 @@ import {
 import { relations, sql } from "drizzle-orm";
 import { nanoid } from "nanoid";
 import {
-	perms,
 	discordInviteStatus,
 	ticketStatus,
 	discordVerificationStatus,
@@ -34,19 +33,6 @@ export const uuid = customType<{ data: string; notNull: true; default: true }>({
 	},
 });
 
-export const rolesEnum = customType<{
-	data: (typeof perms)[number];
-	notNull: true;
-	default: true;
-}>({
-	dataType() {
-		return "text";
-	},
-	toDriver(value) {
-		return value;
-	},
-});
-
 export const fileTypesEnum = customType<{
 	data: "resume" | "profilePhoto";
 	notNull: true;
@@ -148,7 +134,9 @@ export const userCommonData = sqliteTable("user_common_data", {
 	isSearchable: integer("is_searchable", { mode: "boolean" })
 		.notNull()
 		.default(true),
-	role: rolesEnum("role").notNull().default("hacker"),
+	role_id: integer("role_id")
+		.notNull()
+		.references(() => roles.id),
 	checkinTimestamp: integer("checkin_timestamp", { mode: "timestamp_ms" }),
 	isRSVPed: integer("is_rsvped", { mode: "boolean" })
 		.notNull()
@@ -158,6 +146,18 @@ export const userCommonData = sqliteTable("user_common_data", {
 		.default(false),
 });
 
+export const roles = sqliteTable("roles", {
+	id: integer("id").primaryKey(),
+	name: text("name", { length: 50 }).notNull().unique(),
+	position: integer("position").notNull(), // lower value = higher role (0 = highest)
+	permissions: integer("permissions", { mode: "number" }).notNull(), // 32-bit mask
+	color: text("color", { length: 7 }), // e.g. #RRGGBB
+});
+
+export const rolesRelations = relations(roles, ({ many }) => ({
+	users: many(userCommonData),
+}));
+
 export const userCommonRelations = relations(
 	userCommonData,
 	({ one, many }) => ({
@@ -174,6 +174,14 @@ export const userCommonRelations = relations(
 		tickets: many(ticketsToUsers),
 		chats: many(chatsToUsers),
 		messages: many(chatMessages),
+		banInstance: one(bannedUsers, {
+			fields: [userCommonData.clerkID],
+			references: [bannedUsers.userID],
+		}),
+		role: one(roles, {
+			fields: [userCommonData.role_id],
+			references: [roles.id],
+		}),
 	}),
 );
 
@@ -221,6 +229,20 @@ export const userHackerRelations = relations(
 	}),
 );
 
+export const bannedUsers = sqliteTable("banned_users", {
+	id: integer("id", { mode: "number" }).notNull().primaryKey(),
+	userID: text("user_id", { length: 255 })
+		.notNull()
+		.references(() => userCommonData.clerkID, { onDelete: "cascade" }),
+	reason: text("reason"),
+	createdAt: integer("created_at", { mode: "timestamp_ms" })
+		.notNull()
+		.default(sql`(current_timestamp)`),
+	bannedByID: text("banned_by_id", { length: 255 })
+		.notNull()
+		.references(() => userCommonData.clerkID, { onDelete: "cascade" }),
+});
+
 export const events = sqliteTable("events", {
 	id: integer("id", { mode: "number" }).notNull().primaryKey(),
 	title: text("name", { length: 255 }).notNull(),
diff --git a/packages/db/seed.ts b/packages/db/seed.ts
new file mode 100644
index 00000000..3f2fad89
--- /dev/null
+++ b/packages/db/seed.ts
@@ -0,0 +1,18 @@
+import { db } from ".";
+import { roles } from "./schema";
+
+async function main() {
+	const result = await db.insert(roles).values([
+		{ name: "admin", position: 0, permissions: -1, color: "#FFFFFF" },
+		{
+			name: "hacker",
+			position: 1,
+			permissions: 0,
+			color: "#00FF00",
+		},
+	]);
+
+	if (result) {
+		console.log("Successfully seeded roles.");
+	}
+}
diff --git a/packages/db/types.ts b/packages/db/types.ts
index ec18ed24..8c0022b7 100644
--- a/packages/db/types.ts
+++ b/packages/db/types.ts
@@ -1,14 +1,17 @@
 import { InferSelectModel } from "drizzle-orm";
 //add "teams" to import in order to implement teams(removed for V1 release)
-import { userCommonData, userHackerData, scans, events } from "./schema";
+import { userCommonData, userHackerData, scans, events, roles } from "./schema";
 
 export interface Scan extends InferSelectModel<typeof scans> {}
 export interface User extends InferSelectModel<typeof userCommonData> {}
+export type UserWithRole = InferSelectModel<typeof userCommonData> & {
+	role?: InferSelectModel<typeof roles>;
+};
 export interface HackerData extends InferSelectModel<typeof userHackerData> {}
 //export interface Team extends InferSelectModel<typeof teams> {}
 export interface Event extends InferSelectModel<typeof events> {}
 
-export interface Hacker extends User {
+export interface Hacker extends UserWithRole {
 	hackerData: typeof userHackerData.$inferSelect & {};
 }
 export interface NoticeOrError {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index c8cf0adf..76e6854e 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -367,9 +367,6 @@ importers:
       tailwindcss-animate:
         specifier: ^1.0.7
         version: 1.0.7(tailwindcss@3.4.6)
-      title-case:
-        specifier: ^4.3.1
-        version: 4.3.1
       typescript:
         specifier: 5.5.3
         version: 5.5.3
@@ -16505,10 +16502,6 @@ packages:
       upper-case: 1.1.3
     dev: true
 
-  /title-case@4.3.1:
-    resolution: {integrity: sha512-VnPxQ+/j0X2FZ4ceGq1oLruTLjtN5Ul4sam5ypd4mDZLm1eHwkwip1gLxqhON/j4qyTlUlfPKslE/t4NPSlxhg==}
-    dev: false
-
   /tmp@0.0.33:
     resolution: {integrity: sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==}
     engines: {node: '>=0.6.0'}