diff --git a/pkg/service/security.go b/pkg/service/security.go
index ac70844..130f5b0 100644
--- a/pkg/service/security.go
+++ b/pkg/service/security.go
@@ -14,14 +14,31 @@ var (
 	ErrInvalidSession = errors.New("Session invalid")
 )
 
+// Submissions roles bitflag
+type Roles int32
+var (
+	RolesScriptWrite Roles = 8
+	RolesSubmissionPublish Roles = 4
+	RolesSubmissionReview Roles = 2
+	RolesMapDownload Roles = 1
+	RolesEmpty Roles = 0
+)
+
+// StrafesNET group roles
 type Role int32
 var (
 	// has ScriptWrite
 	RoleQuat Role = 240
+	RolesQuat Roles = RolesScriptWrite|RolesSubmissionPublish|RolesSubmissionReview|RolesMapDownload
 	// has SubmissionPublish
 	RoleMapAdmin Role = 128
+	RolesMapAdmin Roles = RolesSubmissionPublish|RolesSubmissionReview|RolesMapDownload
 	// has SubmissionReview
 	RoleMapCouncil Role = 64
+	RolesMapCouncil Roles = RolesSubmissionReview|RolesMapDownload
+	// access to downloading maps
+	RoleMapAccess Role = 32
+	RolesMapAccess Roles = RolesMapDownload
 )
 
 type UserInfoHandle struct {
@@ -62,7 +79,31 @@ func (usr UserInfoHandle) hasRole(role Role) (bool, error) {
 	}
 	return false, nil
 }
+func (usr UserInfoHandle) GetRoles() (Roles, error) {
+	roles, err := usr.svc.Client.GetGroupRole(*usr.ctx, &auth.IdMessage{
+		SessionID: usr.sessionId,
+	})
 
+	var rolesBitflag = RolesEmpty;
+	if err != nil {
+		return rolesBitflag, err
+	}
+
+	// map roles into bitflag
+	for _, r := range roles.Roles {
+		switch Role(r.Rank){
+			case RoleQuat:
+				rolesBitflag|=RolesQuat;
+			case RoleMapAdmin:
+				rolesBitflag|=RolesMapAdmin;
+			case RoleMapCouncil:
+				rolesBitflag|=RolesMapCouncil;
+			case RoleMapAccess:
+				rolesBitflag|=RolesMapAccess;
+		}
+	}
+	return rolesBitflag, nil
+}
 
 // RoleThumbnail
 // RoleMapDownload