diff --git a/utils/make_db b/utils/make_db
index 93a62ea2b9e6776a73b8298cbce1a54aa76e0f68..734552829934be91fde93b3140aff307378263de 100755
--- a/utils/make_db
+++ b/utils/make_db
@@ -3,7 +3,8 @@
 # ** header v3.0
 # This file is a part of the CaosDB Project.
 #
-# Copyright (C) 2019, 2020 Daniel Hornung <d.hornung@indiscale.com>
+# Copyright (C) 2021 Indiscale GmbH <info@indiscale.com>
+# Copyright (C) 2019, 2020, 2021 Daniel Hornung <d.hornung@indiscale.com>
 # Copyright (C) 2020 Timm Fitschen <t.fitschen@indiscale.com>
 # Copyright (C) 2020 Henrik tom Wörden <h.tomwoerden@indiscale.com>
 # Copyright (C) 2020 IndiScale <info@indiscale.com>
@@ -23,6 +24,10 @@
 #
 # ** end header
 
+# Although some sanity checks are performed, this script still allows lots of SQL injection
+# possibilities.
+
+
 set -e
 
 INSTALL_SQL_FILE="db_2_0.sql"
@@ -198,9 +203,47 @@ function _db_exists() {
 }
 
 
+# Grant the given permissions to the given role.
+#
+# Arguments
+# ---------
+# role : str
+# The role, may consist of alphanumerical letters plus `.`, `_`, `-`.  The role must exist in the
+# `roles` table.
+#
+# permissions : str
+# The permissions string.  May not contain single quotes, should be similar to:
+# [{"grant":"true","priority":"true","permission":"*"}]
+function grant-permission() {
+    role="$1"
+    permissions="$2"
+    if echo -n "$role" | grep -v -q "^[[:alnum:]._-]*$" ; then
+        echo "Role contains invalid character(s)!"
+        exit 1
+    fi
+    if [[ $permissions == "'" ]]; then
+        echo "Permissions string contains single quote!"
+        exit 1
+    fi
+
+    cmd="SELECT COUNT(1) from roles where name='${role}';"
+    count=$($MYSQL_CMD $(get_mysql_args) -AN -e "$cmd")
+    if [[ $count == "0" ]]; then
+        echo "Role not found!"
+        exit 1
+    fi
+
+    cmd="INSERT INTO permissions (role, permissions) VALUE ('${role}', '${permissions}')"
+    cmd+="ON DUPLICATE KEY UPDATE role='${role}'"
+    cmd+=";"
+    $MYSQL_CMD $(get_mysql_args) -e "$cmd"
+}
+
+
 case $1 in
     "drop") drop $2 ;;
     "grant") grant $2 ;;
+    "grant-permission") grant-permission $2 $3 ;; # Args: role, permissions
     "test") shift ; runtests $@ ;;
     "test-connection") test-connection ;;
     "install_db") install_db ;;