diff --git a/proto/caosdb/acm/v1alpha1/main.proto b/proto/caosdb/acm/v1alpha1/main.proto
index a84148fdc89b40df098d3698be2d79a5012867b1..545c4084324b062d49066aa513585041eddc2b0f 100644
--- a/proto/caosdb/acm/v1alpha1/main.proto
+++ b/proto/caosdb/acm/v1alpha1/main.proto
@@ -48,6 +48,21 @@ message PagingResponse {
   int32 current_index = 2;
 }
 
+///////////////////////////////////////////
+// PERMISSSION STUFF
+///////////////////////////////////////////
+
+// PermissionRule
+message PermissionRule {
+  // The permission which is being granted oder denied.
+  string permission = 1;
+  // Priority permission rules overrule non-priority permission rules.
+  bool priority = 2;
+  // True means that the permission is being granted by this rule, false means the
+  // permission is being DENIED!
+  bool grant = 3;
+}
+
 ///////////////////////////////////////////
 // ROLE STUFF
 ///////////////////////////////////////////
@@ -59,8 +74,8 @@ message Role {
   // Description of the purpose of this role or which group of users this role
   // represents.
   string description = 2;
-  // List of string permissions of this role.
-  repeated string string_permissions = 3;
+  // List of permission rules for this role.
+  repeated PermissionRule permission_rules = 3;
 }
 
 // Request message for the ListRoles RPC
@@ -86,10 +101,18 @@ message CreateSingleRoleRequest {
 // Response message for the CreateSingleRole RPC
 message CreateSingleRoleResponse {}
 
-// Request message for the <+TODO+> RPC
-message RetrieveSingleRoleRequest {}
-// Response message for the <+TODO+> RPC
-message RetrieveSingleRoleResponse {}
+// Request message for the RetrieveSingleRole RPC
+message RetrieveSingleRoleRequest {
+  // the name of the role.
+  string name = 1;
+}
+
+// Response message for the RetrieveSingleRole RPC
+message RetrieveSingleRoleResponse {
+  // The role.
+  Role role = 1;
+}
+
 // Request message for the <+TODO+> RPC
 message UpdateSingleRoleRequest {}
 // Response message for the <+TODO+> RPC
@@ -158,10 +181,20 @@ message CreateSingleUserRequest {
 // Response message for the CreateSingeUser RPC
 message CreateSingleUserResponse {}
 
-// Request message for the <+TODO+> RPC
-message RetrieveSingleUserRequest {}
-// Response message for the <+TODO+> RPC
-message RetrieveSingleUserResponse {}
+// Request message for the RetrieveSingleUser RPC
+message RetrieveSingleUserRequest {
+  // The user's realm
+  string realm = 1;
+  // The user's name
+  string name = 2;
+}
+
+// Response message for the RetrieveSingleUser RPC
+message RetrieveSingleUserResponse {
+  // The user
+  User user = 1;
+}
+
 // Request message for the <+TODO+> RPC
 message UpdateSingleUserRequest {}
 // Response message for the <+TODO+> RPC