diff --git a/gen/admin/rbac.ts b/gen/admin/rbac.ts
index b0a5c27..bb03bee 100644
--- a/gen/admin/rbac.ts
+++ b/gen/admin/rbac.ts
@@ -91,6 +91,29 @@ export interface Roles {
   accounts: string[];
 }
 
+export interface GetUserRolesRequest {
+  userId: string;
+}
+
+export interface GetUserRolesResponse {
+  /** например: ["ADMIN", "MANAGER"] */
+  roles: string[];
+  /** например: ["users:read", "billing:write"] */
+  permissions: string[];
+  /** Максимальный уровень роли пользователя */
+  maxRoleLevel: number;
+}
+
+export interface AssignRoleToUserRequest {
+  userId: string;
+  roleId: number;
+}
+
+export interface RevokeRoleFromUserRequest {
+  userId: string;
+  roleId: number;
+}
+
 export const RBAC_V1_PACKAGE_NAME = "rbac.v1";
 
 export interface RbacServiceClient {
@@ -107,6 +130,12 @@ export interface RbacServiceClient {
   getAllPermissions(request: GetAllPermissionsRequest, metadata?: Metadata): Observable<GetAllPermissionsResponse>;
 
   getAllRoles(request: GetAllRolesRequest, metadata?: Metadata): Observable<GetAllRolesResponse>;
+
+  getUserRolesAndPermissions(request: GetUserRolesRequest, metadata?: Metadata): Observable<GetUserRolesResponse>;
+
+  assignRoleToUser(request: AssignRoleToUserRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
+
+  revokeRoleFromUser(request: RevokeRoleFromUserRequest, metadata?: Metadata): Observable<ModifyRoleResponse>;
 }
 
 export interface RbacServiceController {
@@ -144,6 +173,21 @@ export interface RbacServiceController {
     request: GetAllRolesRequest,
     metadata?: Metadata,
   ): Promise<GetAllRolesResponse> | Observable<GetAllRolesResponse> | GetAllRolesResponse;
+
+  getUserRolesAndPermissions(
+    request: GetUserRolesRequest,
+    metadata?: Metadata,
+  ): Promise<GetUserRolesResponse> | Observable<GetUserRolesResponse> | GetUserRolesResponse;
+
+  assignRoleToUser(
+    request: AssignRoleToUserRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
+
+  revokeRoleFromUser(
+    request: RevokeRoleFromUserRequest,
+    metadata?: Metadata,
+  ): Promise<ModifyRoleResponse> | Observable<ModifyRoleResponse> | ModifyRoleResponse;
 }
 
 export function RbacServiceControllerMethods() {
@@ -156,6 +200,9 @@ export function RbacServiceControllerMethods() {
       "updatePermission",
       "getAllPermissions",
       "getAllRoles",
+      "getUserRolesAndPermissions",
+      "assignRoleToUser",
+      "revokeRoleFromUser",
     ];
     for (const method of grpcMethods) {
       const descriptor: any = Reflect.getOwnPropertyDescriptor(constructor.prototype, method);
diff --git a/gen/go/admin/rbac.pb.go b/gen/go/admin/rbac.pb.go
index 77e6aa8..fb02e40 100644
--- a/gen/go/admin/rbac.pb.go
+++ b/gen/go/admin/rbac.pb.go
@@ -821,6 +821,214 @@ func (x *Roles) GetAccounts() []string {
 	return nil
 }
 
+type GetUserRolesRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetUserRolesRequest) Reset() {
+	*x = GetUserRolesRequest{}
+	mi := &file_admin_rbac_proto_msgTypes[14]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetUserRolesRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetUserRolesRequest) ProtoMessage() {}
+
+func (x *GetUserRolesRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_admin_rbac_proto_msgTypes[14]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetUserRolesRequest.ProtoReflect.Descriptor instead.
+func (*GetUserRolesRequest) Descriptor() ([]byte, []int) {
+	return file_admin_rbac_proto_rawDescGZIP(), []int{14}
+}
+
+func (x *GetUserRolesRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+type GetUserRolesResponse struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	Roles         []string               `protobuf:"bytes,1,rep,name=roles,proto3" json:"roles,omitempty"`                                      // например: ["ADMIN", "MANAGER"]
+	Permissions   []string               `protobuf:"bytes,2,rep,name=permissions,proto3" json:"permissions,omitempty"`                          // например: ["users:read", "billing:write"]
+	MaxRoleLevel  int32                  `protobuf:"varint,3,opt,name=max_role_level,json=maxRoleLevel,proto3" json:"max_role_level,omitempty"` // Максимальный уровень роли пользователя
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *GetUserRolesResponse) Reset() {
+	*x = GetUserRolesResponse{}
+	mi := &file_admin_rbac_proto_msgTypes[15]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *GetUserRolesResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*GetUserRolesResponse) ProtoMessage() {}
+
+func (x *GetUserRolesResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_admin_rbac_proto_msgTypes[15]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use GetUserRolesResponse.ProtoReflect.Descriptor instead.
+func (*GetUserRolesResponse) Descriptor() ([]byte, []int) {
+	return file_admin_rbac_proto_rawDescGZIP(), []int{15}
+}
+
+func (x *GetUserRolesResponse) GetRoles() []string {
+	if x != nil {
+		return x.Roles
+	}
+	return nil
+}
+
+func (x *GetUserRolesResponse) GetPermissions() []string {
+	if x != nil {
+		return x.Permissions
+	}
+	return nil
+}
+
+func (x *GetUserRolesResponse) GetMaxRoleLevel() int32 {
+	if x != nil {
+		return x.MaxRoleLevel
+	}
+	return 0
+}
+
+type AssignRoleToUserRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	RoleId        int32                  `protobuf:"varint,2,opt,name=role_id,json=roleId,proto3" json:"role_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *AssignRoleToUserRequest) Reset() {
+	*x = AssignRoleToUserRequest{}
+	mi := &file_admin_rbac_proto_msgTypes[16]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *AssignRoleToUserRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AssignRoleToUserRequest) ProtoMessage() {}
+
+func (x *AssignRoleToUserRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_admin_rbac_proto_msgTypes[16]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use AssignRoleToUserRequest.ProtoReflect.Descriptor instead.
+func (*AssignRoleToUserRequest) Descriptor() ([]byte, []int) {
+	return file_admin_rbac_proto_rawDescGZIP(), []int{16}
+}
+
+func (x *AssignRoleToUserRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *AssignRoleToUserRequest) GetRoleId() int32 {
+	if x != nil {
+		return x.RoleId
+	}
+	return 0
+}
+
+type RevokeRoleFromUserRequest struct {
+	state         protoimpl.MessageState `protogen:"open.v1"`
+	UserId        string                 `protobuf:"bytes,1,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
+	RoleId        int32                  `protobuf:"varint,2,opt,name=role_id,json=roleId,proto3" json:"role_id,omitempty"`
+	unknownFields protoimpl.UnknownFields
+	sizeCache     protoimpl.SizeCache
+}
+
+func (x *RevokeRoleFromUserRequest) Reset() {
+	*x = RevokeRoleFromUserRequest{}
+	mi := &file_admin_rbac_proto_msgTypes[17]
+	ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+	ms.StoreMessageInfo(mi)
+}
+
+func (x *RevokeRoleFromUserRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*RevokeRoleFromUserRequest) ProtoMessage() {}
+
+func (x *RevokeRoleFromUserRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_admin_rbac_proto_msgTypes[17]
+	if x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use RevokeRoleFromUserRequest.ProtoReflect.Descriptor instead.
+func (*RevokeRoleFromUserRequest) Descriptor() ([]byte, []int) {
+	return file_admin_rbac_proto_rawDescGZIP(), []int{17}
+}
+
+func (x *RevokeRoleFromUserRequest) GetUserId() string {
+	if x != nil {
+		return x.UserId
+	}
+	return ""
+}
+
+func (x *RevokeRoleFromUserRequest) GetRoleId() int32 {
+	if x != nil {
+		return x.RoleId
+	}
+	return 0
+}
+
 var File_admin_rbac_proto protoreflect.FileDescriptor
 
 const file_admin_rbac_proto_rawDesc = "" +
@@ -882,7 +1090,19 @@ const file_admin_rbac_proto_rawDesc = "" +
 	"\x05level\x18\x03 \x01(\x05R\x05level\x12 \n" +
 	"\vpermissions\x18\x04 \x03(\tR\vpermissions\x12!\n" +
 	"\fldap_mapping\x18\x05 \x03(\tR\vldapMapping\x12\x1a\n" +
-	"\baccounts\x18\x06 \x03(\tR\baccounts2\xba\x04\n" +
+	"\baccounts\x18\x06 \x03(\tR\baccounts\".\n" +
+	"\x13GetUserRolesRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\"t\n" +
+	"\x14GetUserRolesResponse\x12\x14\n" +
+	"\x05roles\x18\x01 \x03(\tR\x05roles\x12 \n" +
+	"\vpermissions\x18\x02 \x03(\tR\vpermissions\x12$\n" +
+	"\x0emax_role_level\x18\x03 \x01(\x05R\fmaxRoleLevel\"K\n" +
+	"\x17AssignRoleToUserRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x17\n" +
+	"\arole_id\x18\x02 \x01(\x05R\x06roleId\"M\n" +
+	"\x19RevokeRoleFromUserRequest\x12\x17\n" +
+	"\auser_id\x18\x01 \x01(\tR\x06userId\x12\x17\n" +
+	"\arole_id\x18\x02 \x01(\x05R\x06roleId2\xbf\x06\n" +
 	"\vRbacService\x12E\n" +
 	"\n" +
 	"CreateRole\x12\x1a.rbac.v1.CreateRoleRequest\x1a\x1b.rbac.v1.ModifyRoleResponse\x12E\n" +
@@ -893,7 +1113,10 @@ const file_admin_rbac_proto_rawDesc = "" +
 	"\x10CreatePermission\x12 .rbac.v1.CreatePermissionRequest\x1a!.rbac.v1.ModifyPermissionResponse\x12W\n" +
 	"\x10UpdatePermission\x12 .rbac.v1.UpdatePermissionRequest\x1a!.rbac.v1.ModifyPermissionResponse\x12Z\n" +
 	"\x11GetAllPermissions\x12!.rbac.v1.GetAllPermissionsRequest\x1a\".rbac.v1.GetAllPermissionsResponse\x12H\n" +
-	"\vGetAllRoles\x12\x1b.rbac.v1.GetAllRolesRequest\x1a\x1c.rbac.v1.GetAllRolesResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
+	"\vGetAllRoles\x12\x1b.rbac.v1.GetAllRolesRequest\x1a\x1c.rbac.v1.GetAllRolesResponse\x12Y\n" +
+	"\x1aGetUserRolesAndPermissions\x12\x1c.rbac.v1.GetUserRolesRequest\x1a\x1d.rbac.v1.GetUserRolesResponse\x12Q\n" +
+	"\x10AssignRoleToUser\x12 .rbac.v1.AssignRoleToUserRequest\x1a\x1b.rbac.v1.ModifyRoleResponse\x12U\n" +
+	"\x12RevokeRoleFromUser\x12\".rbac.v1.RevokeRoleFromUserRequest\x1a\x1b.rbac.v1.ModifyRoleResponseB*Z(git.lendry.ru/lendry-erp/proto.git/go;pbb\x06proto3"
 
 var (
 	file_admin_rbac_proto_rawDescOnce sync.Once
@@ -907,7 +1130,7 @@ func file_admin_rbac_proto_rawDescGZIP() []byte {
 	return file_admin_rbac_proto_rawDescData
 }
 
-var file_admin_rbac_proto_msgTypes = make([]protoimpl.MessageInfo, 14)
+var file_admin_rbac_proto_msgTypes = make([]protoimpl.MessageInfo, 18)
 var file_admin_rbac_proto_goTypes = []any{
 	(*GetAllPermissionsRequest)(nil),  // 0: rbac.v1.GetAllPermissionsRequest
 	(*GetAllPermissionsResponse)(nil), // 1: rbac.v1.GetAllPermissionsResponse
@@ -923,6 +1146,10 @@ var file_admin_rbac_proto_goTypes = []any{
 	(*UpdatePermissionRequest)(nil),   // 11: rbac.v1.UpdatePermissionRequest
 	(*ModifyPermissionResponse)(nil),  // 12: rbac.v1.ModifyPermissionResponse
 	(*Roles)(nil),                     // 13: rbac.v1.Roles
+	(*GetUserRolesRequest)(nil),       // 14: rbac.v1.GetUserRolesRequest
+	(*GetUserRolesResponse)(nil),      // 15: rbac.v1.GetUserRolesResponse
+	(*AssignRoleToUserRequest)(nil),   // 16: rbac.v1.AssignRoleToUserRequest
+	(*RevokeRoleFromUserRequest)(nil), // 17: rbac.v1.RevokeRoleFromUserRequest
 }
 var file_admin_rbac_proto_depIdxs = []int32{
 	2,  // 0: rbac.v1.GetAllPermissionsResponse.permissions:type_name -> rbac.v1.Permission
@@ -934,15 +1161,21 @@ var file_admin_rbac_proto_depIdxs = []int32{
 	11, // 6: rbac.v1.RbacService.UpdatePermission:input_type -> rbac.v1.UpdatePermissionRequest
 	0,  // 7: rbac.v1.RbacService.GetAllPermissions:input_type -> rbac.v1.GetAllPermissionsRequest
 	3,  // 8: rbac.v1.RbacService.GetAllRoles:input_type -> rbac.v1.GetAllRolesRequest
-	7,  // 9: rbac.v1.RbacService.CreateRole:output_type -> rbac.v1.ModifyRoleResponse
-	7,  // 10: rbac.v1.RbacService.UpdateRole:output_type -> rbac.v1.ModifyRoleResponse
-	9,  // 11: rbac.v1.RbacService.DeleteRole:output_type -> rbac.v1.DeleteRoleResponse
-	12, // 12: rbac.v1.RbacService.CreatePermission:output_type -> rbac.v1.ModifyPermissionResponse
-	12, // 13: rbac.v1.RbacService.UpdatePermission:output_type -> rbac.v1.ModifyPermissionResponse
-	1,  // 14: rbac.v1.RbacService.GetAllPermissions:output_type -> rbac.v1.GetAllPermissionsResponse
-	4,  // 15: rbac.v1.RbacService.GetAllRoles:output_type -> rbac.v1.GetAllRolesResponse
-	9,  // [9:16] is the sub-list for method output_type
-	2,  // [2:9] is the sub-list for method input_type
+	14, // 9: rbac.v1.RbacService.GetUserRolesAndPermissions:input_type -> rbac.v1.GetUserRolesRequest
+	16, // 10: rbac.v1.RbacService.AssignRoleToUser:input_type -> rbac.v1.AssignRoleToUserRequest
+	17, // 11: rbac.v1.RbacService.RevokeRoleFromUser:input_type -> rbac.v1.RevokeRoleFromUserRequest
+	7,  // 12: rbac.v1.RbacService.CreateRole:output_type -> rbac.v1.ModifyRoleResponse
+	7,  // 13: rbac.v1.RbacService.UpdateRole:output_type -> rbac.v1.ModifyRoleResponse
+	9,  // 14: rbac.v1.RbacService.DeleteRole:output_type -> rbac.v1.DeleteRoleResponse
+	12, // 15: rbac.v1.RbacService.CreatePermission:output_type -> rbac.v1.ModifyPermissionResponse
+	12, // 16: rbac.v1.RbacService.UpdatePermission:output_type -> rbac.v1.ModifyPermissionResponse
+	1,  // 17: rbac.v1.RbacService.GetAllPermissions:output_type -> rbac.v1.GetAllPermissionsResponse
+	4,  // 18: rbac.v1.RbacService.GetAllRoles:output_type -> rbac.v1.GetAllRolesResponse
+	15, // 19: rbac.v1.RbacService.GetUserRolesAndPermissions:output_type -> rbac.v1.GetUserRolesResponse
+	7,  // 20: rbac.v1.RbacService.AssignRoleToUser:output_type -> rbac.v1.ModifyRoleResponse
+	7,  // 21: rbac.v1.RbacService.RevokeRoleFromUser:output_type -> rbac.v1.ModifyRoleResponse
+	12, // [12:22] is the sub-list for method output_type
+	2,  // [2:12] is the sub-list for method input_type
 	2,  // [2:2] is the sub-list for extension type_name
 	2,  // [2:2] is the sub-list for extension extendee
 	0,  // [0:2] is the sub-list for field type_name
@@ -961,7 +1194,7 @@ func file_admin_rbac_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: unsafe.Slice(unsafe.StringData(file_admin_rbac_proto_rawDesc), len(file_admin_rbac_proto_rawDesc)),
 			NumEnums:      0,
-			NumMessages:   14,
+			NumMessages:   18,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
diff --git a/gen/go/admin/rbac_grpc.pb.go b/gen/go/admin/rbac_grpc.pb.go
index c453797..26c2ddd 100644
--- a/gen/go/admin/rbac_grpc.pb.go
+++ b/gen/go/admin/rbac_grpc.pb.go
@@ -19,13 +19,16 @@ import (
 const _ = grpc.SupportPackageIsVersion9
 
 const (
-	RbacService_CreateRole_FullMethodName        = "/rbac.v1.RbacService/CreateRole"
-	RbacService_UpdateRole_FullMethodName        = "/rbac.v1.RbacService/UpdateRole"
-	RbacService_DeleteRole_FullMethodName        = "/rbac.v1.RbacService/DeleteRole"
-	RbacService_CreatePermission_FullMethodName  = "/rbac.v1.RbacService/CreatePermission"
-	RbacService_UpdatePermission_FullMethodName  = "/rbac.v1.RbacService/UpdatePermission"
-	RbacService_GetAllPermissions_FullMethodName = "/rbac.v1.RbacService/GetAllPermissions"
-	RbacService_GetAllRoles_FullMethodName       = "/rbac.v1.RbacService/GetAllRoles"
+	RbacService_CreateRole_FullMethodName                 = "/rbac.v1.RbacService/CreateRole"
+	RbacService_UpdateRole_FullMethodName                 = "/rbac.v1.RbacService/UpdateRole"
+	RbacService_DeleteRole_FullMethodName                 = "/rbac.v1.RbacService/DeleteRole"
+	RbacService_CreatePermission_FullMethodName           = "/rbac.v1.RbacService/CreatePermission"
+	RbacService_UpdatePermission_FullMethodName           = "/rbac.v1.RbacService/UpdatePermission"
+	RbacService_GetAllPermissions_FullMethodName          = "/rbac.v1.RbacService/GetAllPermissions"
+	RbacService_GetAllRoles_FullMethodName                = "/rbac.v1.RbacService/GetAllRoles"
+	RbacService_GetUserRolesAndPermissions_FullMethodName = "/rbac.v1.RbacService/GetUserRolesAndPermissions"
+	RbacService_AssignRoleToUser_FullMethodName           = "/rbac.v1.RbacService/AssignRoleToUser"
+	RbacService_RevokeRoleFromUser_FullMethodName         = "/rbac.v1.RbacService/RevokeRoleFromUser"
 )
 
 // RbacServiceClient is the client API for RbacService service.
@@ -39,6 +42,9 @@ type RbacServiceClient interface {
 	UpdatePermission(ctx context.Context, in *UpdatePermissionRequest, opts ...grpc.CallOption) (*ModifyPermissionResponse, error)
 	GetAllPermissions(ctx context.Context, in *GetAllPermissionsRequest, opts ...grpc.CallOption) (*GetAllPermissionsResponse, error)
 	GetAllRoles(ctx context.Context, in *GetAllRolesRequest, opts ...grpc.CallOption) (*GetAllRolesResponse, error)
+	GetUserRolesAndPermissions(ctx context.Context, in *GetUserRolesRequest, opts ...grpc.CallOption) (*GetUserRolesResponse, error)
+	AssignRoleToUser(ctx context.Context, in *AssignRoleToUserRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
+	RevokeRoleFromUser(ctx context.Context, in *RevokeRoleFromUserRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error)
 }
 
 type rbacServiceClient struct {
@@ -119,6 +125,36 @@ func (c *rbacServiceClient) GetAllRoles(ctx context.Context, in *GetAllRolesRequ
 	return out, nil
 }
 
+func (c *rbacServiceClient) GetUserRolesAndPermissions(ctx context.Context, in *GetUserRolesRequest, opts ...grpc.CallOption) (*GetUserRolesResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(GetUserRolesResponse)
+	err := c.cc.Invoke(ctx, RbacService_GetUserRolesAndPermissions_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) AssignRoleToUser(ctx context.Context, in *AssignRoleToUserRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_AssignRoleToUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *rbacServiceClient) RevokeRoleFromUser(ctx context.Context, in *RevokeRoleFromUserRequest, opts ...grpc.CallOption) (*ModifyRoleResponse, error) {
+	cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+	out := new(ModifyRoleResponse)
+	err := c.cc.Invoke(ctx, RbacService_RevokeRoleFromUser_FullMethodName, in, out, cOpts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // RbacServiceServer is the server API for RbacService service.
 // All implementations must embed UnimplementedRbacServiceServer
 // for forward compatibility.
@@ -130,6 +166,9 @@ type RbacServiceServer interface {
 	UpdatePermission(context.Context, *UpdatePermissionRequest) (*ModifyPermissionResponse, error)
 	GetAllPermissions(context.Context, *GetAllPermissionsRequest) (*GetAllPermissionsResponse, error)
 	GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error)
+	GetUserRolesAndPermissions(context.Context, *GetUserRolesRequest) (*GetUserRolesResponse, error)
+	AssignRoleToUser(context.Context, *AssignRoleToUserRequest) (*ModifyRoleResponse, error)
+	RevokeRoleFromUser(context.Context, *RevokeRoleFromUserRequest) (*ModifyRoleResponse, error)
 	mustEmbedUnimplementedRbacServiceServer()
 }
 
@@ -161,6 +200,15 @@ func (UnimplementedRbacServiceServer) GetAllPermissions(context.Context, *GetAll
 func (UnimplementedRbacServiceServer) GetAllRoles(context.Context, *GetAllRolesRequest) (*GetAllRolesResponse, error) {
 	return nil, status.Error(codes.Unimplemented, "method GetAllRoles not implemented")
 }
+func (UnimplementedRbacServiceServer) GetUserRolesAndPermissions(context.Context, *GetUserRolesRequest) (*GetUserRolesResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method GetUserRolesAndPermissions not implemented")
+}
+func (UnimplementedRbacServiceServer) AssignRoleToUser(context.Context, *AssignRoleToUserRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method AssignRoleToUser not implemented")
+}
+func (UnimplementedRbacServiceServer) RevokeRoleFromUser(context.Context, *RevokeRoleFromUserRequest) (*ModifyRoleResponse, error) {
+	return nil, status.Error(codes.Unimplemented, "method RevokeRoleFromUser not implemented")
+}
 func (UnimplementedRbacServiceServer) mustEmbedUnimplementedRbacServiceServer() {}
 func (UnimplementedRbacServiceServer) testEmbeddedByValue()                     {}
 
@@ -308,6 +356,60 @@ func _RbacService_GetAllRoles_Handler(srv interface{}, ctx context.Context, dec
 	return interceptor(ctx, in, info, handler)
 }
 
+func _RbacService_GetUserRolesAndPermissions_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetUserRolesRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).GetUserRolesAndPermissions(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_GetUserRolesAndPermissions_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).GetUserRolesAndPermissions(ctx, req.(*GetUserRolesRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_AssignRoleToUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(AssignRoleToUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).AssignRoleToUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_AssignRoleToUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).AssignRoleToUser(ctx, req.(*AssignRoleToUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _RbacService_RevokeRoleFromUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RevokeRoleFromUserRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RbacServiceServer).RevokeRoleFromUser(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: RbacService_RevokeRoleFromUser_FullMethodName,
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RbacServiceServer).RevokeRoleFromUser(ctx, req.(*RevokeRoleFromUserRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 // RbacService_ServiceDesc is the grpc.ServiceDesc for RbacService service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
@@ -343,6 +445,18 @@ var RbacService_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "GetAllRoles",
 			Handler:    _RbacService_GetAllRoles_Handler,
 		},
+		{
+			MethodName: "GetUserRolesAndPermissions",
+			Handler:    _RbacService_GetUserRolesAndPermissions_Handler,
+		},
+		{
+			MethodName: "AssignRoleToUser",
+			Handler:    _RbacService_AssignRoleToUser_Handler,
+		},
+		{
+			MethodName: "RevokeRoleFromUser",
+			Handler:    _RbacService_RevokeRoleFromUser_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "admin/rbac.proto",