diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 0a1b2db..67e02a0 100755
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -4,7 +4,13 @@ class UsersController < ApplicationController
     end
     def add_role
     @user= User.find(params[:id])
+    if (params[:role]=="fetuser" && can?(:addfetuser,User))
     @user.add_role(params[:role])
+    end
+    if (params[:role]=="fetadmin" && can?(:addfetadmin,User))
+    @user.add_role(params[:role])
+    end
+    
     end
     def do_confirm
     @user= User.find(params[:id])
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 97c1a45..285bcba 100755
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -28,6 +28,8 @@ class Ability
     # For Debug allow everything
     # Remove this line in production environment and for testing user management
     can :manage, :all     
+    can :addfetuser, User
+    can :addfetadmin, User
     can [:show, :index], Studium
     can [:show, :index], Modulgruppe
     can [:show, :index], Modul
@@ -39,6 +41,7 @@ class Ability
 
     # Rechteverwaltung Kalender 
     can [:show, :index], Calendar, :public => true 
+    can [:showics], Calendar
     can [:show], Calentry
     if( user.has_role?("fetuser") || user.has_role?("fetadmin"))