diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index 686ad76..05be73a 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -8,6 +8,8 @@ import { init_db, close_db, create_user, do_users_exist } from "$lib/server/data
 
 import Logs from "$lib/server/log";
 
+import Permissions from "$lib/permissions"
+
 let local_setup: {user_setup: (() => void) | ((username: string, password: string) => void) }= {
 	user_setup: async () => {}
 }
@@ -31,7 +33,7 @@ async function init() {
 		local_setup.user_setup = async (username: string, password: string) => {
 			Logs.user.info("Creating first user")
 
-			await create_user({name: "name", gender: "x", address: "home", username: username, password: password });
+			await create_user({ name: "", gender: "", address: "", username: username, password: password, permissions: Permissions.ALL(Permissions.USERADMIN) });
 			
 			local_setup.user_setup = async () => {}
 		}
diff --git a/src/lib/server/database.ts b/src/lib/server/database.ts
index d2c6f6e..a07887c 100644
--- a/src/lib/server/database.ts
+++ b/src/lib/server/database.ts
@@ -73,6 +73,9 @@ const USER_DATABASE_SETUP: string[] = [
 const USER_DATABASE_ADD_USER: string = 
 	"INSERT INTO users (name, gender, address, username, password) VALUES ($name, $gender, $address, $username, $password);";
 
+const USER_DATABASE_ADD_USER_WITH_PERMISSIONS: string = 
+	"INSERT INTO users (name, gender, address, username, password, permissions) VALUES ($name, $gender, $address, $username, $password, $permissions);";
+
 const USER_DATABASE_GET_ALL_USER: string =
 	"SELECT id, username, name FROM users;";
 
@@ -422,11 +425,14 @@ export function close_db() {
 	}
 }
 
-export async function create_user(user: { name: string, gender: string, address: string, username: string, password: string }): Promise<number | bigint> {
+export async function create_user(user: { name: string, gender: string, address: string, username: string, password: string, permissions?: number }): Promise<number | bigint> {
 	
 	user.password = await Bun.password.hash(user.password, { algorithm: "bcrypt", cost: 11});
+	
+	const statement = user.permissions != null 
+		? user_database.query(USER_DATABASE_ADD_USER_WITH_PERMISSIONS) 
+		: user_database.query(USER_DATABASE_ADD_USER);
 
-	const statement = user_database.query(USER_DATABASE_ADD_USER);
 	const result = statement.run(user);
 
 	return result.lastInsertRowid;
diff --git a/src/routes/user/+page.server.ts b/src/routes/user/+page.server.ts
index 0e9aca8..03b2528 100644
--- a/src/routes/user/+page.server.ts
+++ b/src/routes/user/+page.server.ts
@@ -81,6 +81,15 @@ export const actions = {
 		if (isNaN(id) || name == null || gender == null || address == null || username == null || ua_permissions.some((permission) => isNaN(permission))) {
 			return fail(400, { message: "invalid request" })
 		}
+		
+		let permissions = null
+		if (ua_permissions.length > 0) {
+			permissions = ua_permissions.reduce((pv, cv) => pv | cv)
+
+			if (locals.user.id == id && locals.user.permissions != permissions) {
+				return fail(403, { message: "Cannot modify permissions for oneself" })
+			}
+		}
 
 		if (id == -1) {
 			if (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.CREATE)) {
@@ -101,7 +110,11 @@ export const actions = {
 
 			let new_user: number | bigint = -1
 			try {
-				new_user = await create_user({ name, gender, address, username, password: password1 })
+				if (permissions && Permissions.has(locals.user.permissions, Permissions.USERADMIN.ADMIN)) {
+					new_user = await create_user({ name, gender, address, username, password: password1, permissions: permissions})
+				} else {
+					new_user = await create_user({ name, gender, address, username, password: password1 })
+				}
 			} catch (e) {
 				if (e instanceof SQLiteError && e.code == "SQLITE_CONSTRAINT_UNIQUE") {
 					return fail(400, { message: "Benutzername ist bereits vergeben" })
@@ -131,17 +144,13 @@ export const actions = {
 				return fail(500, { message: "Database failure"})
 			}
 		}
-		
-		let permissions = null
-		if (ua_permissions.length > 0) {
-			permissions = ua_permissions.reduce((pv, cv) => pv | cv)
 
-			if (locals.user.id == id && locals.user.permissions != permissions) {
-				return fail(403, { message: "Cannot modify permissions for oneself" })
-			}
+		let updated_user
+		if (permissions) {
+			updated_user = updateUser({ id, name, gender, address, username, permissions})
+		} else {
+			updated_user = updateUser({ id, name, gender, address, username })
 		}
-
-		const updated_user = updateUser({id, name, gender, address, username, permissions})
 		SessionStore.reload_user_data(updated_user ?? locals.user)
 
 		return { message: "Erfolgreich gespeichert" }