diff --git a/composer.json b/composer.json
index adef5300..730ac8ae 100644
--- a/composer.json
+++ b/composer.json
@@ -34,7 +34,8 @@
     },
     "scripts": {
         "post-install-cmd": [
-            "php misuzu_migrate.php"
+            "php misuzu_migrate.php",
+            "php misuzu_setup.php"
         ]
     },
     "config": {
diff --git a/misuzu_setup.php b/misuzu_setup.php
new file mode 100644
index 00000000..b01b8728
--- /dev/null
+++ b/misuzu_setup.php
@@ -0,0 +1,24 @@
+<?php
+/**
+ * Setup script
+ * @todo Move this into a CLI commands system.
+ */
+
+namespace Misuzu;
+
+use Misuzu\Users\Role;
+use Misuzu\Users\User;
+
+require_once __DIR__ . '/misuzu.php';
+
+$role = Role::find(1);
+
+if ($role === null) {
+    $role = Role::createRole('Member');
+}
+
+foreach (User::all() as $user) {
+    if (!$user->hasRole($role)) {
+        $user->addRole($role);
+    }
+}
diff --git a/src/Users/Role.php b/src/Users/Role.php
index 3d769ca7..a0cf0219 100644
--- a/src/Users/Role.php
+++ b/src/Users/Role.php
@@ -1,12 +1,51 @@
 <?php
 namespace Misuzu\Users;
 
+use Misuzu\Colour;
 use Misuzu\Model;
 
 class Role extends Model
 {
     protected $primaryKey = 'role_id';
 
+    public static function createRole(
+        string $name,
+        ?int $hierarchy = null,
+        Colour $colour = null,
+        ?string $title = null,
+        ?string $description = null,
+        bool $secret = false
+    ): Role {
+        $hierarchy = $hierarchy ?? 1;
+        $colour = $colour ?? Colour::none();
+
+        $role = new Role;
+        $role->role_hierarchy = $hierarchy;
+        $role->role_name = $name;
+        $role->role_title = $title;
+        $role->role_description = $description;
+        $role->role_secret = $secret;
+        $role->role_colour = $colour->raw;
+        $role->save();
+
+        return $role;
+    }
+
+    public function addUser(User $user, bool $setDisplay = false): void
+    {
+        $user->addRole($this, $setDisplay);
+    }
+
+    public function removeUser(User $user): void
+    {
+        $user->removeRole($this);
+    }
+
+    public function hasUser(User $user): bool
+    {
+        return $user->hasRole($this);
+    }
+
     public function users()
     {
         return $this->hasMany(UserRole::class, 'role_id');
diff --git a/src/Users/User.php b/src/Users/User.php
index 906a5460..fb9e6461 100644
--- a/src/Users/User.php
+++ b/src/Users/User.php
@@ -2,6 +2,7 @@
 namespace Misuzu\Users;
 
 use Illuminate\Database\Eloquent\SoftDeletes;
+use Misuzu\Database;
 use Misuzu\Model;
 use Misuzu\Net\IP;
 
@@ -16,6 +17,8 @@ class User extends Model
 
     protected $primaryKey = 'user_id';
 
+    private $displayRoleValidated = false;
+
     public static function createUser(
         string $username,
         string $password,
@@ -63,6 +66,70 @@ class User extends Model
         return '';
     }
 
+    public function addRole(Role $role, bool $setDisplay = false): void
+    {
+        $relation = new UserRole;
+        $relation->user_id = $this->user_id;
+        $relation->role_id = $role->role_id;
+        $relation->save();
+
+        if ($setDisplay) {
+            $this->display_role = $role->role_id;
+        }
+    }
+
+    public function removeRole(Role $role): void
+    {
+        UserRole::where('user_id', $this->user_id)
+            ->where('role_id', $role->user_id)
+            ->delete();
+    }
+
+    public function hasRole(Role $role): bool
+    {
+        return UserRole::where('user_id', $this->user_id)
+            ->where('role_id', $role->role_id)
+            ->count() > 0;
+    }
+
+    public function validatePassword(string $password): bool
+    {
+        if (password_needs_rehash($this->password, self::PASSWORD_HASH_ALGO)) {
+            $this->password = $password;
+            $this->save();
+        }
+
+        return password_verify($password, $this->password);
+    }
+
+    public function getDisplayRoleAttribute(?int $value): int
+    {
+        if (!$this->displayRoleValidated) {
+            if ($value === null || UserRole::where('user_id', $this->user_id)->where('role_id', $value)->count() > 0) {
+                $highestRole = Database::table('roles')
+                    ->join('user_roles', 'roles.role_id', '=', 'user_roles.role_id')
+                    ->where('user_id', $this->user_id)
+                    ->orderBy('roles.role_hierarchy')
+                    ->first(['roles.role_id']);
+
+                $value = $highestRole->role_id;
+                $this->display_role = $value;
+                $this->save();
+            }
+
+            $this->displayRoleValidated = true;
+        }
+
+        return $value;
+    }
+
+    public function setDisplayRoleAttribute(int $value): void
+    {
+        if (UserRole::where('user_id', $this->user_id)->where('role_id', $value)->count() > 0) {
+            $this->attributes['display_role'] = $value;
+        }
+    }
+
     public function getRegisterIpAttribute(string $ipAddress): string
     {
         return IP::pack($ipAddress);
@@ -88,16 +155,6 @@ class User extends Model
         $this->attributes['password'] = password_hash($password, self::PASSWORD_HASH_ALGO);
     }
 
-    public function validatePassword(string $password): bool
-    {
-        if (password_needs_rehash($this->password, self::PASSWORD_HASH_ALGO)) {
-            $this->password = $password;
-            $this->save();
-        }
-
-        return password_verify($password, $this->password);
-    }
-
     public function sessions()
     {
         return $this->hasMany(Session::class, 'user_id');