diff --git a/internal/repository/roles.sql.go b/internal/repository/roles.sql.go
index 61ba999..170a532 100644
--- a/internal/repository/roles.sql.go
+++ b/internal/repository/roles.sql.go
@@ -33,6 +33,29 @@ func (q *Queries) AddPermissionsToRoleByKey(ctx context.Context, arg AddPermissi
 	return err
 }
 
+const assignRolePermission = `-- name: AssignRolePermission :exec
+INSERT INTO role_permissions (role_id, permission_id)
+VALUES (
+  $1,
+  (
+    SELECT id
+    FROM permissions p
+    WHERE p.scope = split_part($2, '_', 1)
+      AND p.name = substring($2 FROM position('_' IN $2) + 1)
+  )
+)
+`
+
+type AssignRolePermissionParams struct {
+	RoleID uuid.UUID `json:"role_id"`
+	Key    string    `json:"key"`
+}
+
+func (q *Queries) AssignRolePermission(ctx context.Context, arg AssignRolePermissionParams) error {
+	_, err := q.db.Exec(ctx, assignRolePermission, arg.RoleID, arg.Key)
+	return err
+}
+
 const createRole = `-- name: CreateRole :one
 INSERT INTO roles (name, scope, description)
 VALUES ($1, $2, $3)
diff --git a/internal/user/permissions.go b/internal/user/permissions.go
index a0af72f..41cf8f1 100644
--- a/internal/user/permissions.go
+++ b/internal/user/permissions.go
@@ -2,7 +2,6 @@ package user
 
 import (
 	"context"
-	"fmt"
 	"log"
 
 	"gitea.local/admin/hspguard/internal/repository"
@@ -143,7 +142,7 @@ var (
 				"system_revoke_sessions",
 			},
 			Role: repository.Role{
-				Name:        "family_member",
+				Name:        "member",
 				Description: String("User that is able to use home services"),
 			},
 		},
@@ -180,7 +179,10 @@ func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
 	}
 
 	for _, role := range SYSTEM_ROLES {
-		found, err := repo.FindRole(ctx, repository.FindRoleParams{
+		var found repository.Role
+		var err error
+
+		found, err = repo.FindRole(ctx, repository.FindRoleParams{
 			Scope: SYSTEM_SCOPE,
 			Name:  role.Name,
 		})
@@ -196,17 +198,13 @@ func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
 			}
 		}
 
-		var mappedPerms []string
-
 		for _, perm := range role.Permissions {
-			mappedPerms = append(mappedPerms, fmt.Sprintf("%s_%s", SYSTEM_SCOPE, perm))
-		}
-
-		if err := repo.AddPermissionsToRoleByKey(ctx, repository.AddPermissionsToRoleByKeyParams{
-			RoleID:         found.ID,
-			PermissionKeys: mappedPerms,
-		}); err != nil {
-			log.Fatalf("ERR: Failed to assign required permissions to SYSTEM role %s: %v\n", found.Name, err)
+			if err := repo.AssignRolePermission(ctx, repository.AssignRolePermissionParams{
+				RoleID: found.ID,
+				Key:    perm,
+			}); err != nil {
+				log.Fatalf("ERR: Failed to assign permission '%s' to SYSTEM role %s: %v\n", perm, found.Name, err)
+			}
 		}
 	}
 }
diff --git a/queries/roles.sql b/queries/roles.sql
index 201190e..2438b1e 100644
--- a/queries/roles.sql
+++ b/queries/roles.sql
@@ -53,6 +53,17 @@ INSERT INTO roles (name, scope, description)
 VALUES ($1, $2, $3)
 RETURNING *;
 
+-- name: AssignRolePermission :exec
+INSERT INTO role_permissions (role_id, permission_id)
+VALUES (
+  $1,
+  (
+    SELECT id
+    FROM permissions p
+    WHERE p.scope = split_part(sqlc.arg('key'), '_', 1)
+      AND p.name = right(sqlc.arg('key'), length(sqlc.arg('key')) - position('_' IN sqlc.arg('key')))
+  )
+);
 -- name: AddPermissionsToRoleByKey :exec
 INSERT INTO role_permissions (role_id, permission_id)
 SELECT