diff --git a/backend/src/auth/ROLES.ts b/backend/src/auth/ROLES.ts
index bc868a199..69a7ea52b 100644
--- a/backend/src/auth/ROLES.ts
+++ b/backend/src/auth/ROLES.ts
@@ -1,40 +1,22 @@
+import { ADMIN_RIGHTS } from './ADMIN_RIGHTS'
 import { INALIENABLE_RIGHTS } from './INALIENABLE_RIGHTS'
-import { RIGHTS } from './RIGHTS'
+import { MODERATOR_RIGHTS } from './MODERATOR_RIGHTS'
 import { Role } from './Role'
+import { USER_RIGHTS } from './USER_RIGHTS'
 
 export const ROLE_UNAUTHORIZED = new Role('unauthorized', INALIENABLE_RIGHTS)
-export const ROLE_USER = new Role('user', [
+export const ROLE_USER = new Role('user', [...INALIENABLE_RIGHTS, ...USER_RIGHTS])
+export const ROLE_MODERATOR = new Role('moderator', [
   ...INALIENABLE_RIGHTS,
-  RIGHTS.VERIFY_LOGIN,
-  RIGHTS.BALANCE,
-  RIGHTS.LIST_GDT_ENTRIES,
-  RIGHTS.EXIST_PID,
-  RIGHTS.UNSUBSCRIBE_NEWSLETTER,
-  RIGHTS.SUBSCRIBE_NEWSLETTER,
-  RIGHTS.TRANSACTION_LIST,
-  RIGHTS.SEND_COINS,
-  RIGHTS.LOGOUT,
-  RIGHTS.UPDATE_USER_INFOS,
-  RIGHTS.HAS_ELOPAGE,
-  RIGHTS.CREATE_TRANSACTION_LINK,
-  RIGHTS.DELETE_TRANSACTION_LINK,
-  RIGHTS.REDEEM_TRANSACTION_LINK,
-  RIGHTS.LIST_TRANSACTION_LINKS,
-  RIGHTS.GDT_BALANCE,
-  RIGHTS.CREATE_CONTRIBUTION,
-  RIGHTS.DELETE_CONTRIBUTION,
-  RIGHTS.LIST_CONTRIBUTIONS,
-  RIGHTS.LIST_ALL_CONTRIBUTIONS,
-  RIGHTS.UPDATE_CONTRIBUTION,
-  RIGHTS.SEARCH_ADMIN_USERS,
-  RIGHTS.LIST_CONTRIBUTION_LINKS,
-  RIGHTS.COMMUNITY_STATISTICS,
-  RIGHTS.CREATE_CONTRIBUTION_MESSAGE,
-  RIGHTS.LIST_ALL_CONTRIBUTION_MESSAGES,
-  RIGHTS.OPEN_CREATIONS,
-  RIGHTS.USER,
+  ...USER_RIGHTS,
+  ...MODERATOR_RIGHTS,
+])
+export const ROLE_ADMIN = new Role('admin', [
+  ...INALIENABLE_RIGHTS,
+  ...USER_RIGHTS,
+  ...MODERATOR_RIGHTS,
+  ...ADMIN_RIGHTS,
 ])
-export const ROLE_ADMIN = new Role('admin', Object.values(RIGHTS)) // all rights
 
 // TODO from database
-export const ROLES = [ROLE_UNAUTHORIZED, ROLE_USER, ROLE_ADMIN]
+export const ROLES = [ROLE_UNAUTHORIZED, ROLE_USER, ROLE_MODERATOR, ROLE_ADMIN]