diff --git a/example.config.ini b/example.config.ini
index 83cf31c..fe4ef8f 100644
--- a/example.config.ini
+++ b/example.config.ini
@@ -5,7 +5,7 @@ name = OpenAuthService
 port = 3000
 
 [mail]
-server = mail.stamm.me
+server = mail.example.com
 username = test
 password = test
 port = 595
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index f1c4ce2..62dd291 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -18,9 +18,9 @@
          }
       },
       "@hibas123/safe_mongo": {
-         "version": "1.3.3",
-         "resolved": "https://registry.npmjs.org/@hibas123/safe_mongo/-/safe_mongo-1.3.3.tgz",
-         "integrity": "sha512-ekEusgpuFqKBB2rt0FH0m7u4YEq2kRpUXUM7PrJNV9onLxSRmUtuJErA59PVhMWvZPVXnSn/Z69aebScxdH+BQ==",
+         "version": "1.3.4",
+         "resolved": "https://registry.npmjs.org/@hibas123/safe_mongo/-/safe_mongo-1.3.4.tgz",
+         "integrity": "sha512-JX1L5XWamAcmxZ8RB+yMEurKO84rGFm06yRS3php0g7LJUbBZJlWB13yJAlNx254z9zLUfXisRaAJz+EA3E+qw==",
          "requires": {
             "@hibas123/nodelogging": "^1.3.18",
             "mongodb": "^3.1.8"
@@ -254,7 +254,8 @@
       "@types/node": {
          "version": "10.12.2",
          "resolved": "https://registry.npmjs.org/@types/node/-/node-10.12.2.tgz",
-         "integrity": "sha512-53ElVDSnZeFUUFIYzI8WLQ25IhWzb6vbddNp8UHlXQyU0ET2RhV5zg0NfubzU7iNMh5bBXb0htCzfvrSVNgzaQ=="
+         "integrity": "sha512-53ElVDSnZeFUUFIYzI8WLQ25IhWzb6vbddNp8UHlXQyU0ET2RhV5zg0NfubzU7iNMh5bBXb0htCzfvrSVNgzaQ==",
+         "dev": true
       },
       "@types/node-rsa": {
          "version": "0.4.3",
@@ -293,6 +294,7 @@
          "version": "3.4.4",
          "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-3.4.4.tgz",
          "integrity": "sha512-tPIgT0GUmdJQNSHxp0X2jnpQfBSTfGxUMc/2CXBU2mnyTFVYVa2ojpoQ74w0U2yn2vw3jnC640+77lkFFpdVDw==",
+         "dev": true,
          "requires": {
             "@types/node": "*"
          }
diff --git a/package.json b/package.json
index 7cdaf26..b45592c 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
    "dependencies": {
       "@hibas123/nodelogging": "^1.3.21",
       "@hibas123/nodeloggingserver_client": "^1.1.2",
-      "@hibas123/safe_mongo": "^1.3.3",
+      "@hibas123/safe_mongo": "^1.3.4",
       "body-parser": "^1.18.3",
       "compression": "^1.7.3",
       "cookie-parser": "^1.4.3",
@@ -51,4 +51,4 @@
       "tedious": "^2.6.4",
       "uuid": "^3.3.2"
    }
-}
\ No newline at end of file
+}
diff --git a/src/api/admin/permission.ts b/src/api/admin/permission.ts
index af7b972..9ee422b 100644
--- a/src/api/admin/permission.ts
+++ b/src/api/admin/permission.ts
@@ -5,6 +5,7 @@ import promiseMiddleware from "../../helper/promiseMiddleware";
 import Permission from "../../models/permissions";
 import verify, { Types } from "../middlewares/verify";
 import Client from "../../models/client";
+import { ObjectID } from "bson";
 
 const PermissionRoute: Router = Router();
 PermissionRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) => {
@@ -15,12 +16,16 @@ PermissionRoute.use(GetUserMiddleware(true, true), (req: Request, res, next) =>
 
 PermissionRoute.route("/")
    .get(promiseMiddleware(async (req, res) => {
-      let permission = await Permission.find({});
+      let query = {};
+      if (req.query.client) {
+         query = { client: new ObjectID(req.query.client) }
+      }
+      let permission = await Permission.find(query);
       res.json(permission);
    }))
    .post(verify({
-      clientId: {
-         type: Types.NUMBER
+      client: {
+         type: Types.STRING
       },
       name: {
          type: Types.STRING
@@ -29,7 +34,7 @@ PermissionRoute.route("/")
          type: Types.STRING
       }
    }, true), promiseMiddleware(async (req, res) => {
-      let client = await Client.findById(req.body.clientId);
+      let client = await Client.findById(req.body.client);
       if (!client) {
          throw new RequestError("Client not found", HttpStatusCode.BAD_REQUEST);
       }
@@ -40,6 +45,10 @@ PermissionRoute.route("/")
       });
       await Permission.save(permission);
       res.json(permission);
-   }))
+   })).delete(promiseMiddleware(async (req, res) => {
+      let { id } = req.query;
+      await Permission.delete(id);
+      res.json({ success: true });
+   }));
 
 export default PermissionRoute;
\ No newline at end of file
diff --git a/views/src/admin/admin.hbs b/views/src/admin/admin.hbs
index a1e1b77..a7f82d5 100644
--- a/views/src/admin/admin.hbs
+++ b/views/src/admin/admin.hbs
@@ -164,6 +164,7 @@
                   <div></div>
                </th>
                <th scope="col" style="width: 2.5rem"></th>
+               <th scope="col" style="width: 2.5rem"></th>
             </tr>
          </thead>
          <tbody>
@@ -183,8 +184,11 @@
                <td>
                   <a href="\{{ website }}">\{{ website }}</a>
                </td>
-
-               <!-- ToDo: Make helper to resolve number to human readaby text-->
+               <td style="padding: 0.25em">
+                  <button style="border: 0; background-color: rgba(0, 0, 0, 0); padding: 0; text-align: center;" onclick="permissionsClient('\{{_id}}')">
+                        perm
+                  </button>
+               </td>
                <td style="padding: 0.25em">
                   <button style="border: 0; background-color: rgba(0, 0, 0, 0); padding: 0; text-align: center;" onclick="editClient('\{{_id}}')">
                      <i class="material-icons" style="font-size: 2rem; display: inline">
@@ -238,6 +242,53 @@
          </span>
       </form>
    </script>
+   <script id="template-permission-list" type="text/x-handlebars-template">
+      <h2><button class="btn btn-raised btn-primary" onclick="gotoClients()">back</button> to \{{client_name}} </h2>
+      <button class="btn btn-raised btn-primary" onclick="createPermission('\{{ client_id }}')">Create</button>
+      <table class="table table-bordered" style="margin-bottom: 0">
+         <thead>
+            <tr>
+               <th scope="col">ID</th>
+               <th scope="col">Name</th>
+               <th scope="col">Description</th>
+               <th scope="col" style="width: 2.5rem"></th>
+            </tr>
+         </thead>
+         <tbody>
+            \{{#permissions}}
+            <tr>
+               <td>\{{ _id }}</td>
+               <td>\{{ name }}</td>
+               <td>\{{ description }}</td>
+               <td style="padding: 0.25em">
+                  <button style="border: 0; background-color: rgba(0, 0, 0, 0); padding: 0; text-align: center;" onclick="deletePermission('\{{_id}}')">
+                     <i class="material-icons" style="font-size: 2rem; display: inline">
+                        delete
+                     </i>
+                  </button>
+               </td>
+            </tr>
+            \{{/permissions}}
+         </tbody>
+      </table>
+   </script>
+   <script id="template-permission-form" type="text/x-handlebars-template">
+      <form class="form" action="JavaScript:void(null)" onsubmit="createPermissionSubmit(this)" style="margin-bottom: 0">
+         <input type=hidden value="\{{client_id}}" name=client />
+         <div class="form-group">
+            <label for="name_input" class="bmd-label-floating">Name</label>
+            <input type="text" class="form-control" id="name_input" name=name value="">
+         </div>
+         <div class="form-group">
+            <label for=name class="bmd-label-floating">Description</label>
+            <input type="text" class="form-control" id=name name=description value="">
+         </div>
+         <span class="form-group bmd-form-group">
+            <!-- needed to match padding for floating labels -->
+            <button type="submit" class="btn btn-raised btn-primary">Save</button>
+         </span>
+      </form>
+   </script>
 
 </body>
 
diff --git a/views/src/admin/admin.js b/views/src/admin/admin.js
index 6ac854d..b01a069 100644
--- a/views/src/admin/admin.js
+++ b/views/src/admin/admin.js
@@ -72,6 +72,49 @@ Handlebars.registerHelper("formatDate", function (datetime, format) {
       await loadList();
    }
 
+   async function renderPermissions(client_id, client_name) {
+      const listt = Handlebars.compile(document.getElementById("template-permission-list").innerText);
+      const formt = Handlebars.compile(document.getElementById("template-permission-form").innerText);
+      setCustomCard();
+      async function loadList() {
+         try {
+            let data = await request("/api/admin/permission", "GET");
+            tableb.innerHTML = listt({
+               client_id: client_id,
+               client_name: client_name,
+               permissions: data
+            })
+         } catch (err) {
+            catchError(err);
+         }
+      }
+
+      window.gotoClients = () => {
+         renderClient();
+      }
+
+      window.deletePermission = (id) => {
+         request("/api/admin/permission?id=" + id, "DELETE").then(() => loadList()).catch(catchError)
+      }
+
+      window.createPermission = () => {
+         try {
+            setCustomCard(formt({ client_id: client_id }));
+         } catch (err) {
+            console.log("Err", err);
+         }
+      }
+
+
+      window.createPermissionSubmit = (elm) => {
+         console.log(elm);
+         let data = getFormData(elm);
+         console.log(data);
+         request("/api/admin/permission", "POST", data).then(() => setCustomCard()).then(() => loadList()).catch(catchError)
+      }
+      await loadList()
+   }
+
    async function renderClient() {
       console.log("Rendering Client")
       setTitle("Client")
@@ -88,6 +131,10 @@ Handlebars.registerHelper("formatDate", function (datetime, format) {
          })
       }
 
+      window.permissionsClient = (id) => {
+         renderPermissions(id, clients.find(e => e._id === id).name);
+      }
+
       window.deleteClient = (id) => {
          request("/api/admin/client?id=" + id, "DELETE").then(() => loadList()).catch(catchError)
       }
@@ -96,8 +143,8 @@ Handlebars.registerHelper("formatDate", function (datetime, format) {
          console.log(elm);
          let data = getFormData(elm);
          console.log(data);
-         let id = data.id;
-         delete data.id;
+         let id = data._id;
+         delete data._id;
          if (id !== "") {
             request("/api/admin/client?id=" + id, "PUT", data).then(() => setCustomCard()).then(() => loadList()).catch(catchError)
          } else {
diff --git a/views/src/user/user.hbs b/views/src/user/user.hbs
deleted file mode 100644
index dee3bbf..0000000
--- a/views/src/user/user.hbs
+++ /dev/null
@@ -1,14 +0,0 @@
-<html>
-
-
-<head>
-   <title>{{title}}</title>
-   <meta charset="utf8" />
-   <meta name="viewport" content="width=device-width,initial-scale=1" />
-</head>
-
-<body>
-
-</body>
-
-</html>
\ No newline at end of file
diff --git a/views/src/user/user.js b/views/src/user/user.js
deleted file mode 100644
index b8c57fe..0000000
--- a/views/src/user/user.js
+++ /dev/null
@@ -1 +0,0 @@
-console.log("Hello World")
\ No newline at end of file
diff --git a/views/src/user/user.scss b/views/src/user/user.scss
deleted file mode 100644
index e69de29..0000000