diff --git a/app/classes/user.php b/app/classes/user.php
index d31e7fe..e275883 100644
--- a/app/classes/user.php
+++ b/app/classes/user.php
@@ -67,11 +67,52 @@ class User {
 
     }
 
+    // add user right
+    public function addUserRight($user_id, $right_id) {
+        $sql = 'INSERT INTO users_rights
+                    (user_id, right_id, enabled)
+                VALUES
+                    (:user_id, :right_id, 1)';
+        $query = $this->db->prepare($sql);
+        $query->execute([
+            ':user_id'		=> $user_id,
+            ':right_id'		=> $right_id,
+        ]);
+    }
+
+    // remove user right
+    public function removeUserRight($user_id, $right_id) {
+        $sql = 'DELETE FROM users_rights
+                WHERE
+                    user_id = :user_id
+                AND
+                    right_id = :right_id';
+        $query = $this->db->prepare($sql);
+        $query->execute([
+            ':user_id'		=> $user_id,
+            ':right_id'		=> $right_id,
+        ]);
+    }
+
+    // get all rights
+    public function getAllRights() {
+        $sql = 'SELECT
+                    id AS right_id,
+                    item AS right_name
+                FROM rights';
+        $query = $this->db->prepare($sql);
+        $query->execute();
+
+        return $query->fetchAll(PDO::FETCH_ASSOC);
+
+    }
+
     // get user rights
     public function getUserRights($user_id) {
         $sql = 'SELECT
                     u.id AS user_id,
                     u.username,
+                    r.id AS right_id,
                     r.item AS right_name
                 FROM
                     users u
diff --git a/app/pages/profile.php b/app/pages/profile.php
index 4e81f84..5a564dc 100644
--- a/app/pages/profile.php
+++ b/app/pages/profile.php
@@ -40,6 +40,25 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         $_SESSION['error'] .= "Editing the user details failed. Error: $result ";
     }
 
+    // update the rights
+    $newRights = $_POST['rights'] ?? array();
+    // extract the new right_ids
+    $userRightsIds = array_column($userRights, 'right_id');
+    // what rights we need to add
+    $rightsToAdd = array_diff($newRights, $userRightsIds);
+    if (!empty($rightsToAdd)) {
+        foreach ($rightsToAdd as $rightId) {
+            $userObject->addUserRight($user_id, $rightId);
+        }
+    }
+    // what rights we need to remove
+    $rightsToRemove = array_diff($userRightsIds, $newRights);
+    if (!empty($rightsToRemove)) {
+        foreach ($rightsToRemove as $rightId) {
+            $userObject->removeUserRight($user_id, $rightId);
+        }
+    }
+
     // update the avatar
     if (!empty($_FILES['avatar_file']['tmp_name'])) {
         $result = $userObject->changeAvatar($user_id, $_FILES['avatar_file'], $config['avatars_path']);
@@ -56,6 +75,7 @@ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
     switch ($action) {
 
         case 'edit':
+            $allRights = $userObject->getAllRights();
             include '../app/templates/profile-edit.php';
             break;
 
diff --git a/app/templates/profile-edit.php b/app/templates/profile-edit.php
index 174233f..ed545b4 100644
--- a/app/templates/profile-edit.php
+++ b/app/templates/profile-edit.php
@@ -72,7 +72,20 @@
                                             <label for="rights" class="form-label"><small>rights:</small></label>
                                         </div>
                                         <div class="col-md-8 text-start bg-light">
-                                            <input class="form-control" type="text" name="rights" value="<?= $userDetails[0]['rights'] ?? '' ?>" />
+<?php foreach ($allRights as $right) {
+    // Check if the current right exists in $userRights and is enabled
+    $isChecked = false;
+    foreach ($userRights as $userRight) {
+        if ($userRight['right_id'] === $right['right_id']) {
+            $isChecked = true;
+            break;
+        }
+    } ?>
+                                            <div class="form-check">
+                                                <input class="form-check-input" type="checkbox" name="rights[]" value="<?= htmlspecialchars($right['right_id']) ?>" id="right_<?= htmlspecialchars($right['right_id']) ?>" <?= $isChecked ? 'checked' : '' ?> />
+                                                <label class="form-check-label" for="right_<?= htmlspecialchars($right['right_id']) ?>"><?= htmlspecialchars($right['right_name']) ?></label>
+                                            </div>
+<?php } ?>
                                         </div>
                                     </div>