diff --git a/api/kiwi_vpn_api/db/schemas.py b/api/kiwi_vpn_api/db/schemas.py
index 6c3dbed..2663e72 100644
--- a/api/kiwi_vpn_api/db/schemas.py
+++ b/api/kiwi_vpn_api/db/schemas.py
@@ -30,6 +30,9 @@ class Certificate(CertificateBase):
 class UserCapability(Enum):
     admin = "admin"
 
+    def __str__(self) -> str:
+        return self._value_
+
 
 class UserBase(BaseModel):
     name: str
@@ -108,7 +111,7 @@ class User(UserBase):
             user = models.User(
                 name=user.name,
                 password=crypt_context.hash(user.password),
-                capabilities=[models.UserCapability(capability="admin")],
+                capabilities=[],
             )
 
             db.add(user)
@@ -120,6 +123,15 @@ class User(UserBase):
         except IntegrityError:
             pass
 
+    def add_capabilities(
+        self,
+        db: Session,
+        capabilities: list[UserCapability],
+    ) -> bool:
+        # TODO
+
+        return True
+
 
 class DistinguishedNameBase(BaseModel):
     cn_only: bool
diff --git a/api/kiwi_vpn_api/routers/admin.py b/api/kiwi_vpn_api/routers/admin.py
index 0c80e3d..6143038 100644
--- a/api/kiwi_vpn_api/routers/admin.py
+++ b/api/kiwi_vpn_api/routers/admin.py
@@ -26,14 +26,17 @@ async def install(
     Connection.connect(await config.db.db_engine)
 
     async for db in Connection.get():
-        # user.capabilities.append("admin")
-
-        schemas.User.create(
+        admin_user = schemas.User.create(
             db=db,
             user=user,
             crypt_context=await config.crypto.crypt_context,
         )
 
+        admin_user.add_capabilities(
+            db=db,
+            capabilities=[schemas.UserCapability.admin],
+        )
+
 
 @router.put(
     "/config",