diff --git a/src/main/java/cz/cvut/kbss/study/model/Role.java b/src/main/java/cz/cvut/kbss/study/model/Role.java
new file mode 100644
index 00000000..e4096a05
--- /dev/null
+++ b/src/main/java/cz/cvut/kbss/study/model/Role.java
@@ -0,0 +1,103 @@
+package cz.cvut.kbss.study.model;
+
+import cz.cvut.kbss.jopa.model.annotations.Individual;
+import lombok.Getter;
+
+@Getter
+public enum Role {
+
+    @Individual(iri=Vocabulary.s_i_administrator)
+    administrator(Vocabulary.s_i_administrator),
+
+    @Individual(iri = Vocabulary.s_i_user)
+    user(Vocabulary.s_i_user),
+
+    @Individual(iri = Vocabulary.s_i_delete_all_records_role)
+    deleteAllRecords(Vocabulary.s_i_delete_all_records_role),
+
+    @Individual(iri = Vocabulary.s_i_view_all_records_role)
+    viewAllRecords(Vocabulary.s_i_view_all_records_role),
+
+    @Individual(iri = Vocabulary.s_i_edit_all_records_role)
+    editAllRecords(Vocabulary.s_i_edit_all_records_role),
+
+    @Individual(iri = Vocabulary.s_i_delete_organization_records_role)
+    deleteOrganizationRecords(Vocabulary.s_i_delete_organization_records_role),
+
+    @Individual(iri = Vocabulary.s_i_view_organization_records_role)
+    viewOrganizationRecords(Vocabulary.s_i_view_organization_records_role),
+
+    @Individual(iri = Vocabulary.s_i_edit_organization_records_role)
+    editOrganizationRecords(Vocabulary.s_i_edit_organization_records_role),
+
+    @Individual(iri = Vocabulary.s_i_edit_users_role)
+    editUsers(Vocabulary.s_i_edit_users_role),
+
+    @Individual(iri = Vocabulary.s_i_complete_records_role)
+    completeRecords(Vocabulary.s_i_complete_records_role),
+
+    @Individual(iri = Vocabulary.s_i_reject_records_role)
+    rejectRecords(Vocabulary.s_i_reject_records_role),
+
+    @Individual(iri = Vocabulary.s_i_publish_records_role)
+    publishRecords(Vocabulary.s_i_publish_records_role),
+
+    @Individual(iri = Vocabulary.s_i_import_codelists_role)
+    importCodelists(Vocabulary.s_i_import_codelists_role);
+
+    private final String iri;
+
+    Role(String iri) {
+        this.iri = iri;
+    }
+
+    /**
+     * Returns {@link Role} with the specified IRI.
+     *
+     * @param iri role identifier
+     * @return matching {@code Role}
+     * @throws IllegalArgumentException When no matching role is found
+     */
+    public static Role fromIri(String iri) {
+        for (Role r : values()) {
+            if (r.getIri().equals(iri)) {
+                return r;
+            }
+        }
+        throw new IllegalArgumentException("Unknown role identifier '" + iri + "'.");
+    }
+
+    /**
+     * Returns {@link Role} with the specified constant name.
+     *
+     * @param name role name
+     * @return matching {@code Role}
+     * @throws IllegalArgumentException When no matching role is found
+     */
+    public static Role fromName(String name) {
+        for (Role r : values()) {
+            if (r.name().equalsIgnoreCase(name)) {
+                return r;
+            }
+        }
+        throw new IllegalArgumentException("Unknown role '" + name + "'.");
+    }
+
+    /**
+     * Returns a {@link Role} with the specified IRI or constant name.
+     * <p>
+     * This function first tries to find the enum constant by IRI. If it is not found, constant name matching is
+     * attempted.
+     *
+     * @param identification Constant IRI or name to find match by
+     * @return matching {@code Role}
+     * @throws IllegalArgumentException When no matching role is found
+     */
+    public static Role fromIriOrName(String identification) {
+        try {
+            return fromIri(identification);
+        } catch (IllegalArgumentException e) {
+            return fromName(identification);
+        }
+    }
+}
diff --git a/src/main/java/cz/cvut/kbss/study/model/RoleGroup.java b/src/main/java/cz/cvut/kbss/study/model/RoleGroup.java
new file mode 100644
index 00000000..6191483c
--- /dev/null
+++ b/src/main/java/cz/cvut/kbss/study/model/RoleGroup.java
@@ -0,0 +1,46 @@
+package cz.cvut.kbss.study.model;
+import cz.cvut.kbss.jopa.model.annotations.Id;
+import cz.cvut.kbss.jopa.model.annotations.OWLClass;
+import cz.cvut.kbss.jopa.model.annotations.OWLDataProperty;
+import cz.cvut.kbss.jopa.model.annotations.OWLObjectProperty;
+
+import java.net.URI;
+import java.util.Set;
+
+@OWLClass(iri = Vocabulary.s_c_Person)
+public class RoleGroup {
+
+    @Id
+    private URI uri;
+
+    @OWLDataProperty(iri = Vocabulary.s_p_roleGroupName)
+    private String roleGroupName;
+
+    @OWLObjectProperty(iri = Vocabulary.s_p_has_role)
+    private Set<Role> roles;
+
+
+    public URI getUri() {
+        return uri;
+    }
+
+    public void setUri(URI uri) {
+        this.uri = uri;
+    }
+
+    public String getRoleGroupName() {
+        return roleGroupName;
+    }
+
+    public void setRoleGroupName(String roleGroupName) {
+        this.roleGroupName = roleGroupName;
+    }
+
+    public Set<Role> getRoles() {
+        return roles;
+    }
+
+    public void setRoles(Set<Role> roles) {
+        this.roles = roles;
+    }
+}
diff --git a/src/main/java/cz/cvut/kbss/study/model/User.java b/src/main/java/cz/cvut/kbss/study/model/User.java
index 31cff563..35ea5fec 100644
--- a/src/main/java/cz/cvut/kbss/study/model/User.java
+++ b/src/main/java/cz/cvut/kbss/study/model/User.java
@@ -7,22 +7,23 @@
 import cz.cvut.kbss.jopa.model.annotations.OWLDataProperty;
 import cz.cvut.kbss.jopa.model.annotations.OWLObjectProperty;
 import cz.cvut.kbss.jopa.model.annotations.ParticipationConstraints;
-import cz.cvut.kbss.jopa.model.annotations.Types;
 import cz.cvut.kbss.study.model.util.HasDerivableUri;
 import cz.cvut.kbss.study.util.Constants;
 import cz.cvut.kbss.study.util.IdentificationUtils;
+import lombok.Getter;
+import lombok.Setter;
 import org.springframework.security.crypto.password.PasswordEncoder;
-
 import java.io.Serializable;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
+
 
 @OWLClass(iri = Vocabulary.s_c_Person)
+@Getter
+@Setter
 public class User implements HasDerivableUri, Serializable {
 
     @Id
@@ -62,22 +63,18 @@ public class User implements HasDerivableUri, Serializable {
     private Institution institution;
 
     @OWLObjectProperty(iri = Vocabulary.s_p_has_role_group)
-    private String roleGroup;
-
-    @OWLObjectProperty(iri = Vocabulary.s_p_has_role)
-    private Set<String> types;
+    private RoleGroup roleGroup;
 
-    public String getRoleGroup() {
+    public RoleGroup getRoleGroup() {
         return roleGroup;
     }
 
-    public void setRoleGroup(String roleGroup) {
+    public void setRoleGroup(RoleGroup roleGroup) {
         this.roleGroup = roleGroup;
     }
 
     public User() {
-        this.types = new HashSet<>();
-        types.add(Vocabulary.s_i_user);
+
     }
 
     @Override
@@ -148,18 +145,6 @@ public void setInstitution(Institution institution) {
         this.institution = institution;
     }
 
-    public Set<String> getTypes() {
-        return types;
-    }
-
-    public void setTypes(Set<String> types) {
-        this.types = types;
-    }
-
-    public void addType(String type) {
-        assert types != null;
-        getTypes().add(type);
-    }
 
     /**
      * Returns true if this user is an admin.
@@ -169,8 +154,8 @@ public void addType(String type) {
      * @return {@code true} if this is admin, {@code false} otherwise
      */
     public boolean isAdmin() {
-        assert types != null;
-        return getTypes().contains(Vocabulary.s_i_administrator);
+        assert roleGroup != null;
+        return roleGroup.getRoles().contains(Role.administrator);
     }
 
     public String getToken() {
@@ -189,6 +174,7 @@ public void setIsInvited(Boolean isInvited) {
         this.isInvited = isInvited;
     }
 
+
     /**
      * Encodes password of this person.
      *
diff --git a/src/main/java/cz/cvut/kbss/study/security/model/RoleGroup.java b/src/main/java/cz/cvut/kbss/study/security/model/RoleGroup.java
deleted file mode 100644
index 6c622256..00000000
--- a/src/main/java/cz/cvut/kbss/study/security/model/RoleGroup.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package cz.cvut.kbss.study.security.model;
-
-import cz.cvut.kbss.study.model.Vocabulary;
-import cz.cvut.kbss.study.security.SecurityConstants;
-
-import java.util.Optional;
-import java.util.stream.Stream;
-
-public enum RoleGroup {
-
-
-    OPERATOR_ADMIN(SecurityConstants.ROLE_GROUP_OPERATOR_ADMIN, Vocabulary.s_i_operator_admin_role_group),
-    OPERATOR(SecurityConstants.ROLE_GROUP_OPERATOR, Vocabulary.s_i_operator_role_group),
-    SUPPLIER_ADMIN(SecurityConstants.ROLE_GROUP_SUPPLIER_ADMIN, Vocabulary.s_i_supplier_admin_role_group),
-    SUPPLIER(SecurityConstants.ROLE_GROUP_SUPPLIER, Vocabulary.s_i_supplier_role_group),
-    EXTERNAL_USER(SecurityConstants.ROLE_GROUP_EXTERNAL_USER, Vocabulary.s_i_external_user_role_group);
-
-
-    private final String name;
-    private final String type;
-
-    RoleGroup(String name, String type) {
-        this.name = name;
-        this.type = type;
-    }
-
-    public static Optional<RoleGroup> forType(String type) {
-        return Stream.of(RoleGroup.values()).filter(r -> r.type.equals(type)).findAny();
-    }
-
-    public static Optional<RoleGroup> forName(String name) {
-        return Stream.of(RoleGroup.values()).filter(r -> r.name.equals(name)).findAny();
-    }
-
-    public String getName() {
-        return name;
-    }
-
-    public String getType() {
-        return type;
-    }
-}
-
diff --git a/src/main/resources/model.ttl b/src/main/resources/model.ttl
index 379afa38..5734a1f7 100644
--- a/src/main/resources/model.ttl
+++ b/src/main/resources/model.ttl
@@ -66,10 +66,6 @@ rm:has-question rdf:type owl:ObjectProperty ;
 rm:is-member-of rdf:type owl:ObjectProperty ;
                 rdfs:subPropertyOf rm:relates-to .
 
-###  http://onto.fel.cvut.cz/ontologies/record-manager/role-group
-rm:role-group rdf:type owl:ObjectProperty ;
-                rdfs:subPropertyOf rm:relates-to .
-
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/relates-to
 rm:relates-to rdf:type owl:ObjectProperty .
 
@@ -120,26 +116,23 @@ rm:key rdf:type owl:DatatypeProperty .
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/password
 rm:password rdf:type owl:DatatypeProperty .
 
-
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/payload
 rm:payload rdf:type owl:DatatypeProperty .
 
-
 ###  http://onto.fel.cvut.cz/ontologies/record-manager/token
 rm:token rdf:type owl:DatatypeProperty .
 
-
 ###  http://xmlns.com/foaf/0.1/accountName
 <http://xmlns.com/foaf/0.1/accountName> rdf:type owl:DatatypeProperty .
 
-
 ###  http://xmlns.com/foaf/0.1/firstName
 <http://xmlns.com/foaf/0.1/firstName> rdf:type owl:DatatypeProperty .
 
-
 ###  http://xmlns.com/foaf/0.1/lastName
 <http://xmlns.com/foaf/0.1/lastName> rdf:type owl:DatatypeProperty .
 
+###  http://xmlns.com/foaf/0.1/roleGroupName
+rm:roleGroupName rdf:type owl:DatatypeProperty .
 
 ###  http://xmlns.com/foaf/0.1/mbox
 <http://xmlns.com/foaf/0.1/mbox> rdf:type owl:DatatypeProperty .
@@ -208,61 +201,6 @@ rm:role rdf:type owl:Class;
 rm:role-group rdf:type owl:Class;
         rdfs:label "user role group" .
 
-
-#################################################################
-#   Groups
-#################################################################
-
-###  http://onto.fel.cvut.cz/ontologies/record-manager/operator-role-group
-rm:operator-role-group rdf:type owl:NamedIndividual, rm:role-group;
-        rm:has-role rm:user,
-                    rm:complete-records-role;
-        rdfs:label "operator role group"@en .
-
-###  http://onto.fel.cvut.cz/ontologies/record-manager/operator-admin-role-group
-rm:operator-admin-role-group rdf:type owl:NamedIndividual, rm:role-group ;
-        rm:has-role
-                    rm:user,
-                    rm:administrator,
-                    rm:complete-records-role ,
-                    rm:delete-organization-records-role ,
-                    rm:edit-organization-records-role ,
-                    rm:view-organization-records-role ,
-                    rm:edit-users-role ,
-                    rm:import-codelists-role ,
-                    rm:publish-records-role ,
-                    rm:reject-records-role ;
-        rdfs:label "operator-admin role group"@en .
-
-### http://onto.fel.cvut.cz/ontologies/record-manager/supplier-role-group
-rm:supplier-role-group rdf:type owl:NamedIndividual, rm:role-group ;
-        rm:has-role rm:user,
-                    rm:complete-records-role ;
-        rdfs:label "supplier role group"@en .
-
-###  http://onto.fel.cvut.cz/ontologies/record-manager/operator-admin-role-group
-rm:supplier-admin-role-group rdf:type owl:NamedIndividual, rm:role-group;
-        rm:has-role rm:user,
-                    rm:administrator,
-                    rm:complete-records-role ,
-                    rm:delete-organization-records-role ,
-                    rm:edit-organization-records-role ,
-                    rm:view-organization-records-role ,
-                    rm:edit-users-role ,
-                    rm:import-codelists-role ,
-                    rm:reject-records-role ,
-                    rm:delete-all-records-role ,
-                    rm:edit-all-records-role ,
-                    rm:view-all-records-role ;
-        rdfs:label "supplier-admin role group"@en .
-
-###  http://onto.fel.cvut.cz/ontologies/record-manager/external-user-role-group
-rm:external-user-role-group rdf:type owl:NamedIndividual, rm:role-group;
-        rm:has-role rm:user,
-                    rm:complete-records-role;
-        rdfs:label "external user role group"@en .
-
-
 #################################################################
 #   Roles
 #################################################################