diff --git a/app/controllers/admin/role_controller.rb b/app/controllers/admin/role_controller.rb
index b4f4fe0..95f8e9f 100644
--- a/app/controllers/admin/role_controller.rb
+++ b/app/controllers/admin/role_controller.rb
@@ -5,6 +5,20 @@ class RoleController < AdminController
     @roles = environment.roles.find(:all)
   end
 
+  def new
+    @role = Role.new
+  end
+
+  def create
+    @role = Role.new :name => params[:role][:name], :permissions => params[:role][:permissions], :environment => environment
+    if @role.save
+      redirect_to :action => 'show', :id => @role
+    else
+      session[:notice] = _('Failed to create role')
+      render :action => 'new'
+    end
+  end
+
   def show
     @role = environment.roles.find(params[:id])
   end
diff --git a/app/models/profile.rb b/app/models/profile.rb
index c02cc8c..ac5591d 100644
--- a/app/models/profile.rb
+++ b/app/models/profile.rb
@@ -20,12 +20,16 @@ class Profile < ActiveRecord::Base
       find_role('editor', env_id)
     end
     def self.organization_member_roles(env_id)
-      [admin(env_id), moderator(env_id), member(env_id)]
+      all_roles(env_id).select{ |r| r.key.match(/^profile_/) unless r.key.blank? }
     end
     def self.all_roles(env_id)
-      [admin(env_id), member(env_id), moderator(env_id), owner(env_id), editor(env_id)]
+      Role.all :conditions => { :environment_id => env_id }
+    end
+    def self.method_missing(m, *args, &block)
+      role = find_role(m, args[0])
+      return role unless role.nil?
+      super
     end
-
     private
     def self.find_role(name, env_id)
       ::Role.find_by_key_and_environment_id("profile_#{name}", env_id)
diff --git a/app/views/profile_members/change_role.rhtml b/app/views/profile_members/change_role.rhtml
index 207e172..04c71ec 100644
--- a/app/views/profile_members/change_role.rhtml
+++ b/app/views/profile_members/change_role.rhtml
@@ -5,6 +5,11 @@
   <%= _('Roles:') %> <br>
   <% @roles.each do |r| %>
     <%= labelled_check_box(r.name, 'roles[]', r.id, @associations.map(&:role).include?(r) ) %><br/>
+    <ul class="role-permissions">
+      <% r.permissions.each do |p| %>
+        <li><%= p %></li>
+      <% end %>
+    </ul>
   <% end %>
   <%= hidden_field_tag 'person', @member.id %>
 
diff --git a/app/views/role/_form.rhtml b/app/views/role/_form.rhtml
index 9db5aca..0570578 100644
--- a/app/views/role/_form.rhtml
+++ b/app/views/role/_form.rhtml
@@ -6,9 +6,10 @@
 
   <%= required f.text_field(:name) %>
 
-  <%= _('Permissions:') %> <br>
+  <p><%= _('Permissions:') %><p>
   <% permissions.keys.each do |p| %>
-    <%= labelled_check_box(permission_name(p), "role[permissions][]", p, role.has_permission?(p)) %> <br/>
+    <%= check_box_tag("role[permissions][]", p, role.has_permission?(p), { :id => p }) %>
+    <%= content_tag(:label, permission_name(p), { :for => p }) %><br/>
   <% end %>
 
   <% button_bar do %>
diff --git a/app/views/role/index.rhtml b/app/views/role/index.rhtml
index a77a5ba..6df2180 100644
--- a/app/views/role/index.rhtml
+++ b/app/views/role/index.rhtml
@@ -19,4 +19,5 @@
 
 <% button_bar do %>
   <%= button :back, _('Back'), :controller => 'admin_panel' %>
+  <%= button :add, _('New'), :action => 'new' %>
 <% end %>
diff --git a/app/views/role/new.rhtml b/app/views/role/new.rhtml
new file mode 100644
index 0000000..38c32d7
--- /dev/null
+++ b/app/views/role/new.rhtml
@@ -0,0 +1,3 @@
+<h2> <%= _("Create a new role") %> </h2>
+
+<%= render :partial => 'form', :locals => { :mode => :create, :role => @role, :permissions => ActiveRecord::Base::PERMISSIONS[@role.kind] } %>
diff --git a/test/functional/role_controller_test.rb b/test/functional/role_controller_test.rb
index 65918f1..61730de 100644
--- a/test/functional/role_controller_test.rb
+++ b/test/functional/role_controller_test.rb
@@ -59,6 +59,26 @@ class RoleControllerTest < ActionController::TestCase
     assert_not_nil session[:notice]
   end
 
+  def test_should_see_new_role_page
+    get 'new'
+    assert_response :success
+    assert_not_nil assigns(:role)
+  end
+
+  def test_should_create_new_role
+    assert_difference Role, :count do
+      post 'create', :role => { :name => 'Test Role', :permissions => ["test"] }
+    end
+    assert_redirected_to :action => 'show', :id => Role.last.id
+  end
+
+  def test_should_not_create_new_role
+    assert_no_difference Role, :count do
+      post 'create', :role => { }
+    end
+    assert_template :new
+  end
+
   should 'not crash when editing role with no permissions' do
     role = Role.create!(:name => 'test_role', :environment => Environment.default)
 
diff --git a/test/unit/profile_test.rb b/test/unit/profile_test.rb
index 6fda9b2..454aeb4 100644
--- a/test/unit/profile_test.rb
+++ b/test/unit/profile_test.rb
@@ -1740,6 +1740,30 @@ class ProfileTest < ActiveSupport::TestCase
     assert_includes Profile.communities, child
   end
 
+  should 'get organization roles' do
+    env = fast_create(Environment)
+    roles = %w(foo bar profile_foo profile_bar).map{ |r| Role.create!(:name => r, :key => r, :environment_id => env.id, :permissions => ["some"]) }
+    Role.create! :name => 'test', :key => 'profile_test', :environment_id => env.id + 1
+    Profile::Roles.expects(:all_roles).returns(roles)
+    assert_equal roles[2..3], Profile::Roles.organization_member_roles(env.id)
+  end
+
+  should 'get all roles' do
+    env = fast_create(Environment)
+    roles = %w(foo bar profile_foo profile_bar).map{ |r| Role.create!(:name => r, :environment_id => env.id, :permissions => ["some"]) }
+    Role.create! :name => 'test', :environment_id => env.id + 1
+    assert_equal roles, Profile::Roles.all_roles(env.id)
+  end
+
+  should 'define method for role' do
+    env = fast_create(Environment)
+    r = Role.create! :name => 'Test Role', :environment_id => env.id
+    assert_equal r, Profile::Roles.test_role(env.id)
+    assert_raise NoMethodError do
+      Profile::Roles.invalid_role(env.id)
+    end
+  end
+
   private
 
   def assert_invalid_identifier(id)
diff --git a/vendor/plugins/access_control/lib/role.rb b/vendor/plugins/access_control/lib/role.rb
index b3b9a52..5f114a0 100644
--- a/vendor/plugins/access_control/lib/role.rb
+++ b/vendor/plugins/access_control/lib/role.rb
@@ -6,6 +6,7 @@ class Role < ActiveRecord::Base
   validates_presence_of :name
   validates_uniqueness_of :name, :scope => :environment_id
   validates_uniqueness_of :key, :if => lambda { |role| !role.key.blank? }, :scope => :environment_id
+  before_validation_on_create :create_key
 
   def initialize(*args)
     super(*args)
@@ -54,4 +55,9 @@ class Role < ActiveRecord::Base
   def perms
     ActiveRecord::Base::PERMISSIONS
   end
+
+  private
+  def create_key
+    self.key = 'profile_' + self.name.gsub(' ', '_').gsub(/[^a-zA-Z0-9_]/, '').downcase if self.key.blank? && !self.name.blank?
+  end
 end
diff --git a/vendor/plugins/access_control/test/role_test.rb b/vendor/plugins/access_control/test/role_test.rb
index a515467..e93803c 100644
--- a/vendor/plugins/access_control/test/role_test.rb
+++ b/vendor/plugins/access_control/test/role_test.rb
@@ -107,4 +107,14 @@ class RoleTest < Test::Unit::TestCase
     assert !RoleAssignment.exists?(ra.id)
   end
 
+  def test_should_define_key_for_role_if_key_not_present
+    r = Role.create! :name => 'Test Role'
+    assert_equal 'profile_test_role', r.key
+  end
+
+  def test_should_not_define_key_for_role_if_key_present
+    r = Role.create! :name => 'Test Role', :key => 'foo'
+    assert_equal 'foo', r.key
+  end
+
 end
--
libgit2 0.21.2