diff --git a/controller/controller.go b/controller/controller.go
index 5dc392461584f6b9e7b04f36d6b3407c896a46ae..4cb78c20be7ac1d1179b3c26b0b5fcda8631bfe9 100644
--- a/controller/controller.go
+++ b/controller/controller.go
@@ -164,7 +164,7 @@ func initialize() error {
 	c.networkElementWatcher = nucleus.NewNetworkElementWatcher(c.mneService, c.eventService)
 	c.networkElementWatcher.SubscribeToNetworkElements(nil)
 
-	if err := ensureDefaultRoleExists(); err != nil {
+	if err := ensureDefaultRolesExist(); err != nil {
 		return err
 	}
 
@@ -287,7 +287,21 @@ func createPrincipalNetworkDomain() error {
 	return nil
 }
 
-func ensureDefaultRoleExists() error {
+func ensureDefaultRolesExist() error {
+	err := ensureAdminRoleExists()
+	if err != nil {
+		return err
+	}
+
+	err = ensureGenericAppRoleExists()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func ensureAdminRoleExists() error {
 	defaultAdminRoleName := "admin"
 	adminRole, err := c.roleService.Get(store.Query{ID: uuid.Nil, Name: defaultAdminRoleName})
 	if err != nil {
@@ -347,6 +361,44 @@ func ensureDefaultRoleExists() error {
 	return nil
 }
 
+func ensureGenericAppRoleExists() error {
+	defaultAppRoleName := "app"
+	appRole, err := c.roleService.Get(store.Query{ID: uuid.Nil, Name: defaultAppRoleName})
+	if err != nil {
+		log.Info(err)
+	}
+
+	if appRole == nil {
+		err := c.roleService.Add(rbacImpl.NewRole(uuid.New(), defaultAppRoleName, "generic app role", []string{
+			"/gosdn.pnd.PndService/GetPnd",
+			"/gosdn.pnd.PndService/GetPndList",
+			"/gosdn.networkelement.NetworkElementService/Get",
+			"/gosdn.networkelement.NetworkElementService/GetFlattened",
+			"/gosdn.networkelement.NetworkElementService/GetAll",
+			"/gosdn.networkelement.NetworkElementService/GetAllFlattened",
+			"/gosdn.networkelement.NetworkElementService/GetPath",
+			"/gosdn.networkelement.NetworkElementService/GetIntendedPath",
+			"/gosdn.networkelement.NetworkElementService/GetChange",
+			"/gosdn.networkelement.NetworkElementService/GetChangeList",
+			"/gosdn.networkelement.NetworkElementService/AddList",
+			"/gosdn.networkelement.NetworkElementService/SetChangeList",
+			"/gosdn.networkelement.NetworkElementService/SetPathList",
+			"/gosdn.networkelement.NetworkElementService/DeviceSchema",
+			"/gosdn.networkelement.NetworkElementService/Delete",
+			"/gosdn.networkelement.NetworkElementService/SubscribePath",
+			"/gosdn.plugin_internal.PluginInternalService/AvailablePlugins",
+			"/gosdn.plugin_internal.PluginInternalService/GetPluginSchema",
+			"/gosdn.app.AppService/Register",
+			"/gosdn.app.AppService/Deregister",
+		}))
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func ensureDefaultUserExists() error {
 	defaultUserName := "admin"
 	adminUser, err := c.userService.Get(store.Query{ID: uuid.Nil, Name: defaultUserName})
diff --git a/integration-tests/application_tests/application_test.go b/integration-tests/application_tests/application_test.go
index 926f4d68c4b186a8779ef191905857cee27db957..d5b69ae226115918d54656fd38cf4a2de150386f 100644
--- a/integration-tests/application_tests/application_test.go
+++ b/integration-tests/application_tests/application_test.go
@@ -100,6 +100,7 @@ func TestMain(m *testing.M) {
 	// a user and role and update the user because of the login. After then only logins are done, no user and role creations.
 	// This means that this will block after trying once, because of the three attempts to read from eventChannels.
 
+	_ = <-application.addEventChannel
 	_ = <-application.addEventChannel
 	_ = <-application.addEventChannel
 	_ = <-application.updateEventChannel