diff --git a/apps/authentication/backend/models/permission/constants.py b/apps/authentication/backend/models/permission/constants.py
index 0499d50..e5765f9 100644
--- a/apps/authentication/backend/models/permission/constants.py
+++ b/apps/authentication/backend/models/permission/constants.py
@@ -12,7 +12,10 @@ class DefaultRole:
 
 # Default roles, which all tenants will have, cannot be modified.
 class DefaultRoleEnum(Enum):
-    ADMIN = DefaultRole("Administrator", "admin", "Have all permissions", 0)
+    ADMIN = DefaultRole("Admin", "admin", "Have all permissions", 1)
+    OPERATOR = DefaultRole("Operator", "operator", "System operator with deployment and management permissions", 10)
+    DEVELOPER = DefaultRole("Developer", "developer", "Developer with git and issue management access", 100)
+    QA = DefaultRole("QA", "qa", "Quality assurance with bug and testing permissions", 1000)
 
 
 @dataclass(frozen=True)  # frozen=True
@@ -24,9 +27,15 @@ class DefaultPermission:
 
 # Default permissions, which all tenants will have, cannot be modified.
 class DefaultPermissionEnum(Enum):
-    CHANGE_ROLES = DefaultPermission("change:roles", "Change roles", "Add/Update/Delete roles")
-    CHANGE_PERMISSIONS = DefaultPermission("change:permissions", "Change permissions", "Add/Update/Remove permissions")
-    ASSIGN_ROLES = DefaultPermission("assign:roles", "Assign roles", "Assign roles to user")
+    INVITE_COLLABORATOR = DefaultPermission("invite:collaborator", "Add/Remove participants", "Add/Remove participants")
+    PUBLISH_PRODUCTION = DefaultPermission("publish:production", "Deploy to production", "Deploy to production")
+    EDIT_PRODUCT = DefaultPermission("edit:product", "View product management UX", "View product management UX")
+    ACCESS_GIT_REPOSITORIES = DefaultPermission("access:git_repositories", "Access to git repositories", "Access to git repositories")
+    ACCESS_ISSUE_MANAGEMENT = DefaultPermission("access:issue_management", "Access to issue management", "Access to issue management")
+    PUBLISH_ALPHA = DefaultPermission("publish:alpha", "Access to alpha deployment", "Access to alpha deployment")
+    OPEN_BUGS = DefaultPermission("open:bugs", "Open/Close/Re-open bugs", "Open/Close/Re-open bugs")
+    QA_FAILED_PASSED = DefaultPermission("qa:failed_passed", "Update QA status - QA failed/passed", "Update QA status - QA failed/passed")
+    QA_TEST_REPORTS = DefaultPermission("qa:test_reports", "Update QA status - Test reports", "Update QA status - Test reports (Test coverage)")
 
 
 class AdministrativeRole(IntEnum):
diff --git a/apps/authentication/backend/models/permission/models.py b/apps/authentication/backend/models/permission/models.py
index 1197613..c7c3619 100644
--- a/apps/authentication/backend/models/permission/models.py
+++ b/apps/authentication/backend/models/permission/models.py
@@ -26,6 +26,7 @@ class RoleDoc(Document):
     role_description: Optional[str] = None
     permission_ids: list[str]
     role_level: int
+    revision_id: Optional[str] = None  # Revision ID for version control
     created_at: datetime = datetime.now()  # Creation timestamp, auto-generated
     updated_at: datetime = datetime.now()  # Last update timestamp, auto-updated
     is_default: bool = False
diff --git a/apps/authentication/webapi/providers/permission_initialize.py b/apps/authentication/webapi/providers/permission_initialize.py
index 7054360..b70b897 100644
--- a/apps/authentication/webapi/providers/permission_initialize.py
+++ b/apps/authentication/webapi/providers/permission_initialize.py
@@ -10,12 +10,9 @@ def register(app):
 
     @app.on_event("startup")
     async def init_admin_permission():
-        # Initialize permissions if not exist
-        default_permission_ids = []
-        for default_permission in \
-                [DefaultPermissionEnum.CHANGE_PERMISSIONS,
-                 DefaultPermissionEnum.CHANGE_ROLES,
-                 DefaultPermissionEnum.ASSIGN_ROLES]:
+        # Initialize all permissions if not exist
+        permission_id_map = {}
+        for default_permission in DefaultPermissionEnum:
             if not await PermissionDoc.find_one(
                     {str(PermissionDoc.permission_key): default_permission.value.permission_key}):
                 doc = await PermissionDoc(
@@ -24,17 +21,66 @@ def register(app):
                     description=default_permission.value.permission_description,
                     is_default=True,
                 ).insert()
-                default_permission_ids.append(str(doc.id))
-        logging.info(f"default permissions initialized {default_permission_ids}")
+                permission_id_map[default_permission.value.permission_key] = str(doc.id)
+            else:
+                # Get existing permission ID
+                existing_doc = await PermissionDoc.find_one(
+                    {str(PermissionDoc.permission_key): default_permission.value.permission_key})
+                permission_id_map[default_permission.value.permission_key] = str(existing_doc.id)
+        
+        logging.info(f"default permissions initialized {list(permission_id_map.keys())}")
+        
+        # Define role permission mappings based on the provided data
+        role_permission_mappings = {
+            DefaultRoleEnum.ADMIN: [
+                DefaultPermissionEnum.PUBLISH_ALPHA,
+                DefaultPermissionEnum.PUBLISH_PRODUCTION,
+                DefaultPermissionEnum.INVITE_COLLABORATOR,
+                DefaultPermissionEnum.EDIT_PRODUCT,
+                DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
+                DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
+                DefaultPermissionEnum.OPEN_BUGS,
+                DefaultPermissionEnum.QA_FAILED_PASSED,
+                DefaultPermissionEnum.QA_TEST_REPORTS
+            ],
+            DefaultRoleEnum.OPERATOR: [
+                DefaultPermissionEnum.PUBLISH_ALPHA,
+                DefaultPermissionEnum.PUBLISH_PRODUCTION,
+                DefaultPermissionEnum.EDIT_PRODUCT,
+                DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
+                DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
+                DefaultPermissionEnum.OPEN_BUGS,
+                DefaultPermissionEnum.QA_FAILED_PASSED,
+                DefaultPermissionEnum.QA_TEST_REPORTS,
+            ],
+            DefaultRoleEnum.DEVELOPER: [
+                DefaultPermissionEnum.ACCESS_GIT_REPOSITORIES,
+                DefaultPermissionEnum.ACCESS_ISSUE_MANAGEMENT,
+                DefaultPermissionEnum.PUBLISH_ALPHA,
+            ],
+            DefaultRoleEnum.QA: [
+                DefaultPermissionEnum.OPEN_BUGS,
+                DefaultPermissionEnum.QA_FAILED_PASSED,
+                DefaultPermissionEnum.QA_TEST_REPORTS,
+            ],
+        }
+        
         # Initialize roles if not exist
         default_role_ids = []
-        for default_role in [DefaultRoleEnum.ADMIN]:
+        for default_role in DefaultRoleEnum:
             if not await RoleDoc.find_one({str(RoleDoc.role_key): default_role.value.role_key}):
+                # Get permission IDs for this role
+                role_permission_ids = []
+                if default_role in role_permission_mappings:
+                    for permission in role_permission_mappings[default_role]:
+                        if permission.value.permission_key in permission_id_map:
+                            role_permission_ids.append(permission_id_map[permission.value.permission_key])
+                
                 doc = await RoleDoc(
                     role_key=default_role.value.role_key,
                     role_name=default_role.value.role_name,
                     role_description=default_role.value.role_description,
-                    permission_ids=default_permission_ids,
+                    permission_ids=role_permission_ids,
                     role_level=default_role.value.role_level,
                     is_default=True,
                 ).insert()