diff --git a/api/Program.cs b/api/Program.cs
index 6e4f8b7..2248a49 100644
--- a/api/Program.cs
+++ b/api/Program.cs
@@ -46,16 +46,13 @@ builder.Services.AddAuthentication(options => {
     };
 });
 
-// TODO: adding roles doesnt work atm because roles need to be seeded in the database first
-// maybe programamatically checking them at startup like if(roleManager_.FindAsync("Admin") == null { roleManager_.addAsync("Admin"); })
-// or something 
 builder.Services.AddAuthorization(options => {
-    options.AddPolicy("RequireAdmin", policy => {
-        policy.RequireRole("Admin", "Superuser");
-    });
-    options.AddPolicy("RequireSuperuser", policy => {
-        policy.RequireRole("Superuser");
-    });
+
+    options.AddPolicy("SensitiveDataRead", policy =>
+        policy.RequireRole("admin", "superuser"));
+    options.AddPolicy("SensitiveDataModify", policy =>
+        policy.RequireRole("superuser"));
+
 });
 
 // configuration for behind my nginx proxy
@@ -123,6 +120,18 @@ using (var scope = app.Services.CreateScope()) {
             Thread.Sleep(5000);
         }
     }
+
+    // TODO: abstract this away
+    // auto seed Identity roles
+    var roleManager = scope.ServiceProvider.GetRequiredService<RoleManager<IdentityRole>>();
+    string[] roles = { "guest", "user", "dev", "mod", "admin", "superuser", "role1", "role2" };
+    foreach(string role in roles) {
+        if(!await roleManager.RoleExistsAsync(role)) {
+            await roleManager.CreateAsync(new IdentityRole(role));
+        }
+    }
+
+
 }
 
 app.Run();
diff --git a/api/src/Controllers/AuthController.cs b/api/src/Controllers/AuthController.cs
index 2f9fe6c..bc84737 100644
--- a/api/src/Controllers/AuthController.cs
+++ b/api/src/Controllers/AuthController.cs
@@ -37,12 +37,13 @@ public class AuthController : ControllerBase {
         // assigning roles to user
         string role = "base";
         if(dto.UserName == "bard") {
-            role = "Superuser";
+            role = "superuser";
         } else if(dto.UserName.StartsWith("x")) {
-            role = "Admin";
+            role = "admin";
         } 
         await userManager_.AddToRoleAsync(user, role); // TODO: error check this
-        // await _userManager.RemoveFromRoleAsync(user, "Admin"); // remove role
+        // these are here just in case you need them
+        // await _userManager.RemoveFromRoleAsync(user, "admin"); // remove role
         // var roles = await _userManager.GetRolesAsync(user); // get list of roles for user
 
         return CreatedAtAction(
diff --git a/client/src/pages/UsersList.vue b/client/src/pages/UsersList.vue
index 3041bfc..4441ca6 100644
--- a/client/src/pages/UsersList.vue
+++ b/client/src/pages/UsersList.vue
@@ -3,14 +3,14 @@
 
 import { onMounted } from "vue"
 import { useRoute, useRouter } from "vue-router";
-import { useUsersStore } from "../stores/UsersStore.ts"
+import { useItemsStore } from "../stores/ItemsStore.ts"
 import * as authApi from "../api/AuthApi";
 
-const store = useUsersStore()
+const store = useItemsStore()
 const router = useRouter();
 
 onMounted(() => {
-  store.fetchUsers()
+  store.fetchItems()
 })
 
 function logout() {
@@ -22,13 +22,20 @@ function logout() {
 
 <template>
     <div>
-        <h1>Users</h1>
+        <h1>Items</h1>
+
+        <router-link to="/item/new">Create Item</router-link>
 
         <table>
-            <tr v-for="user in store.users" :key="user.id">
-                <td>{{ user.username }}</td>
+            <tr v-for="item in store.items" :key="item.id">
+                <td>{{ item.name }}</td>
                 <td>
-                    <button @click="store.removeUser(user.id)">Delete</button>
+
+                    <router-link :to="`/item/${item.id}`" custom v-slot="{ navigate }">
+                        <button @click="navigate" role="link">Edit</button>
+                    </router-link>
+
+                    <button @click="store.removeItem(item.id)">Delete</button>
                 </td>
             </tr>
         </table>