diff --git a/internal_lib/permission_parser.py b/internal_lib/permission_parser.py
new file mode 100644
index 0000000..1406f2a
--- /dev/null
+++ b/internal_lib/permission_parser.py
@@ -0,0 +1,60 @@
+def parse_permission(string):
+    """
+    Parsing permission string
+    permission_type{read,delete,write,update,*(for all permissions)}::module_name{module name or for all modules *}::union_id{for all companies *}/item_id{for all items *}
+    example string:
+    read::collectors::union1id/* ->read union1 all collectors
+    read::collectors::union1id/collector1 ->read union1 collector1
+    *::users::union2/* -> read, write, update, delete all users for union2
+    *::users::union2/user1 -> read, write, update, delete for users1 in union2
+    *::*::union2/* -> all permissions for union2
+    *::*::*/* -> all permissions like a admin
+    :param string:
+    :return: dict
+    """
+    permission_type, module, extras = string.split("::")
+    union_id, item_id = extras.split('/')
+    read = False
+    write = False
+    update = False
+    delete = False
+    if permission_type == '*':
+        read = True
+        write = True
+        update = True
+        delete = True
+    if permission_type == 'read':
+        read = True
+    if permission_type == 'write':
+        write = True
+    if permission_type == 'update':
+        update = True
+    if permission_type == 'delete':
+        delete = True
+
+    return {
+        "delete":delete,
+        "write":write,
+        "read":read,
+        "update":update,
+        "module":module,
+        "union":union_id,
+        "item_id":item_id
+    }
+
+
+def control_permission(group, module, perm_type, itemid, unionid):
+    for right_string in group.rights:
+        right = parse_permission(right_string.strip())
+        print(right, right_string, group, perm_type)
+        if right.get('module') in ["*", module]:
+            return True
+        elif right.get('union') in ['*', unionid]:
+            return True
+        elif right.get(perm_type):
+            return True
+        elif right.get('item_id') in ['*',itemid]:
+            return True
+        elif right.get('module') in ["*",module] and right.get('union') in ['*', unionid] and right.get(perm_type) and right.get('item_id') in ['*',itemid]:
+            return True
+    return False
diff --git a/models/Group.py b/models/Group.py
index 44ca034..7c2772d 100644
--- a/models/Group.py
+++ b/models/Group.py
@@ -6,7 +6,7 @@ from models.Union import Union
 class Group(Document):
     union = ReferenceField(Union)
     name = StringField()
-    rights = StringField()
+    rights = ListField(StringField())
 
 
 class PaymentGroup(Document):
diff --git a/requirements.txt b/requirements.txt
index 6f8d06d..14f476c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,5 @@
 mongoengine
 flask-mongoengine
 flask
-pycryptodome
\ No newline at end of file
+pycryptodome
+flask_jwt_extended
\ No newline at end of file