diff --git a/.vscode/settings.json b/.vscode/settings.json
index 5bf56fa..87311dd 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -47,6 +47,7 @@
         "tablespaces",
         "tidscan",
         "timezonesets",
+        "usename",
         "walsender",
         "writethrough",
         "xacts",
diff --git a/doc/_index.html b/doc/_index.html
index 29a3698..b5002f7 100644
--- a/doc/_index.html
+++ b/doc/_index.html
@@ -144,6 +144,11 @@
       
             </li>
     
+            <li>
+      <span class='object_link'><a href="puppet_defined_types/postgresql_cd_3A_3Aserver_3A_3Aroles_3A_3Arole_df.html" title="puppet_defined_types::postgresql_cd::server::roles::role_df (puppet_defined_type)">postgresql_cd::server::roles::role_df</a></span>
+      
+            </li>
+    
       </ul>
     </ul>
   
diff --git a/doc/puppet_classes/postgresql_cd_3A_3Aparams.html b/doc/puppet_classes/postgresql_cd_3A_3Aparams.html
index 2479581..6913895 100644
--- a/doc/puppet_classes/postgresql_cd_3A_3Aparams.html
+++ b/doc/puppet_classes/postgresql_cd_3A_3Aparams.html
@@ -378,6 +378,24 @@
         &mdash;
         <div class='inline'>
 <p>the name of the CA crt</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>pl_manage_roles</span>
+      
+      
+        <span class='type'>(<tt>Boolean</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>true</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>Whether to manage roles</p>
 </div>
       
     </li>
@@ -393,7 +411,6 @@
         <pre class="lines">
 
 
-23
 24
 25
 26
@@ -436,10 +453,12 @@
 63
 64
 65
-66</pre>
+66
+67
+68</pre>
       </td>
       <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 23</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 24</span>
 
 class postgresql_cd::params (
 
@@ -464,6 +483,7 @@ class postgresql_cd::params (
   String $pl_server_crt           = &#39;server.crt&#39;,
   String $pl_server_key           = &#39;server.key&#39;,
   String $pl_ca_crt               = &#39;root.crt&#39;,
+  Boolean $pl_manage_roles        = true,
 
 ) {
   $fqdn                     = $facts[&#39;networking&#39;][&#39;fqdn&#39;]
diff --git a/doc/puppet_defined_type_list.html b/doc/puppet_defined_type_list.html
index 027e4eb..b8f2071 100644
--- a/doc/puppet_defined_type_list.html
+++ b/doc/puppet_defined_type_list.html
@@ -47,6 +47,13 @@
     </li>
     
 
+    <li id="object_puppet_defined_types::postgresql_cd::server::roles::role_df" class="even">
+      <div class="item">
+        <span class='object_link'><a href="puppet_defined_types/postgresql_cd_3A_3Aserver_3A_3Aroles_3A_3Arole_df.html" title="puppet_defined_types::postgresql_cd::server::roles::role_df (puppet_defined_type)">postgresql_cd::server::roles::role_df</a></span>
+      </div>
+    </li>
+    
+
 
       </ul>
     </div>
diff --git a/doc/puppet_defined_types/postgresql_cd_3A_3Aserver_3A_3Aroles_3A_3Arole_df.html b/doc/puppet_defined_types/postgresql_cd_3A_3Aserver_3A_3Aroles_3A_3Arole_df.html
new file mode 100644
index 0000000..72cf6be
--- /dev/null
+++ b/doc/puppet_defined_types/postgresql_cd_3A_3Aserver_3A_3Aroles_3A_3Arole_df.html
@@ -0,0 +1,238 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>
+  Defined Type: postgresql_cd::server::roles::role_df
+  
+    &mdash; Documentation by YARD 0.9.36
+  
+</title>
+
+  <link rel="stylesheet" href="../css/style.css" type="text/css" />
+
+  <link rel="stylesheet" href="../css/common.css" type="text/css" />
+
+<script type="text/javascript">
+  pathId = "puppet_defined_types::postgresql_cd::server::roles::role_df";
+  relpath = '../';
+</script>
+
+
+  <script type="text/javascript" charset="utf-8" src="../js/jquery.js"></script>
+
+  <script type="text/javascript" charset="utf-8" src="../js/app.js"></script>
+
+
+  </head>
+  <body>
+    <div class="nav_wrap">
+      <iframe id="nav" src="../puppet_defined_type_list.html?1"></iframe>
+      <div id="resizer"></div>
+    </div>
+
+    <div id="main" tabindex="-1">
+      <div id="header">
+        <div id="menu">
+  
+    <a href="../_index.html">Index (p)</a> &raquo;
+    <span class='title'><span class='object_link'>Defined Types</span></span>
+     &raquo; 
+    <span class="title">postgresql_cd::server::roles::role_df</span>
+  
+</div>
+
+        <div id="search">
+  
+    <a class="full_list_link" id="puppet_class_list_link"
+        href="../puppet_class_list.html">
+
+        <svg width="24" height="24">
+          <rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
+        </svg>
+    </a>
+  
+</div>
+        <div class="clear"></div>
+      </div>
+
+      <div id="content"><h1>Defined Type: postgresql_cd::server::roles::role_df</h1>
+<div class="box_info">
+  <dl>
+    <dt>Defined in:</dt>
+    <dd>
+      manifests/server/roles/role_df.pp
+    </dd>
+  </dl>
+</div>
+
+  <h2>Summary</h2>
+  define manages databases
+
+<h2>Overview</h2>
+<div class="docstring">
+  <div class="discussion">
+    
+  </div>
+</div>
+
+
+
+<div class="tags">
+  <p class="tag_title">Parameters:</p>
+<ul class="param">
+  
+    <li>
+      
+        <span class='name'>pl_role_name</span>
+      
+      
+        <span class='type'>(<tt>Optional[String]</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>undef</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>the name of the role to be created.</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>pl_role_pw</span>
+      
+      
+        <span class='type'>(<tt>Optional[String]</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>undef</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>the password to be created</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>pl_role_attributes</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;LOGIN&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>attributes for the role to be created</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>pl_role_status</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;CREATE ROLE&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>what to do with the role</p>
+</div>
+      
+    </li>
+  
+</ul>
+
+
+
+  <p class="tag_title">See Also:</p>
+  <ul class="see">
+    
+      <li><a href="https://www.postgresql.org/docs/9.6/static/managing-databases.html" target="_parent" title="https://www.postgresql.org/docs/9.6/static/managing-databases.html">https://www.postgresql.org/docs/9.6/static/managing-databases.html</a></li>
+    
+  </ul>
+
+</div><div class="method_details_list">
+  <table class="source_code">
+    <tr>
+      <td>
+        <pre class="lines">
+
+
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33</pre>
+      </td>
+      <td>
+        <pre class="code"><span class="info file"># File 'manifests/server/roles/role_df.pp', line 12</span>
+
+define postgresql_cd::server::roles::role_df (
+
+  Optional[String] $pl_role_name      = undef,
+  Optional[String] $pl_role_pw        = undef,
+  String $pl_role_attributes          = &#39;LOGIN&#39;,
+  String $pl_role_status              = &#39;CREATE ROLE&#39;,
+
+) {
+  $pl_manage_roles  = $postgresql_cd::params::pl_manage_roles
+
+  if $pl_manage_roles == true {
+    # create the role
+
+    exec { &quot;role_${name}&quot;:
+      command =&gt; template(&#39;postgresql_cd/server/roles/role.sql.erb&#39;),
+      user    =&gt; &#39;postgres&#39;,
+      path    =&gt; [&#39;/usr/bin&#39;,&#39;/bin&#39;],
+      cwd     =&gt; &#39;/tmp&#39;,
+      unless  =&gt; template(&#39;postgresql_cd/server/roles/unless_sql.erb&#39;),
+    }
+  }
+}</pre>
+      </td>
+    </tr>
+  </table>
+</div>
+</div>
+
+      <div id="footer">
+     Generated by <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>.
+</div>
+
+    </div>
+  </body>
+</html>
\ No newline at end of file
diff --git a/manifests/params.pp b/manifests/params.pp
index 5177ffc..724ede5 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -18,6 +18,7 @@
 # @param [String] pl_server_crt the name of the server cert
 # @param [String] pl_server_key the name of the server key
 # @param [String] pl_ca_crt the name of the CA  crt
+# @param [Boolean] pl_manage_roles Whether to manage roles
 # @summary Class contains all parameters for the postgresql_cd module.
 ##############################################################################
 class postgresql_cd::params (
@@ -43,6 +44,7 @@ class postgresql_cd::params (
   String $pl_server_crt           = 'server.crt',
   String $pl_server_key           = 'server.key',
   String $pl_ca_crt               = 'root.crt',
+  Boolean $pl_manage_roles        = true,
 
 ) {
   $fqdn                     = $facts['networking']['fqdn']
diff --git a/manifests/server/roles/role_df.pp b/manifests/server/roles/role_df.pp
new file mode 100644
index 0000000..9bca733
--- /dev/null
+++ b/manifests/server/roles/role_df.pp
@@ -0,0 +1,33 @@
+## postgresql_cd::server::roles::role_df
+# Module name: postgresql_cd
+# Author: Arne Teuke (arne_teuke@confdroid.com)
+
+# @summary define manages databases
+# @see https://www.postgresql.org/docs/9.6/static/managing-databases.html
+# @param [string] pl_role_name the name of the role to be created.
+# @param [string] pl_role_pw the password to be created
+# @param [string] pl_role_attributes  attributes for the role to be created
+# @param [string] pl_role_status what to do with the role
+##############################################################################
+define postgresql_cd::server::roles::role_df (
+
+  Optional[String] $pl_role_name      = undef,
+  Optional[String] $pl_role_pw        = undef,
+  String $pl_role_attributes          = 'LOGIN',
+  String $pl_role_status              = 'CREATE ROLE',
+
+) {
+  $pl_manage_roles  = $postgresql_cd::params::pl_manage_roles
+
+  if $pl_manage_roles == true {
+    # create the role
+
+    exec { "role_${name}":
+      command => template('postgresql_cd/server/roles/role.sql.erb'),
+      user    => 'postgres',
+      path    => ['/usr/bin','/bin'],
+      cwd     => '/tmp',
+      unless  => template('postgresql_cd/server/roles/unless_sql.erb'),
+    }
+  }
+}
diff --git a/templates/server/roles/role.sql.erb b/templates/server/roles/role.sql.erb
new file mode 100644
index 0000000..4667473
--- /dev/null
+++ b/templates/server/roles/role.sql.erb
@@ -0,0 +1 @@
+psql -U postgres -c "<%= @pl_role_status %> <%= @pl_role_name %> WITH <%= @pl_role_attributes %>  PASSWORD '<%= @pl_role_pw %>'"
diff --git a/templates/server/roles/unless_sql.erb b/templates/server/roles/unless_sql.erb
new file mode 100644
index 0000000..e288881
--- /dev/null
+++ b/templates/server/roles/unless_sql.erb
@@ -0,0 +1 @@
+psql -U postgres -c  "SELECT usename FROM pg_user WHERE usename='<%= @pl_role_name %>' " | grep -o 1