diff --git a/.github/workflows/on-push-pr.action.yml b/.github/workflows/on-push-pr.action.yml
index 8684ae5a..d8e43c1f 100644
--- a/.github/workflows/on-push-pr.action.yml
+++ b/.github/workflows/on-push-pr.action.yml
@@ -17,12 +17,9 @@ jobs:
   vulnerabilities-scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-        name: Checkout repository
-      - uses: debricked/actions/scan@v1
-        name: Run a vulnerability scan
+      - uses: actions/checkout@v4
+      - uses: debricked/actions@v4
         env:
-          # Token must have API access scope to run scans
           DEBRICKED_TOKEN: ${{ secrets.DEBRICKED_TOKEN }}
   code-build:
     runs-on: ubuntu-latest
diff --git a/src/app/admin/permission/permission.service.ts b/src/app/admin/permission/permission.service.ts
index 83bc2040..04365bc2 100644
--- a/src/app/admin/permission/permission.service.ts
+++ b/src/app/admin/permission/permission.service.ts
@@ -51,7 +51,8 @@ export class PermissionService {
     orderByColumn?: string,
     orderByDirection?: string,
     userId?: number,
-    organisationId?: number
+    organisationId?: number,
+    ignoreGlobalAdmin?: boolean
   ): Observable<PermissionGetManyResponse> {
     if (userId || organisationId) {
       return this.restService.get(this.endpoint, {
@@ -61,6 +62,7 @@ export class PermissionService {
         sort: orderByDirection,
         userId: userId,
         organisationId: organisationId,
+        ignoreGlobalAdmin: ignoreGlobalAdmin,
       });
     } else {
       return this.restService.get(this.endpoint, {
@@ -68,10 +70,20 @@ export class PermissionService {
         offset: offset,
         orderOn: orderByColumn,
         sort: orderByDirection,
+        ignoreGlobalAdmin: ignoreGlobalAdmin,
       });
     }
   }
 
+  getPermissionsWithoutUsers(userId?: number): Observable<PermissionGetManyResponse> {
+    return this.restService.get(this.endpoint + "/getAllPermissionsWithoutUsers", {
+      limit: 1000,
+      offset: 0,
+      userId: userId ?? undefined,
+      ignoreGlobalAdmin: true,
+    });
+  }
+
   deletePermission(id: number) {
     return this.restService.delete(this.endpoint, id);
   }
diff --git a/src/app/admin/users/user-edit/user-edit.component.html b/src/app/admin/users/user-edit/user-edit.component.html
index 0ee115ba..16979aaa 100644
--- a/src/app/admin/users/user-edit/user-edit.component.html
+++ b/src/app/admin/users/user-edit/user-edit.component.html
@@ -77,6 +77,25 @@
       />
     </div>
   </div>
+
+  <div class="row mb-5">
+    <div class="form-group mt-3 col-12">
+      <label class="form-label" id="permissions" for="permissions">{{ "QUESTION.PERMISSION.SELECT-PERMISSION" | translate }}</label
+      >*
+      <mat-select
+        class="form-control"
+        name="permissions"
+        [compareWith]="compare"
+        [(ngModel)]="user.permissionIds"
+        [multiple]="true"
+      >
+        <mat-option *ngFor="let permission of permissions" [value]="permission.id">
+          {{ permission.name }}
+        </mat-option>
+      </mat-select>
+    </div>
+  </div>
+
   <div class="row mb-5">
     <mat-slide-toggle [(ngModel)]="user.active" id="active" name="active">
       {{ "USERS.FORM.ACTIVE" | translate }}</mat-slide-toggle
diff --git a/src/app/admin/users/user-edit/user-edit.component.ts b/src/app/admin/users/user-edit/user-edit.component.ts
index 552df7b5..65a9d256 100644
--- a/src/app/admin/users/user-edit/user-edit.component.ts
+++ b/src/app/admin/users/user-edit/user-edit.component.ts
@@ -1,25 +1,27 @@
 import { HttpErrorResponse } from "@angular/common/http";
-import { Component, OnInit } from "@angular/core";
-import { UntypedFormGroup } from "@angular/forms";
+import { Component, OnDestroy, OnInit } from "@angular/core";
+import { UntypedFormControl, UntypedFormGroup } from "@angular/forms";
 import { ActivatedRoute } from "@angular/router";
 import { UserRequest } from "../user.model";
 import { TranslateService } from "@ngx-translate/core";
 import { UserService } from "../user.service";
-import { Subscription } from "rxjs";
+import { Subject, Subscription } from "rxjs";
 import { Location } from "@angular/common";
-import { PermissionType } from "@app/admin/permission/permission.model";
-import { AuthService, CurrentUserInfoResponse } from "@auth/auth.service";
-import { SharedVariableService } from "@shared/shared-variable/shared-variable.service";
+import { PermissionResponse, PermissionType } from "@app/admin/permission/permission.model";
 import { MeService } from "@shared/services/me.service";
 import { OrganizationAccessScope } from "@shared/enums/access-scopes";
+import { PermissionService } from "@app/admin/permission/permission.service";
+import { SharedVariableService } from "@shared/shared-variable/shared-variable.service";
 
 @Component({
   selector: "app-user-edit",
   templateUrl: "./user-edit.component.html",
   styleUrls: ["./user-edit.component.scss"],
 })
-export class UserEditComponent implements OnInit {
-  user = new UserRequest();
+export class UserEditComponent implements OnInit, OnDestroy {
+  public user = new UserRequest();
+  public permissions: PermissionResponse[];
+  public permissionsSubscription: Subscription;
   public errorMessage: string;
   public errorMessages: any;
   public errorFields: string[];
@@ -28,20 +30,22 @@ export class UserEditComponent implements OnInit {
   public backButtonTitle = "";
   public title = "";
   public submitButton = "";
-  id: number;
-  subscription: Subscription;
-  isGlobalAdmin = false;
-  isKombit: boolean;
-  canEdit: boolean;
+  public id: number;
+  public subscription: Subscription;
+  public isGlobalAdmin = false;
+  public isKombit: boolean;
+  public canEdit: boolean;
+  public permissionMultiCtrl: UntypedFormControl = new UntypedFormControl();
+  private _onDestroy = new Subject<void>();
 
   constructor(
     private translate: TranslateService,
     private route: ActivatedRoute,
     private userService: UserService,
     private location: Location,
-    private authService: AuthService,
-    private sharedVariableService: SharedVariableService,
-    private meService: MeService
+    private meService: MeService,
+    private permissionService: PermissionService,
+    private sharedVariableService: SharedVariableService
   ) {}
 
   ngOnInit(): void {
@@ -60,6 +64,7 @@ export class UserEditComponent implements OnInit {
     }
     this.amIGlobalAdmin();
     this.canEdit = this.meService.hasAccessToTargetOrganization(OrganizationAccessScope.UserAdministrationWrite);
+    this.getPermissions(this.sharedVariableService.getUserInfo().user.id);
   }
 
   private getUser(id: number) {
@@ -70,6 +75,8 @@ export class UserEditComponent implements OnInit {
       this.user.active = response.active;
       this.user.globalAdmin = response.permissions.some(perm => perm.name === PermissionType.GlobalAdmin);
       this.isKombit = response.nameId != null;
+      this.user.permissionIds = response.permissions.map(pm => pm.id);
+
       // We cannot set the password.
     });
   }
@@ -80,8 +87,7 @@ export class UserEditComponent implements OnInit {
 
   private create(): void {
     this.userService.post(this.user).subscribe(
-      response => {
-        console.log(response);
+      () => {
         this.routeBack();
       },
       (error: HttpErrorResponse) => {
@@ -132,4 +138,28 @@ export class UserEditComponent implements OnInit {
   routeBack(): void {
     this.location.back();
   }
+
+  public compare(matOptionValue: number, ngModelObject: number): boolean {
+    return matOptionValue === ngModelObject;
+  }
+
+  private getPermissions(userId: number) {
+    this.permissionsSubscription = this.permissionService
+      .getPermissionsWithoutUsers(this.meService.hasGlobalAdmin() ? undefined : userId)
+      .subscribe(res => {
+        this.permissions = res.data.sort((a, b) => a.name.localeCompare(b.name, "da-DK", { numeric: true }));
+        if (!this.id) {
+          this.permissionMultiCtrl.setValue(this.user.permissionIds);
+        }
+      });
+  }
+
+  ngOnDestroy() {
+    // prevent memory leak by unsubscribing
+    if (this.permissionsSubscription) {
+      this.permissionsSubscription.unsubscribe();
+    }
+    this._onDestroy.next();
+    this._onDestroy.complete();
+  }
 }
diff --git a/src/app/admin/users/user.model.ts b/src/app/admin/users/user.model.ts
index 95c39eaa..d2fb680e 100644
--- a/src/app/admin/users/user.model.ts
+++ b/src/app/admin/users/user.model.ts
@@ -9,6 +9,7 @@ export class UserRequest {
   active: boolean;
   globalAdmin: boolean;
   showWelcomeScreen: boolean;
+  permissionIds: number[]
 }
 
 export interface UserResponse {