diff --git a/auth/authenticate.py b/auth/authenticate.py
index 99d0c4d4..c827dec6 100644
--- a/auth/authenticate.py
+++ b/auth/authenticate.py
@@ -41,6 +41,7 @@ class JWTAuthenticate(AuthenticationBackend):
                         user = (
                             session.query(User).options(
                                 joinedload(User.roles),
+                                joinedload(Role.permissions),
                                 joinedload(User.ratings)
                             ).filter(
                                 User.id == id
@@ -52,7 +53,7 @@ class JWTAuthenticate(AuthenticationBackend):
                 if not user:
                     return AuthCredentials(scopes=[]), AuthUser(user_id=None)
 
-                scopes = user.get_permission()
+                scopes = []  # user.get_permission()
 
                 return (
                     AuthCredentials(
diff --git a/resolvers/zine/profile.py b/resolvers/zine/profile.py
index fc947d02..3f9fb526 100644
--- a/resolvers/zine/profile.py
+++ b/resolvers/zine/profile.py
@@ -157,7 +157,7 @@ async def get_user_roles(slug):
             .all()
         )
 
-    return roles
+    return []  # roles
 
 
 @mutation.field("updateProfile")