diff --git a/cmd/dashboard/controller/user.go b/cmd/dashboard/controller/user.go
index 95d0ccd..b082eaa 100644
--- a/cmd/dashboard/controller/user.go
+++ b/cmd/dashboard/controller/user.go
@@ -112,10 +112,13 @@ func createUser(c *gin.Context) (uint64, error) {
 	if uf.Username == "" {
 		return 0, singleton.Localizer.ErrorT("username can't be empty")
 	}
+	if uf.Role != model.RoleAdmin && uf.Role != model.RoleMember {
+		return 0, singleton.Localizer.ErrorT("invalid role")
+	}
 
 	var u model.User
 	u.Username = uf.Username
-	u.Role = model.RoleMember
+	u.Role = uf.Role
 
 	hash, err := bcrypt.GenerateFromPassword([]byte(uf.Password), bcrypt.DefaultCost)
 	if err != nil {
diff --git a/model/user_api.go b/model/user_api.go
index c8df8a3..62219b5 100644
--- a/model/user_api.go
+++ b/model/user_api.go
@@ -1,6 +1,7 @@
 package model
 
 type UserForm struct {
+	Role     uint8  `json:"role,omitempty"`
 	Username string `json:"username,omitempty"`
 	Password string `json:"password,omitempty" gorm:"type:char(72)"`
 }