diff --git a/app/models/user.rb b/app/models/user.rb
index a901a35..b1190c4 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -289,26 +289,30 @@
   modify_guidance         = Role.find_by(name: 'modify_guidance')
   change_org_details      = Role.find_by(name: 'change_org_detials')
   User.all.each do |user|
-    roles = []
-    user.roles.each do |role|
+    roles = user.roles
+    #user.roles.delete_all
+    logger.debug "#{user.email}"
+    logger.debug "#{roles}"
+    roles.each do |role|
       if role.blank?
       elsif role.name == 'admin'
         logger.debug "we found an admin"
         #add admin roles
-        roles << add_orgs# unless user.can_add_orgs?
-        roles << change_org_affiliation# unless user.can_change_org?
-        roles << grant_api_to_orgs# unless user.can_grant_api_to_orgs?
-        roles << grant_permissions# unless user.can_grant_permissions?
+        user.roles << add_orgs# unless user.can_add_orgs?
+        user.roles << change_org_affiliation# unless user.can_change_org?
+        #user.roles << grant_api_to_orgs# unless user.can_grant_api_to_orgs?
+        user.roles << grant_permissions# unless user.can_grant_permissions?
+        logger.debug "#{roles}"
       elsif role.name == 'org_admin'
         logger.debug "we found an org-admin"
         #add org-admin roles
-        roles << grant_permissions# unless user.can_grant_permissions?
-        roles << modify_templates# unless user.can_modify_templates?
-        roles << modify_guidance# unless user.can_modify_guidance?
-        roles << change_org_details# unless user.can_modify_org_details?
+        user.roles << grant_permissions# unless user.can_grant_permissions?
+        user.roles << modify_templates# unless user.can_modify_templates?
+        user.roles << modify_guidance# unless user.can_modify_guidance?
+        user.roles << change_org_details# unless user.can_modify_org_details?
+        logger.debug "#{roles}"
       end
     end
-    user.roles = roles
     user.save!
   end
 end