diff --git a/app/models/user.rb b/app/models/user.rb
index acbe51c..a901a35 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -289,26 +289,26 @@
   modify_guidance         = Role.find_by(name: 'modify_guidance')
   change_org_details      = Role.find_by(name: 'change_org_detials')
   User.all.each do |user|
+    roles = []
     user.roles.each do |role|
       if role.blank?
       elsif role.name == 'admin'
+        logger.debug "we found an admin"
         #add admin roles
-        user.roles << add_orgs unless user.can_add_orgs?
-        user.roles << change_org_affiliation unless user.can_change_org?
-        user.roles << grant_api_to_orgs unless user.can_grant_api_to_orgs?
-        user.roles << grant_permissions unless user.can_grant_permissions?
-        role.delete
+        roles << add_orgs# unless user.can_add_orgs?
+        roles << change_org_affiliation# unless user.can_change_org?
+        roles << grant_api_to_orgs# unless user.can_grant_api_to_orgs?
+        roles << grant_permissions# unless user.can_grant_permissions?
       elsif role.name == 'org_admin'
+        logger.debug "we found an org-admin"
         #add org-admin roles
-        user.roles << grant_permissions unless user.can_grant_permissions?
-        user.roles << modify_templates unless user.can_modify_templates?
-        user.roles << modify_guidance unless user.can_modify_guidance?
-        user.roles << change_org_details unless user.can_modify_org_details?
-        role.delete
-      elsif role.name == 'user'
-        role.delete
+        roles << grant_permissions# unless user.can_grant_permissions?
+        roles << modify_templates# unless user.can_modify_templates?
+        roles << modify_guidance# unless user.can_modify_guidance?
+        roles << change_org_details# unless user.can_modify_org_details?
       end
     end
+    user.roles = roles
     user.save!
   end
 end