diff --git a/api/system/spec.json b/api/system/spec.json
index 8be06f1b0..e4ec148ce 100644
--- a/api/system/spec.json
+++ b/api/system/spec.json
@@ -565,7 +565,7 @@
   {
     "title": "Permissions",
     "parameters": {},
-    "entrypoint": "permissions",
+    "entrypoint": "permission",
     "path": "/permissions",
     "authentication": [
       "Client ID",
diff --git a/api/system/spec/permissions.json b/api/system/spec/permission.json
similarity index 98%
rename from api/system/spec/permissions.json
rename to api/system/spec/permission.json
index e1c1b9d72..cf88ac968 100644
--- a/api/system/spec/permissions.json
+++ b/api/system/spec/permission.json
@@ -1,6 +1,6 @@
 {
   "Title": "Permissions",
-  "Interface": "Permissions",
+  "Interface": "Permission",
   "Struct": [
     {
       "imports": [
diff --git a/system/rest/handlers/permissions.go b/system/rest/handlers/permission.go
similarity index 71%
rename from system/rest/handlers/permissions.go
rename to system/rest/handlers/permission.go
index 3d87c2622..bd1fdb14f 100644
--- a/system/rest/handlers/permissions.go
+++ b/system/rest/handlers/permission.go
@@ -10,8 +10,8 @@ package handlers
 	1. run [spec](https://github.com/titpetric/spec) in the same folder,
 	2. run `./_gen.php` in this folder.
 
-	You may edit `permissions.go`, `permissions.util.go` or `permissions_test.go` to
-	implement your API calls, helper functions and tests. The file `permissions.go`
+	You may edit `permission.go`, `permission.util.go` or `permission_test.go` to
+	implement your API calls, helper functions and tests. The file `permission.go`
 	is only generated the first time, and will not be overwritten if it exists.
 */
 
@@ -26,38 +26,38 @@ import (
 )
 
 // Internal API interface
-type PermissionsAPI interface {
-	Get(context.Context, *request.PermissionsGet) (interface{}, error)
-	Delete(context.Context, *request.PermissionsDelete) (interface{}, error)
-	Update(context.Context, *request.PermissionsUpdate) (interface{}, error)
+type PermissionAPI interface {
+	Get(context.Context, *request.PermissionGet) (interface{}, error)
+	Delete(context.Context, *request.PermissionDelete) (interface{}, error)
+	Update(context.Context, *request.PermissionUpdate) (interface{}, error)
 }
 
 // HTTP API interface
-type Permissions struct {
+type Permission struct {
 	Get    func(http.ResponseWriter, *http.Request)
 	Delete func(http.ResponseWriter, *http.Request)
 	Update func(http.ResponseWriter, *http.Request)
 }
 
-func NewPermissions(ph PermissionsAPI) *Permissions {
-	return &Permissions{
+func NewPermission(ph PermissionAPI) *Permission {
+	return &Permission{
 		Get: func(w http.ResponseWriter, r *http.Request) {
 			defer r.Body.Close()
-			params := request.NewPermissionsGet()
+			params := request.NewPermissionGet()
 			resputil.JSON(w, params.Fill(r), func() (interface{}, error) {
 				return ph.Get(r.Context(), params)
 			})
 		},
 		Delete: func(w http.ResponseWriter, r *http.Request) {
 			defer r.Body.Close()
-			params := request.NewPermissionsDelete()
+			params := request.NewPermissionDelete()
 			resputil.JSON(w, params.Fill(r), func() (interface{}, error) {
 				return ph.Delete(r.Context(), params)
 			})
 		},
 		Update: func(w http.ResponseWriter, r *http.Request) {
 			defer r.Body.Close()
-			params := request.NewPermissionsUpdate()
+			params := request.NewPermissionUpdate()
 			resputil.JSON(w, params.Fill(r), func() (interface{}, error) {
 				return ph.Update(r.Context(), params)
 			})
@@ -65,7 +65,7 @@ func NewPermissions(ph PermissionsAPI) *Permissions {
 	}
 }
 
-func (ph *Permissions) MountRoutes(r chi.Router, middlewares ...func(http.Handler) http.Handler) {
+func (ph *Permission) MountRoutes(r chi.Router, middlewares ...func(http.Handler) http.Handler) {
 	r.Group(func(r chi.Router) {
 		r.Use(middlewares...)
 		r.Route("/permissions", func(r chi.Router) {
diff --git a/system/rest/permission.go b/system/rest/permission.go
new file mode 100644
index 000000000..e81cac387
--- /dev/null
+++ b/system/rest/permission.go
@@ -0,0 +1,38 @@
+package rest
+
+import (
+	"context"
+
+	"github.com/pkg/errors"
+
+	"github.com/crusttech/crust/system/rest/request"
+	"github.com/crusttech/crust/system/service"
+)
+
+var _ = errors.Wrap
+
+type (
+	Permission struct {
+		svc struct {
+			perm service.PermissionService
+		}
+	}
+)
+
+func (Permission) New() *Permission {
+	ctrl := &Permission{}
+	ctrl.svc.perm = service.DefaultPermission
+	return ctrl
+}
+
+func (ctrl *Permission) Get(ctx context.Context, r *request.PermissionGet) (interface{}, error) {
+	return ctrl.svc.perm.Get(r.RoleID)
+}
+
+func (ctrl *Permission) Delete(ctx context.Context, r *request.PermissionDelete) (interface{}, error) {
+	return ctrl.svc.perm.Delete(r.RoleID)
+}
+
+func (ctrl *Permission) Update(ctx context.Context, r *request.PermissionUpdate) (interface{}, error) {
+	return ctrl.svc.perm.Update(r.RoleID, r.Permissions)
+}
diff --git a/system/rest/permissions.go b/system/rest/permissions.go
deleted file mode 100644
index 3badf0227..000000000
--- a/system/rest/permissions.go
+++ /dev/null
@@ -1,36 +0,0 @@
-package rest
-
-import (
-	"context"
-
-	"github.com/pkg/errors"
-
-	"github.com/crusttech/crust/system/rest/request"
-	"github.com/crusttech/crust/system/service"
-)
-
-var _ = errors.Wrap
-
-type (
-	Permissions struct {
-		svc struct {
-			perm service.PermissionService
-		}
-	}
-)
-
-func (Permissions) New() *Permissions {
-	return &Permissions{}
-}
-
-func (ctrl *Permissions) Get(ctx context.Context, r *request.PermissionsGet) (interface{}, error) {
-	return ctrl.svc.perm.Get(r.RoleID)
-}
-
-func (ctrl *Permissions) Delete(ctx context.Context, r *request.PermissionsDelete) (interface{}, error) {
-	return ctrl.svc.perm.Delete(r.RoleID)
-}
-
-func (ctrl *Permissions) Update(ctx context.Context, r *request.PermissionsUpdate) (interface{}, error) {
-	return ctrl.svc.perm.Update(r.RoleID, r.Permissions)
-}
diff --git a/system/rest/request/permissions.go b/system/rest/request/permission.go
similarity index 76%
rename from system/rest/request/permissions.go
rename to system/rest/request/permission.go
index 1cbc94013..36aade1c4 100644
--- a/system/rest/request/permissions.go
+++ b/system/rest/request/permission.go
@@ -10,8 +10,8 @@ package request
 	1. run [spec](https://github.com/titpetric/spec) in the same folder,
 	2. run `./_gen.php` in this folder.
 
-	You may edit `permissions.go`, `permissions.util.go` or `permissions_test.go` to
-	implement your API calls, helper functions and tests. The file `permissions.go`
+	You may edit `permission.go`, `permission.util.go` or `permission_test.go` to
+	implement your API calls, helper functions and tests. The file `permission.go`
 	is only generated the first time, and will not be overwritten if it exists.
 */
 
@@ -31,16 +31,16 @@ import (
 var _ = chi.URLParam
 var _ = multipart.FileHeader{}
 
-// Permissions get request parameters
-type PermissionsGet struct {
+// Permission get request parameters
+type PermissionGet struct {
 	RoleID uint64 `json:",string"`
 }
 
-func NewPermissionsGet() *PermissionsGet {
-	return &PermissionsGet{}
+func NewPermissionGet() *PermissionGet {
+	return &PermissionGet{}
 }
 
-func (pe *PermissionsGet) Fill(r *http.Request) (err error) {
+func (pe *PermissionGet) Fill(r *http.Request) (err error) {
 	if strings.ToLower(r.Header.Get("content-type")) == "application/json" {
 		err = json.NewDecoder(r.Body).Decode(pe)
 
@@ -72,18 +72,18 @@ func (pe *PermissionsGet) Fill(r *http.Request) (err error) {
 	return err
 }
 
-var _ RequestFiller = NewPermissionsGet()
+var _ RequestFiller = NewPermissionGet()
 
-// Permissions delete request parameters
-type PermissionsDelete struct {
+// Permission delete request parameters
+type PermissionDelete struct {
 	RoleID uint64 `json:",string"`
 }
 
-func NewPermissionsDelete() *PermissionsDelete {
-	return &PermissionsDelete{}
+func NewPermissionDelete() *PermissionDelete {
+	return &PermissionDelete{}
 }
 
-func (pe *PermissionsDelete) Fill(r *http.Request) (err error) {
+func (pe *PermissionDelete) Fill(r *http.Request) (err error) {
 	if strings.ToLower(r.Header.Get("content-type")) == "application/json" {
 		err = json.NewDecoder(r.Body).Decode(pe)
 
@@ -115,19 +115,19 @@ func (pe *PermissionsDelete) Fill(r *http.Request) (err error) {
 	return err
 }
 
-var _ RequestFiller = NewPermissionsDelete()
+var _ RequestFiller = NewPermissionDelete()
 
-// Permissions update request parameters
-type PermissionsUpdate struct {
+// Permission update request parameters
+type PermissionUpdate struct {
 	RoleID      uint64 `json:",string"`
 	Permissions []rules.Rule
 }
 
-func NewPermissionsUpdate() *PermissionsUpdate {
-	return &PermissionsUpdate{}
+func NewPermissionUpdate() *PermissionUpdate {
+	return &PermissionUpdate{}
 }
 
-func (pe *PermissionsUpdate) Fill(r *http.Request) (err error) {
+func (pe *PermissionUpdate) Fill(r *http.Request) (err error) {
 	if strings.ToLower(r.Header.Get("content-type")) == "application/json" {
 		err = json.NewDecoder(r.Body).Decode(pe)
 
@@ -159,4 +159,4 @@ func (pe *PermissionsUpdate) Fill(r *http.Request) (err error) {
 	return err
 }
 
-var _ RequestFiller = NewPermissionsUpdate()
+var _ RequestFiller = NewPermissionUpdate()
diff --git a/system/rest/router.go b/system/rest/router.go
index d8529ebb3..6291b323c 100644
--- a/system/rest/router.go
+++ b/system/rest/router.go
@@ -49,7 +49,7 @@ func MountRoutes(oidcConfig *config.OIDC, socialConfig *config.Social, jwtEncode
 			handlers.NewUser(User{}.New()).MountRoutes(r)
 			handlers.NewRole(Role{}.New()).MountRoutes(r)
 			handlers.NewOrganisation(Organisation{}.New()).MountRoutes(r)
-			handlers.NewPermissions(Permissions{}.New()).MountRoutes(r)
+			handlers.NewPermission(Permission{}.New()).MountRoutes(r)
 		})
 	}
 }