diff --git a/src/Controllers/Authorization/RolesController.cs b/src/Controllers/Authorization/RolesController.cs
new file mode 100644
index 00000000..bd6bf7e2
--- /dev/null
+++ b/src/Controllers/Authorization/RolesController.cs
@@ -0,0 +1,59 @@
+
+using Altinn.Platform.Authorization.Services.Interface;
+using Altinn.Platform.Storage.Helpers;
+using Authorization.Interface.Models;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+
+namespace Altinn.Platform.Authorization.Controllers
+{
+ ///
+ /// Contains all actions related to the roles model
+ ///
+ [Route("authorization/api/v1/roles")]
+ [ApiController]
+ public class RolesController : ControllerBase
+ {
+ private readonly IRoles _rolesWrapper;
+
+ ///
+ /// Initializes a new instance of the class
+ ///
+ public RolesController(IRoles rolesWrapper)
+ {
+ _rolesWrapper = rolesWrapper;
+ }
+
+ ///
+ /// Get the decision point roles for the loggedin user for a selected party
+ ///
+ /// the logged in user id
+ /// the partyid of the person/org the logged in user is representing
+ ///
+ [HttpGet]
+ [Authorize]
+ public async Task Get(int coveredByUserId, int offeredByPartyId)
+ {
+ int? authnUserId = User.GetUserIdAsInt();
+
+ if (coveredByUserId != authnUserId)
+ {
+ return Forbid();
+ }
+
+ if (coveredByUserId == 0 || offeredByPartyId == 0)
+ {
+ return BadRequest();
+ }
+
+ List roleList = await _rolesWrapper.GetDecisionPointRolesForUser(coveredByUserId, offeredByPartyId);
+
+ if (roleList == null || roleList.Count == 0)
+ {
+ return NotFound();
+ }
+
+ return Ok(roleList);
+ }
+ }
+}
\ No newline at end of file