diff --git a/onvif/services/devicemgmt.py b/onvif/services/devicemgmt.py
index 8a91175..fabec9d 100644
--- a/onvif/services/devicemgmt.py
+++ b/onvif/services/devicemgmt.py
@@ -104,6 +104,15 @@ def GetRemoteUser(self):
     def SetRemoteUser(self, RemoteUser=None):
         return self.operator.call("SetRemoteUser", RemoteUser=RemoteUser)
 
+    def GetUserRoles(self, UserRole=None):
+        return self.operator.call("GetUserRoles", UserRole=UserRole)
+
+    def SetUserRole(self, UserRole):
+        return self.operator.call("SetUserRole", UserRole=UserRole)
+
+    def DeleteUserRole(self, UserRole):
+        return self.operator.call("DeleteUserRole", UserRole=UserRole)
+
     def GetUsers(self):
         return self.operator.call("GetUsers")
 
diff --git a/onvif/wsdl/ver10/advancedsecurity/wsdl/advancedsecurity.wsdl b/onvif/wsdl/ver10/advancedsecurity/wsdl/advancedsecurity.wsdl
index a03000a..6d12711 100644
--- a/onvif/wsdl/ver10/advancedsecurity/wsdl/advancedsecurity.wsdl
+++ b/onvif/wsdl/ver10/advancedsecurity/wsdl/advancedsecurity.wsdl
@@ -750,7 +750,7 @@
 				</xs:attribute>
 				<xs:attribute name="KeyPairGeneration" type="tt:StringList">
 					<xs:annotation>
-						<xs:documentation>List of supported key algorithm like 'RSA' and 'ECC'. For a full list of definitions see tas:KeyAlgorithm.</xs:documentation>
+						<xs:documentation>List of supported key algorithm like 'RSA' and 'ECC'. For a full list of definitions see tas:KeyPairAlgorithm.</xs:documentation>
 					</xs:annotation>
 				</xs:attribute>
 				<xs:attribute name="RSAKeyLengths" type="tas:RSAKeyLengths">
diff --git a/onvif/wsdl/ver10/device/wsdl/devicemgmt.wsdl b/onvif/wsdl/ver10/device/wsdl/devicemgmt.wsdl
index 4f2904a..fc0ccfe 100644
--- a/onvif/wsdl/ver10/device/wsdl/devicemgmt.wsdl
+++ b/onvif/wsdl/ver10/device/wsdl/devicemgmt.wsdl
@@ -272,6 +272,11 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
                     				<xs:documentation>Supported hashing algorithms as part of HTTP and RTSP Digest authentication.Example: MD5,SHA-256</xs:documentation>
 					</xs:annotation>
 				</xs:attribute>
+				<xs:attribute name="MaxUserRoles" type="xs:int">
+					<xs:annotation>
+						<xs:documentation>Whenever set to an integer greater than zero, it signals that the device supports editable user roles. It indicates the maximum number of editable user roles.</xs:documentation>
+					</xs:annotation>
+				</xs:attribute>
 				<xs:anyAttribute processContents="lax"/>
 			</xs:complexType>
 			<!--===============================-->
@@ -979,6 +984,53 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 				</xs:complexType>
 			</xs:element>
 			<!--===============================-->
+			<xs:element name="GetUserRoles">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:element name="UserRole" type="xs:string" minOccurs="0" maxOccurs="1">
+						</xs:element>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="GetUserRolesResponse">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:element name="UserRole" type="tt:UserRole" minOccurs="0" maxOccurs="unbounded">
+						</xs:element>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<!--===============================-->
+			<xs:element name="SetUserRole">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:element name="UserRole" type="tt:UserRole" minOccurs="1" maxOccurs="1">
+						</xs:element>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="SetUserRoleResponse">
+				<xs:complexType>
+					<xs:sequence>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<!--===============================-->
+			<xs:element name="DeleteUserRole">
+				<xs:complexType>
+					<xs:sequence>
+						<xs:element name="UserRole" type="xs:string" minOccurs="1" maxOccurs="1">
+						</xs:element>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<xs:element name="DeleteUserRoleResponse">
+				<xs:complexType>
+					<xs:sequence>
+					</xs:sequence>
+				</xs:complexType>
+			</xs:element>
+			<!--===============================-->
 			<xs:element name="GetWsdlUrl">
 				<xs:complexType>
 					<xs:sequence>
@@ -2619,6 +2671,24 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 	<wsdl:message name="SetUserResponse">
 		<wsdl:part name="parameters" element="tds:SetUserResponse"/>
 	</wsdl:message>
+	<wsdl:message name="GetUserRolesRequest">
+		<wsdl:part name="parameters" element="tds:GetUserRoles"/>
+	</wsdl:message>
+	<wsdl:message name="GetUserRolesResponse">
+		<wsdl:part name="parameters" element="tds:GetUserRolesResponse"/>
+	</wsdl:message>
+	<wsdl:message name="SetUserRoleRequest">
+		<wsdl:part name="parameters" element="tds:SetUserRole"/>
+	</wsdl:message>
+	<wsdl:message name="SetUserRoleResponse">
+		<wsdl:part name="parameters" element="tds:SetUserRoleResponse"/>
+	</wsdl:message>
+	<wsdl:message name="DeleteUserRoleRequest">
+		<wsdl:part name="parameters" element="tds:DeleteUserRole"/>
+	</wsdl:message>
+	<wsdl:message name="DeleteUserRoleResponse">
+		<wsdl:part name="parameters" element="tds:DeleteUserRoleResponse"/>
+	</wsdl:message>
 	<wsdl:message name="GetWsdlUrlRequest">
 		<wsdl:part name="parameters" element="tds:GetWsdlUrl"/>
 	</wsdl:message>
@@ -3220,6 +3290,24 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 			<wsdl:input message="tds:GetEndpointReferenceRequest"/>
 			<wsdl:output message="tds:GetEndpointReferenceResponse"/>
 		</wsdl:operation>
+		<wsdl:operation name="GetUserRoles">
+			<wsdl:documentation>This operation returns the editable user levels configured in the device. Whenever an editable
+				user level is passed in the request, information only about that level is returned.</wsdl:documentation>
+			<wsdl:input message="tds:GetUserRolesRequest"/>
+			<wsdl:output message="tds:GetUserRolesResponse"/>
+		</wsdl:operation>
+		<wsdl:operation name="SetUserRole">
+			<wsdl:documentation>This operation configures an editable user level in the device. If the level
+				passed in UserRole already exists in the device, its configuration is overwritten. Otherwise,
+				a new editable user level is created.</wsdl:documentation>
+			<wsdl:input message="tds:SetUserRoleRequest"/>
+			<wsdl:output message="tds:SetUserRoleResponse"/>
+		</wsdl:operation>
+		<wsdl:operation name="DeleteUserRole">
+			<wsdl:documentation>This operation deletes an editable user level in the device.</wsdl:documentation>
+			<wsdl:input message="tds:DeleteUserRoleRequest"/>
+			<wsdl:output message="tds:DeleteUserRoleResponse"/>
+		</wsdl:operation>
 		<wsdl:operation name="GetRemoteUser">
 			<wsdl:documentation>This operation returns the configured remote user (if any). A device supporting remote user
 				handling shall support this operation. The user is only valid for the WS-UserToken profile or
@@ -4018,6 +4106,33 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 				<soap:body use="literal"/>
 			</wsdl:output>
 		</wsdl:operation>
+		<wsdl:operation name="GetUserRoles">
+			<soap:operation soapAction="http://www.onvif.org/ver10/device/wsdl/GetUserRoles"/>
+			<wsdl:input>
+				<soap:body use="literal"/>
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal"/>
+			</wsdl:output>
+		</wsdl:operation>
+		<wsdl:operation name="SetUserRole">
+			<soap:operation soapAction="http://www.onvif.org/ver10/device/wsdl/SetUserRole"/>
+			<wsdl:input>
+				<soap:body use="literal"/>
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal"/>
+			</wsdl:output>
+		</wsdl:operation>
+		<wsdl:operation name="DeleteUserRole">
+			<soap:operation soapAction="http://www.onvif.org/ver10/device/wsdl/DeleteUserRole"/>
+			<wsdl:input>
+				<soap:body use="literal"/>
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal"/>
+			</wsdl:output>
+		</wsdl:operation>
 		<wsdl:operation name="GetWsdlUrl">
 			<soap:operation soapAction="http://www.onvif.org/ver10/device/wsdl/GetWsdlUrl"/>
 			<wsdl:input>
diff --git a/onvif/wsdl/ver10/schema/onvif.xsd b/onvif/wsdl/ver10/schema/onvif.xsd
index bad3047..debc96b 100644
--- a/onvif/wsdl/ver10/schema/onvif.xsd
+++ b/onvif/wsdl/ver10/schema/onvif.xsd
@@ -4141,6 +4141,22 @@ decoding .A decoder shall decode every data it receives (according to its capabi
 		</xs:restriction>
 	</xs:simpleType>
 	<!--===============================-->
+	<xs:complexType name="UserRole">
+		<xs:sequence>
+			<xs:element name="Name" type="xs:string">
+				<xs:annotation>
+					<xs:documentation>Name of the editable user level.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+			<xs:element name="Functions" type="tt:StringList">
+				<xs:annotation>
+					<xs:documentation>Names of the permitted function for the editable user level. The names must be prepended by the namespace prefix and colon.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
+		</xs:sequence>
+		<xs:anyAttribute processContents="lax"/>
+	</xs:complexType>
+	<!--===============================-->
 	<xs:complexType name="User">
 		<xs:sequence>
 			<xs:element name="Username" type="xs:string">
@@ -4165,6 +4181,11 @@ decoding .A decoder shall decode every data it receives (according to its capabi
 	<!--===============================-->
 	<xs:complexType name="UserExtension">
 		<xs:sequence>
+			<xs:element name="Roles" type="tt:StringList" minOccurs="1" maxOccurs="1">
+				<xs:annotation>
+					<xs:documentation>The names of the roles assigned to the user.</xs:documentation>
+				</xs:annotation>
+			</xs:element>
 			<xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>   <!-- first Vendor then ONVIF -->
 		</xs:sequence>
 	</xs:complexType>
diff --git a/onvif/wsdl/ver10/uplink/wsdl/uplink.wsdl b/onvif/wsdl/ver10/uplink/wsdl/uplink.wsdl
index 8505d0e..5c7c307 100644
--- a/onvif/wsdl/ver10/uplink/wsdl/uplink.wsdl
+++ b/onvif/wsdl/ver10/uplink/wsdl/uplink.wsdl
@@ -86,8 +86,8 @@ IN NO EVENT WILL THE CORPORATION OR ITS MEMBERS OR THEIR AFFILIATES BE LIABLE FO
 					<xs:element name="CertificateID" type="xs:string" minOccurs="0">
 						<xs:annotation><xs:documentation>ID of the certificate to be used for client authentication.</xs:documentation></xs:annotation>
 					</xs:element>
-					<xs:element name="UserLevel" type="xs:string">
-						<xs:annotation><xs:documentation>Authorization level that will be assigned to the uplink connection.</xs:documentation></xs:annotation>
+					<xs:element name="UserLevel" type="tt:StringList">
+						<xs:annotation><xs:documentation>List of authorization levels and roles that will be used to restrict the commands that will be accepted through the uplink connection.</xs:documentation></xs:annotation>
 					</xs:element>
 					<xs:element name="Status" type="xs:string" minOccurs="0">
 						<xs:annotation><xs:documentation>Current connection status (see tup:ConnectionStatus for possible values).</xs:documentation></xs:annotation>