diff --git a/backend/src/controllers/Permissions.php b/backend/src/controllers/Permissions.php
index 6c7fbdc..4649937 100644
--- a/backend/src/controllers/Permissions.php
+++ b/backend/src/controllers/Permissions.php
@@ -41,4 +41,33 @@ class Permissions
             'results' => $results
         ], 200);
     }
+
+    public function postNew(Request $req, Response $res, array $args)
+    {
+        $ac = new \Operations\AccessControl($this->c);
+        if (!$ac->isAdmin($req->getAttribute('userId'))) {
+            $this->logger->info('Non admin user tries to add permissions');
+            return $res->withJson(['error' => 'You must be admin to use this feature'], 403);
+        }
+
+        $body = $req->getParsedBody();
+
+        if (!array_key_exists('domainId', $body)) {
+            $this->logger->debug('One of the required fields is missing');
+            return $res->withJson(['error' => 'One of the required fields is missing'], 422);
+        }
+
+        $user = intval($args['user']);
+
+        $permissions = new \Operations\Permissions($this->c);
+
+        try {
+            $permissions->addPermission($user, $body['domainId']);
+
+            $this->logger->info('Permission was added:', ['by' => $req->getAttribute('userId'), 'user' => $user, 'domain' => $body['domainId']]);
+            return $res->withStatus(204);
+        } catch (\Exceptions\NotFoundException $e) {
+            return $res->withJson(['error' => 'Either domain or user were not found'], 404);
+        }
+    }
 }
diff --git a/backend/src/operations/Permissions.php b/backend/src/operations/Permissions.php
index 9664c72..4949dc0 100644
--- a/backend/src/operations/Permissions.php
+++ b/backend/src/operations/Permissions.php
@@ -65,4 +65,46 @@ class Permissions
 
         return $data;
     }
+
+    /**
+     * Add a new permission
+     * 
+     * @param   $userId     User id
+     * @param   $domainId   Domain for which access should be granted
+     * 
+     * @return  void
+     */
+    public function addPermission(int $userId, int $domainId) : void
+    {
+        $this->db->beginTransaction();
+
+        $query = $this->db->prepare('SELECT id FROM users WHERE id=:userId');
+        $query->bindValue(':userId', $userId, \PDO::PARAM_INT);
+        $query->execute();
+        if ($query->fetch() === false) {
+            $this->db->rollBack();
+            throw new \Exceptions\NotFoundException();
+        }
+
+        $query = $this->db->prepare('SELECT id FROM domains WHERE id=:domainId');
+        $query->bindValue(':domainId', $domainId, \PDO::PARAM_INT);
+        $query->execute();
+        if ($query->fetch() === false) {
+            $this->db->rollBack();
+            throw new \Exceptions\NotFoundException();
+        }
+
+        $query = $this->db->prepare('SELECT * FROM permissions WHERE domain_id=:domainId AND user_id=:userId');
+        $query->bindValue(':domainId', $domainId, \PDO::PARAM_INT);
+        $query->bindValue(':userId', $userId, \PDO::PARAM_INT);
+        $query->execute();
+        if ($query->fetch() === false) {
+            $query = $this->db->prepare('INSERT INTO permissions (domain_id,user_id) VALUES (:domainId, :userId)');
+            $query->bindValue(':domainId', $domainId, \PDO::PARAM_INT);
+            $query->bindValue(':userId', $userId, \PDO::PARAM_INT);
+            $query->execute();
+        }
+
+        $this->db->commit();
+    }
 }
diff --git a/backend/src/public/index.php b/backend/src/public/index.php
index 87ee951..4393656 100644
--- a/backend/src/public/index.php
+++ b/backend/src/public/index.php
@@ -49,6 +49,7 @@ $app->group('/v1', function () {
         $this->put('/records/{recordId}/credentials/{credentialId}', '\Controllers\Credentials:put');
 
         $this->get('/users/{user}/permissions', '\Controllers\Permissions:getList');
+        $this->post('/users/{user}/permissions', '\Controllers\Permissions:postNew');
     })->add('\Middlewares\Authentication');
 });
 
diff --git a/backend/test/tests/permissions.js b/backend/test/tests/permissions.js
index f45c189..d322f0e 100644
--- a/backend/test/tests/permissions.js
+++ b/backend/test/tests/permissions.js
@@ -33,6 +33,39 @@ test.run(async function () {
             }
         ], 'Get permissions result fail');
 
+        //Add permission with missing field
+        var res = await req({
+            url: '/users/2/permissions',
+            method: 'post',
+            data: {
+                foo: 100
+            }
+        });
+
+        assert.equal(res.status, 422, 'Add of permission should fail for missing field.');
+
+        //Add permission which exists
+        var res = await req({
+            url: '/users/2/permissions',
+            method: 'post',
+            data: {
+                domainId: 1
+            }
+        });
+
+        assert.equal(res.status, 204, 'Add of permission should succeed for existing permission.');
+
+        //Add permission which does not exist
+        var res = await req({
+            url: '/users/2/permissions',
+            method: 'post',
+            data: {
+                domainId: 3
+            }
+        });
+
+        assert.equal(res.status, 204, 'Add of permission should succeed for not existing permission.');
+
 
     });
 
@@ -43,5 +76,15 @@ test.run(async function () {
         });
 
         assert.equal(res.status, 403, 'Get of permissions should fail for user.');
+
+        var res = await req({
+            url: '/users/2/permissions',
+            method: 'post',
+            data: {
+                domainId: 100
+            }
+        });
+
+        assert.equal(res.status, 403, 'Add of permission should fail for user.');
     });
 });
\ No newline at end of file