diff --git a/meta/definitions/security.php b/meta/definitions/security.php
new file mode 100644
index 0000000..1cc4c09
--- /dev/null
+++ b/meta/definitions/security.php
@@ -0,0 +1,22 @@
+<?php
+
+use function DI\autowire, DI\create, DI\get;
+
+use Storage\Session;
+
+use Taxus\{ Privilege, Taxus, PermissionGrantInterface, DefaultPermissionGrant };
+
+use Psr\Http\Message\ServerRequestInterface;
+
+return [
+    Taxus::class => function ($c) {
+        return ( new Taxus( $c->get(PermissionGrantInterface::class) ) )->add(
+            [ new Privilege("dev", "Is a developper of this application."), "is_dev" ],
+            [ new Privilege("admin", "Can manage mostly everything from this application."), "is_admin" ],
+            [ new Privilege("user", "Is an authenticated user."), "is_user" ],
+            [ new Privilege("anonymous", "Is an anonymous (unauthenticated) user."), "is_anonymous" ],
+        );
+    },
+
+    PermissionGrantInterface::class => create(DefaultPermissionGrant::class)->constructor(get(ServerRequestInterface::class), get(Session::class)),
+];
diff --git a/meta/definitions/software.php b/meta/definitions/software.php
index ca7af47..3a14fad 100644
--- a/meta/definitions/software.php
+++ b/meta/definitions/software.php
@@ -86,11 +86,11 @@ return [
 
     JavascriptMiddleware::class => create(JavascriptMiddleware::class),
 
-    Cookie::class => create(Cookie::class)->constructor([ 'secure' => true, 'samesite' => 'Strict' ], getenv("LEAN_RANDOM")),
+    Cookie::class => create(Cookie::class)->constructor([ 'secure' => true, 'path' => getenv('URL_BASE'),  ], getenv("LEAN_RANDOM")),
 
-    Session::class => create(Session::class),
+    Session::class => create(Session::class)->constructor(get(Cookie::class), [ 'path' => getenv('URL_BASE'),  ]),
 
-    SessionMiddleware::class => create(SessionMiddleware::class)->constructor(get(Cookie::class), [ 'name' => "lean_sess_" . substr(md5(getenv("LEAN_RANDOM")), 0, 12) ]),
+    SessionMiddleware::class => create(SessionMiddleware::class)->constructor(get(Cookie::class), [  'path' => getenv('URL_BASE'), 'name' => "lean_sess_" . substr(md5(getenv("LEAN_RANDOM")), 0, 12) ]),
 
     'git.commit' => function($c) {
         if ( getenv("DEBUG") ) {
diff --git a/skeleton/meta/definitions/auth.php b/skeleton/meta/definitions/auth.php
index 39f0859..3f0f062 100644
--- a/skeleton/meta/definitions/auth.php
+++ b/skeleton/meta/definitions/auth.php
@@ -17,6 +17,8 @@ use Picea\Picea;
 
 use TheBugs\Email\{ EmailConfiguration, MailerInterface, SwiftMailer };
 
+use Taxus\Taxus;
+
 return [
     Entity\User::class => autowire(Entity\User::class),
 
@@ -24,7 +26,7 @@ return [
 
     SecurityHandler::class => create(SecurityHandler::class)->constructor(function() {
         return new RedirectResponse(getenv("URL_BASE")."/connexion");
-    }, get('authentication.unauthorize')),
+    }, get('authentication.unauthorize'), get(Taxus::class)),
 
     'authentication.error' => function($c, Picea $picea) {
         return function($message) use ($picea) {
@@ -59,4 +61,6 @@ return [
 
         return $email;
     },
+
+    PermissionGrantInterface::class => create(%NAMESPACE%\PrivilegeGrantAccess::class)->constructor(get(ServerRequestInterface::class), get(Session::class)),
 ];
diff --git a/skeleton/meta/definitions/storage.php b/skeleton/meta/definitions/storage.php
index c5011fc..4fefaf2 100644
--- a/skeleton/meta/definitions/storage.php
+++ b/skeleton/meta/definitions/storage.php
@@ -5,7 +5,9 @@ use Psr\Container\ContainerInterface;
 use Ulmus\ConnectionAdapter,
     Ulmus\Container\AdapterProxy;
 
-use LdapRecord\Connection;
+use Storage\Session;
+
+use function DI\autowire, DI\create, DI\get;
 
 return [
     ConnectionAdapter::class => function($c) {
@@ -21,5 +23,5 @@ return [
         return new AdapterProxy(
             $c->get(ConnectionAdapter::class)
         );
-    }
+    },
 ];
diff --git a/skeleton/src/Entity/User.php b/skeleton/src/Entity/User.php
index ead134f..25dc2ed 100644
--- a/skeleton/src/Entity/User.php
+++ b/skeleton/src/Entity/User.php
@@ -7,7 +7,7 @@ use Ulmus\Entity\Field\Datetime;
 use %NAMESPACE%\Lib;
 
 /**
- *  # Table('name' => "user")
+ * @Table('name' => "user")
  */
 class User extends \Ulmus\User\Entity\User implements \JsonSerializable
 {
diff --git a/skeleton/src/Lib/ControllerTrait.php b/skeleton/src/Lib/ControllerTrait.php
index 00e9439..3fb0279 100644
--- a/skeleton/src/Lib/ControllerTrait.php
+++ b/skeleton/src/Lib/ControllerTrait.php
@@ -27,7 +27,7 @@ trait ControllerTrait {
         $this->picea = $picea;
         $this->authenticate = $authenticate;
         $this->session = $session;
-        $this->user = $authenticate->rememberMe( Entity\User::repository() ) ?: new User();
+        $this->user = $authenticate->rememberMe( Entity\User::repository() ) ?: new Entity\User();
     }
 
 }
\ No newline at end of file
diff --git a/skeleton/src/PrivilegeGrantAccess.php b/skeleton/src/PrivilegeGrantAccess.php
new file mode 100644
index 0000000..745304e
--- /dev/null
+++ b/skeleton/src/PrivilegeGrantAccess.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace %NAMESPACE%;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Notes\Security\Annotation\Taxus;
+use Storage\Session;
+use Taxus\PermissionGrantInterface;
+Use Ulmus\User\Entity\User;
+
+class PrivilegeGrantAccess implements PermissionGrantInterface {
+
+    public Session $session;
+
+    public ServerRequestInterface $request;
+
+    public function __construct(ServerRequestInterface $request, Session $session)
+    {
+        $this->request = $request;
+        $this->session = $session;
+    }
+
+    /*
+     * --- Reles
+     */
+    public function is_dev() : bool
+    {
+        return false;
+    }
+
+    public function is_admin(User $user) : bool
+    {
+        return ! $this->is_anonymous($user) && FALSE; #  <<<<<<<<<<<<<----- ADJUST YOUR ADMIN PRIVILEGE HERE ACCORDINGLY
+    }
+
+    public function is_user(User $user) : bool
+    {
+        return ! $this->is_anonymous($user);
+    }
+
+    public function is_anonymous(User $user) : bool
+    {
+        return ! $user || ! $user->logged;
+    }
+
+    /*
+     * --- Verifications
+     */
+    public function default($name) : bool
+    {
+        return false;
+    }
+}
diff --git a/src/Lean.php b/src/Lean.php
index 232d773..2bc43a0 100644
--- a/src/Lean.php
+++ b/src/Lean.php
@@ -116,6 +116,7 @@ class Lean
             require($path . "http.php"),
             require($path . "language.php"),
             require($path . "routes.php"),
+            require($path . "security.php"),
             require($path . "software.php"),
             require($path . "template.php"),
         );