diff --git a/apps/account/serializers/back.py b/apps/account/serializers/back.py
new file mode 100644
index 00000000..c1a1c6d4
--- /dev/null
+++ b/apps/account/serializers/back.py
@@ -0,0 +1,21 @@
+"""Back account serializers"""
+from rest_framework import serializers
+from account import models
+
+
+class RoleSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = models.Role
+        fields = [
+            'role',
+            'country'
+        ]
+
+
+class UserRoleSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = models.UserRole
+        fields = [
+            'user',
+            'role'
+        ]
\ No newline at end of file
diff --git a/apps/account/tests/tests_back.py b/apps/account/tests/tests_back.py
new file mode 100644
index 00000000..56c0cd3a
--- /dev/null
+++ b/apps/account/tests/tests_back.py
@@ -0,0 +1,86 @@
+from rest_framework.test import APITestCase
+from rest_framework import status
+from authorization.tests.tests_authorization import get_tokens_for_user
+from django.urls import reverse
+from http.cookies import SimpleCookie
+from location.models import Country
+from account.models import Role, User, UserRole
+
+class RoleTests(APITestCase):
+    def setUp(self):
+        self.data = get_tokens_for_user()
+        self.client.cookies = SimpleCookie(
+            {'access_token': self.data['tokens'].get('access_token'),
+             'refresh_token': self.data['tokens'].get('access_token')})
+
+    def test_role_get(self):
+        url = reverse('back:account:role-list-create')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_role_post(self):
+        url = reverse('back:account:role-list-create')
+        country = Country.objects.create(
+            name='{"ru-RU":"Russia"}',
+            code='23',
+            low_price=15,
+            high_price=150000
+        )
+        country.save()
+
+        data = {
+            "role": 2,
+            "country": country.pk
+        }
+        response = self.client.post(url, data=data, format='json')
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+
+
+class UserRoleTests(APITestCase):
+    def setUp(self):
+        self.data = get_tokens_for_user()
+        self.client.cookies = SimpleCookie(
+            {'access_token': self.data['tokens'].get('access_token'),
+             'refresh_token': self.data['tokens'].get('access_token')})
+
+        self.country_ru = Country.objects.create(
+            name='{"ru-RU":"Russia"}',
+            code='23',
+            low_price=15,
+            high_price=150000
+        )
+        self.country_ru.save()
+
+        self.country_en = Country.objects.create(
+            name='{"en-GB":"England"}',
+            code='25',
+            low_price=15,
+            high_price=150000
+        )
+        self.country_en.save()
+
+        self.role = Role.objects.create(
+            role=2,
+            country=self.country_ru
+        )
+        self.role.save()
+
+        self.user_test = User.objects.create_user(username='test',
+                                                  email='testemail@mail.com',
+                                                  password='passwordtest')
+
+    def test_user_role_post(self):
+        url = reverse('back:account:user-role-list-create')
+        # userRole = UserRole.objects.create(
+        #     user=self.user_test,
+        #     role=self.role
+        # )
+        # userRole.save()
+
+        data = {
+            "user": self.user_test.id,
+            "role": self.role.id
+        }
+
+        response = self.client.post(url, data=data, format='json')
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
diff --git a/apps/account/urls/back.py b/apps/account/urls/back.py
new file mode 100644
index 00000000..ee2e4148
--- /dev/null
+++ b/apps/account/urls/back.py
@@ -0,0 +1,12 @@
+"""Back account URLs"""
+from django.urls import path
+
+from account.views import back as views
+
+app_name = 'account'
+
+urlpatterns = [
+    path('role/', views.RoleLstView.as_view(), name='role-list-create'),
+    path('user-role/', views.UserRoleLstView.as_view(), name='user-role-list-create'),
+
+]
diff --git a/apps/account/views/back.py b/apps/account/views/back.py
new file mode 100644
index 00000000..8799f915
--- /dev/null
+++ b/apps/account/views/back.py
@@ -0,0 +1,13 @@
+from rest_framework import generics
+from account.serializers import back as serializers
+from account import models
+
+
+class RoleLstView(generics.ListCreateAPIView):
+    serializer_class = serializers.RoleSerializer
+    queryset = models.Role.objects.all()
+
+
+class UserRoleLstView(generics.ListCreateAPIView):
+    serializer_class = serializers.UserRoleSerializer
+    queryset = models.Role.objects.all()
\ No newline at end of file
diff --git a/apps/comment/permissions.py b/apps/comment/permissions.py
new file mode 100644
index 00000000..aa57eaca
--- /dev/null
+++ b/apps/comment/permissions.py
@@ -0,0 +1,28 @@
+from rest_framework import permissions
+from account.models import UserRole, Role, User
+
+
+class IsCommentModerator(permissions.BasePermission):
+    """
+    Object-level permission to only allow owners of an object to edit it.
+    Assumes the model instance has an `owner` attribute.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        # Read permissions are allowed to any request,
+        # so we'll always allow GET, HEAD or OPTIONS requests.
+        if request.method in permissions.SAFE_METHODS:
+            return True
+
+        # Instance must have an attribute named `user`.
+        role = Role.objects.get(role=2)  # 'Comments moderator'
+        is_access = UserRole.objects.filter(user=request.user, role=role).exists()
+        if obj.user == request.user and is_access:
+            return True
+
+        # User is super-user?
+        if User.objects.filter(pk=request.user.pk).exists():
+            return True
+
+        return False
+
diff --git a/apps/comment/serializers/back.py b/apps/comment/serializers/back.py
index a491168d..d0cd47c8 100644
--- a/apps/comment/serializers/back.py
+++ b/apps/comment/serializers/back.py
@@ -1,11 +1,9 @@
 """Comment app common serializers."""
 from comment import models
 from rest_framework import serializers
-from utils.serializers import ProjectModelSerializer
 
 
-class CommentBaseSerializer(ProjectModelSerializer):
-
+class CommentBaseSerializer(serializers.ModelSerializer):
     class Meta:
         model = models.Comment
         fields = ('id', 'text', 'mark', 'user')
\ No newline at end of file
diff --git a/apps/comment/tests.py b/apps/comment/tests.py
index a39b155a..09287225 100644
--- a/apps/comment/tests.py
+++ b/apps/comment/tests.py
@@ -1 +1,57 @@
-# Create your tests here.
+from rest_framework.test import APITestCase
+from rest_framework import status
+from authorization.tests.tests_authorization import get_tokens_for_user
+from django.urls import reverse
+from http.cookies import SimpleCookie
+from location.models import Country
+from account.models import Role, User, UserRole
+
+
+class CommentModeratorPermissionTests(APITestCase):
+    def setUp(self):
+        self.data = get_tokens_for_user()
+
+        self.client.cookies = SimpleCookie(
+            {'access_token': self.data['tokens'].get('access_token'),
+             'refresh_token': self.data['tokens'].get('access_token')})
+
+        self.country_ru = Country.objects.create(
+            name='{"ru-RU":"Russia"}',
+            code='23',
+            low_price=15,
+            high_price=150000
+        )
+        self.country_ru.save()
+
+        self.country_en = Country.objects.create(
+            name='{"en-GB":"England"}',
+            code='25',
+            low_price=15,
+            high_price=150000
+        )
+        self.country_en.save()
+
+        self.role = Role.objects.create(
+            role=2,
+            country=self.country_ru
+        )
+        self.role.save()
+
+        self.moderator = User.objects.create_user(username='moderator',
+                                                  email='moderator@mail.com',
+                                                  password='passwordmoderator')
+
+        self.userRole = UserRole.objects.create(
+            user=self.moderator,
+            role=self.role
+        )
+        self.userRole.save()
+
+        tokens = User.create_jwt_tokens(self.moderator)
+
+        self.client.cookies = SimpleCookie(
+            {'access_token': tokens.get('access_token'),
+             'refresh_token': tokens.get('access_token')})
+
+    def test_permission(self):
+        self.assertTrue(True)
\ No newline at end of file
diff --git a/apps/comment/urls/back.py b/apps/comment/urls/back.py
index 6141ceed..a1f2e010 100644
--- a/apps/comment/urls/back.py
+++ b/apps/comment/urls/back.py
@@ -1,9 +1,11 @@
-"""Web urlpaths."""
-from comment.urls.common import urlpatterns as common_urlpatterns
+"""Back comment URLs"""
+from django.urls import path
+
+from comment.views import back as views
 
 app_name = 'comment'
 
-urlpatterns_api = []
-
-urlpatterns = common_urlpatterns + \
-              urlpatterns_api
+urlpatterns = [
+    path('', views.CommentLstView.as_view(), name='comment-list-create'),
+    path('<int:pk>/', views.CommentRUDView.as_view(), name='comment-crud'),
+]
diff --git a/apps/comment/views/back.py b/apps/comment/views/back.py
index e69de29b..1420ebc2 100644
--- a/apps/comment/views/back.py
+++ b/apps/comment/views/back.py
@@ -0,0 +1,16 @@
+from rest_framework import generics, permissions
+from comment.serializers import back as serializers
+from comment import models
+from comment.permissions import IsCommentModerator
+
+
+class CommentLstView(generics.ListCreateAPIView):
+    serializer_class = serializers.CommentBaseSerializer
+    queryset = models.Comment.objects.all()
+    permission_classes = [permissions.IsAuthenticatedOrReadOnly,]
+
+
+class CommentRUDView(generics.RetrieveUpdateDestroyAPIView):
+    serializer_class = serializers.CommentBaseSerializer
+    queryset = models.Comment.objects.all()
+    permission_classes = [permissions.IsAuthenticatedOrReadOnly, IsCommentModerator]
\ No newline at end of file
diff --git a/project/urls/back.py b/project/urls/back.py
index 7b4146eb..59758c66 100644
--- a/project/urls/back.py
+++ b/project/urls/back.py
@@ -7,5 +7,7 @@ urlpatterns = [
                              namespace='gallery')),
     path('establishments/', include('establishment.urls.back')),
     path('location/', include('location.urls.back')),
-    path('news/', include('news.urls.back'))
+    path('news/', include('news.urls.back')),
+    path('account/', include('account.urls.back')),
+    path('comment/', include('comment.urls.back')),
 ]
\ No newline at end of file