diff --git a/server/bundles/io.cloudbeaver.service.security/db/cb_schema_create.sql b/server/bundles/io.cloudbeaver.service.security/db/cb_schema_create.sql
index 4114b0e7e2..843f30f8f4 100644
--- a/server/bundles/io.cloudbeaver.service.security/db/cb_schema_create.sql
+++ b/server/bundles/io.cloudbeaver.service.security/db/cb_schema_create.sql
@@ -105,16 +105,30 @@ CREATE TABLE {table_prefix}CB_OBJECT_PERMISSIONS
     FOREIGN KEY (SUBJECT_ID) REFERENCES {table_prefix}CB_AUTH_SUBJECT (SUBJECT_ID) ON DELETE CASCADE
 );
 
+CREATE TABLE {table_prefix}CB_CREDENTIALS_PROFILE
+(
+    PROFILE_ID          VARCHAR(128) NOT NULL,
+    PROFILE_NAME        VARCHAR(100) NOT NULL,
+    PROFILE_DESCRIPTION VARCHAR(255) NOT NULL,
+    PARENT_PROFILE_ID   VARCHAR(128) NULL,
+    CREATE_TIME         TIMESTAMP    DEFAULT CURRENT_TIMESTAMP NOT NULL,
+
+    PRIMARY KEY (PROFILE_ID),
+    FOREIGN KEY (PROFILE_ID) REFERENCES {table_prefix}CB_AUTH_SUBJECT (SUBJECT_ID) ON DELETE CASCADE,
+    FOREIGN KEY (PARENT_PROFILE_ID) REFERENCES {table_prefix}CB_CREDENTIALS_PROFILE(PROFILE_ID) ON DELETE NO ACTION
+);
+
 CREATE TABLE {table_prefix}CB_USER
 (
     USER_ID     VARCHAR(128) NOT NULL,
-
     IS_ACTIVE   CHAR(1)      NOT NULL,
     CREATE_TIME TIMESTAMP    NOT NULL,
     DEFAULT_AUTH_ROLE VARCHAR(32) NULL,
+    CREDENTIALS_PROFILE_ID VARCHAR(128) NULL,
 
     PRIMARY KEY (USER_ID),
-    FOREIGN KEY (USER_ID) REFERENCES {table_prefix}CB_AUTH_SUBJECT (SUBJECT_ID) ON DELETE CASCADE
+    FOREIGN KEY (USER_ID) REFERENCES {table_prefix}CB_AUTH_SUBJECT (SUBJECT_ID) ON DELETE CASCADE,
+    FOREIGN KEY (CREDENTIALS_PROFILE_ID) REFERENCES {table_prefix}CB_CREDENTIALS_PROFILE(PROFILE_ID) ON DELETE NO ACTION
 );
 
 -- Additional user properties (profile)
@@ -332,7 +346,7 @@ CREATE TABLE {table_prefix}CB_SUBJECT_SECRETS
     UPDATE_TIME                    TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
 
     PRIMARY KEY (SUBJECT_ID, SECRET_ID),
-    FOREIGN KEY (SUBJECT_ID) REFERENCES {table_prefix}CB_SUBJECT (SUBJECT_ID) ON DELETE CASCADE
+    FOREIGN KEY (SUBJECT_ID) REFERENCES {table_prefix}CB_AUTH_SUBJECT (SUBJECT_ID) ON DELETE CASCADE
 );
 
 CREATE INDEX IDX_SUBJECT_SECRETS_PROJECT ON {table_prefix}CB_SUBJECT_SECRETS (PROJECT_ID,SUBJECT_ID);
diff --git a/server/bundles/io.cloudbeaver.service.security/db/cb_schema_update_16.sql b/server/bundles/io.cloudbeaver.service.security/db/cb_schema_update_16.sql
index 2dc1d65553..298030ea58 100644
--- a/server/bundles/io.cloudbeaver.service.security/db/cb_schema_update_16.sql
+++ b/server/bundles/io.cloudbeaver.service.security/db/cb_schema_update_16.sql
@@ -14,7 +14,7 @@ CREATE TABLE {table_prefix}CB_SUBJECT_SECRETS
     UPDATE_TIME                    TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
 
     PRIMARY KEY (SUBJECT_ID, SECRET_ID),
-    FOREIGN KEY (SUBJECT_ID) REFERENCES {table_prefix}CB_SUBJECT (SUBJECT_ID) ON DELETE CASCADE
+    FOREIGN KEY (SUBJECT_ID) REFERENCES {table_prefix}CB_AUTH_SUBJECT (SUBJECT_ID) ON DELETE CASCADE
     );
 
 CREATE INDEX IDX_SUBJECT_SECRETS_PROJECT ON {table_prefix}CB_SUBJECT_SECRETS (PROJECT_ID,SUBJECT_ID);
diff --git a/server/bundles/io.cloudbeaver.service.security/db/cb_schema_update_17.sql b/server/bundles/io.cloudbeaver.service.security/db/cb_schema_update_17.sql
new file mode 100644
index 0000000000..5a3f382caa
--- /dev/null
+++ b/server/bundles/io.cloudbeaver.service.security/db/cb_schema_update_17.sql
@@ -0,0 +1,16 @@
+CREATE TABLE {table_prefix}CB_CREDENTIALS_PROFILE
+(
+    PROFILE_ID          VARCHAR(128) NOT NULL,
+    PROFILE_NAME        VARCHAR(100) NOT NULL,
+    PROFILE_DESCRIPTION VARCHAR(255) NOT NULL,
+    PARENT_PROFILE_ID VARCHAR(255) NULL,
+
+    CREATE_TIME      TIMESTAMP    NOT NULL,
+
+    PRIMARY KEY (PROFILE_ID),
+    FOREIGN KEY (PROFILE_ID) REFERENCES {table_prefix}CB_AUTH_SUBJECT (SUBJECT_ID) ON DELETE CASCADE,
+    FOREIGN KEY (PARENT_PROFILE_ID) REFERENCES {table_prefix}CB_CREDENTIALS_PROFILE(PROFILE_ID) ON DELETE NO ACTION
+);
+
+ALTER TABLE {table_prefix}CB_USER ADD COLUMN CREDENTIALS_PROFILE_ID VARCHAR(128) NULL;
+ALTER TABLE {table_prefix}CB_USER ADD FOREIGN KEY(CREDENTIALS_PROFILE_ID) REFERENCES {table_prefix}CB_CREDENTIALS_PROFILE(PROFILE_ID) ON DELETE NO ACTION;
diff --git a/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/db/CBDatabase.java b/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/db/CBDatabase.java
index b1255969d6..5cddbba56a 100644
--- a/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/db/CBDatabase.java
+++ b/server/bundles/io.cloudbeaver.service.security/src/io/cloudbeaver/service/security/db/CBDatabase.java
@@ -73,7 +73,7 @@ public class CBDatabase {
     public static final String SCHEMA_UPDATE_SQL_PATH = "db/cb_schema_update_";
 
     private static final int LEGACY_SCHEMA_VERSION = 1;
-    private static final int CURRENT_SCHEMA_VERSION = 16;
+    private static final int CURRENT_SCHEMA_VERSION = 17;
 
     private static final String DEFAULT_DB_USER_NAME = "cb-data";
     private static final String DEFAULT_DB_PWD_FILE = ".database-credentials.dat";