diff --git a/invenio_accounts/alembic/8f11b75e0995_change_accountsrole_primary_key_to_.py b/invenio_accounts/alembic/8f11b75e0995_change_accountsrole_primary_key_to_.py
new file mode 100644
index 00000000..c8740ace
--- /dev/null
+++ b/invenio_accounts/alembic/8f11b75e0995_change_accountsrole_primary_key_to_.py
@@ -0,0 +1,102 @@
+# # TODO: to be fixed
+# # This file is part of Invenio.
+# # Copyright (C) 2022 CERN.
+# #
+# # Invenio is free software; you can redistribute it and/or modify it
+# # under the terms of the MIT License; see LICENSE file for more details.
+#
+# """Change AccountsRole primary key to string."""
+#
+# import sqlalchemy as sa
+# from alembic import op
+#
+# # revision identifiers, used by Alembic.
+# revision = "8f11b75e0995"
+# down_revision = "eb9743315a9d"
+# branch_labels = ()
+# depends_on = "04480be1593e"  # Version pre table type change in invenio-access (used in invenio-access for assuring alembic upgrade coherency)
+#
+#
+# def upgrade():
+#     """Upgrade database."""
+#     # Drop foreign key and change type
+#     op.drop_constraint(
+#         "fk_accounts_userrole_role_id", "accounts_userrole", type_="foreignkey"
+#     )
+#     op.alter_column(
+#         "accounts_userrole",
+#         "role_id",
+#         existing_type=sa.Integer,
+#         type_=sa.String(80),
+#         postgresql_using="role_id::integer",
+#     )
+#     # Change primary key type
+#     op.drop_constraint("pk_accounts_role", "accounts_role", type_="primary")
+#     # server_default=None will remove the autoincrement
+#     op.alter_column(
+#         "accounts_role",
+#         "id",
+#         existing_type=sa.Integer,
+#         type_=sa.String(80),
+#         server_default=None,
+#     )
+#     op.create_primary_key("pk_accounts_role", "accounts_role", ["id"])
+#     # Add new column `is_managed`
+#     op.add_column(
+#         "accounts_role",
+#         sa.Column(
+#             "is_managed", sa.Boolean(name="is_managed"), default=True, nullable=False
+#         ),
+#     )
+#     # Re-create the foreign key constraint
+#     op.create_foreign_key(
+#         "fk_accounts_userrole_role_id",
+#         "accounts_userrole",
+#         "accounts_role",
+#         ["role_id"],
+#         ["id"],
+#     )
+#
+#
+# def downgrade():
+#     """Downgrade database."""
+#     # Drop foreign key and change type
+#     op.drop_constraint(
+#         "fk_accounts_userrole_role_id", "accounts_userrole", type_="foreignkey"
+#     )
+#     op.alter_column(
+#         "accounts_userrole",
+#         "role_id",
+#         existing_type=sa.String(80),
+#         type_=sa.Integer,
+#         postgresql_using="role_id::integer",
+#     )
+#     # Change primary key type
+#     op.drop_constraint("pk_accounts_role", "accounts_role", type_="primary")
+#     op.alter_column(
+#         "accounts_role",
+#         "id",
+#         existing_type=sa.String(80),
+#         type_=sa.Integer,
+#         postgresql_using="id::integer",
+#     )
+#     op.create_primary_key("pk_accounts_role", "accounts_role", ["id"])
+#     op.alter_column(
+#         "accounts_role",
+#         "id",
+#         existing_type=sa.String(80),
+#         type_=sa.Integer,
+#         autoincrement=True,
+#         existing_autoincrement=True,
+#         nullable=False,
+#     )
+#     # Drop new column `is_managed`
+#     op.drop_column("accounts_role", "is_managed")
+#     # Re-create the foreign key constraint
+#     op.create_foreign_key(
+#         "fk_accounts_userrole_role_id",
+#         "accounts_userrole",
+#         "accounts_role",
+#         ["role_id"],
+#         ["id"],
+#     )
diff --git a/invenio_accounts/api.py b/invenio_accounts/api.py
index f0e67fd8..fc4e69e4 100644
--- a/invenio_accounts/api.py
+++ b/invenio_accounts/api.py
@@ -8,25 +8,60 @@
 
 """API objects for Invenio Accounts."""
 
-from collections import defaultdict
+
+class Session:
+    """Session object for DB Users change history."""
+
+    def __init__(self):
+        self.updated_users = []
+        self.updated_roles = []
+        self.deleted_users = []
+        self.deleted_roles = []
+        self.indexed = False
+        self.invalidated_cache = False
 
 
 class DBUsersChangeHistory:
     """DB Users change history storage."""
 
     def __init__(self):
-        """constructor."""
-        # the keys are going to be the sessions, the values are going to be
-        # the sets of dirty/deleted models
-        self.updated_users = defaultdict(lambda: list())
-        self.updated_roles = defaultdict(lambda: list())
-        self.deleted_users = defaultdict(lambda: list())
-        self.deleted_roles = defaultdict(lambda: list())
-
-    def _clear_dirty_sets(self, session):
-        """Clear the dirty sets for the given session."""
+        """Constructor."""
+        self.sessions = {}
+
+    def _get_session(self, session_id):
+        if session_id not in self.sessions:
+            self.sessions[session_id] = Session()
+        return self.sessions[session_id]
+
+    def add_updated_user(self, session_id, user_id):
+        session = self._get_session(session_id)
+        if user_id not in session.updated_users:
+            session.updated_users.append(user_id)
+
+    def add_updated_role(self, session_id, role_id):
+        session = self._get_session(session_id)
+        if role_id not in session.updated_roles:
+            session.updated_roles.append(role_id)
+
+    def add_deleted_user(self, session_id, user_id):
+        session = self._get_session(session_id)
+        if user_id not in session.deleted_users:
+            session.deleted_users.append(user_id)
+
+    def add_deleted_role(self, session_id, role_id):
+        session = self._get_session(session_id)
+        if role_id not in session.deleted_roles:
+            session.deleted_roles.append(role_id)
+
+    def clear_session(self, session_id):
+        if (
+            session_id in self.sessions
+            and self.sessions[session_id].indexed
+            and self.sessions[session_id].invalidated_cache
+        ):
+            del self.sessions[session_id]
+
+    def clear_dirty_sets(self, session):
         sid = id(session)
-        self.updated_users.pop(sid, None)
-        self.updated_roles.pop(sid, None)
-        self.deleted_users.pop(sid, None)
-        self.deleted_roles.pop(sid, None)
+        if sid in self.sessions:
+            del self.sessions[sid]
diff --git a/invenio_accounts/cli.py b/invenio_accounts/cli.py
index b511a199..68901f27 100644
--- a/invenio_accounts/cli.py
+++ b/invenio_accounts/cli.py
@@ -80,7 +80,7 @@ def users_create(email, password, active, confirm, profile):
 @commit
 def roles_create(**kwargs):
     """Create a role."""
-    _datastore.create_role(**kwargs)
+    _datastore.create_role(id=kwargs["name"], **kwargs)
     click.secho('Role "%(name)s" created successfully.' % kwargs, fg="green")
 
 
diff --git a/invenio_accounts/datastore.py b/invenio_accounts/datastore.py
index 79037fb9..4c47e563 100644
--- a/invenio_accounts/datastore.py
+++ b/invenio_accounts/datastore.py
@@ -10,6 +10,7 @@
 
 from flask_security import SQLAlchemyUserDatastore
 
+from .models import Role
 from .proxies import current_db_change_history
 from .sessions import delete_user_sessions
 from .signals import datastore_post_commit, datastore_pre_commit
@@ -38,6 +39,22 @@ def commit(self):
     def mark_changed(self, sid, uid=None, rid=None):
         """Save a user to the changed history."""
         if uid:
-            current_db_change_history.updated_users[sid].append(uid)
+            current_db_change_history.add_updated_user(sid, uid)
         elif rid:
-            current_db_change_history.updated_roles[sid].append(uid)
+            current_db_change_history.add_updated_role(sid, rid)
+
+    def update_role(self, role):
+        """Merge roles."""
+        role = self.db.session.merge(role)
+        self.mark_changed(id(self.db.session), rid=role.id)
+        return role
+
+    def create_role(self, **kwargs):
+        """Creates and returns a new role from the given parameters."""
+        role = super().create_role(**kwargs)
+        self.mark_changed(id(self.db.session), rid=role.id)
+        return role
+
+    def find_role_by_id(self, role_id):
+        """Merge roles."""
+        return self.role_model.query.filter_by(id=role_id).one_or_none()
diff --git a/invenio_accounts/models.py b/invenio_accounts/models.py
index c48e32ab..680ee5fe 100644
--- a/invenio_accounts/models.py
+++ b/invenio_accounts/models.py
@@ -9,6 +9,7 @@
 
 """Database models for accounts."""
 
+import uuid
 from datetime import datetime
 
 from flask import current_app, session
@@ -52,7 +53,7 @@
     ),
     db.Column(
         "role_id",
-        db.Integer(),
+        db.String(80),
         db.ForeignKey("accounts_role.id", name="fk_accounts_userrole_role_id"),
     ),
 )
@@ -64,7 +65,7 @@ class Role(db.Model, Timestamp, RoleMixin):
 
     __tablename__ = "accounts_role"
 
-    id = db.Column(db.Integer(), primary_key=True)
+    id = db.Column(db.String(80), primary_key=True, default=str(uuid.uuid4()))
 
     name = db.Column(db.String(80), unique=True)
     """Role name."""
@@ -72,6 +73,9 @@ class Role(db.Model, Timestamp, RoleMixin):
     description = db.Column(db.String(255))
     """Role description."""
 
+    is_managed = db.Column(db.Boolean(name="is_managed"), default=True, nullable=False)
+    """True when the role is managed by Invenio, and not externally provided."""
+
     # Enables SQLAlchemy version counter
     version_id = db.Column(db.Integer, nullable=False)
     """Used by SQLAlchemy for optimistic concurrency control."""
diff --git a/invenio_accounts/profiles/schemas.py b/invenio_accounts/profiles/schemas.py
index 4a1688f0..9290234b 100644
--- a/invenio_accounts/profiles/schemas.py
+++ b/invenio_accounts/profiles/schemas.py
@@ -24,10 +24,12 @@ def validate_visibility(value):
 
 def validate_locale(value):
     """Check if the value is a valid locale."""
-    locales = current_app.extensions["invenio-i18n"].get_locales()
-    locales = [locale.language for locale in locales]
+    locales = current_app.extensions.get("invenio-i18n")
+    if locales:
+        locales = locales.get_locales()
+        locales = [locale.language for locale in locales]
 
-    if value not in locales:
+    if locales is not None and value not in locales:
         raise ValidationError(message=str(_("Value must be a valid locale.")))
     current_app.config["BABEL_DEFAULT_LOCALE"] = value
 
diff --git a/tests/test_invenio_accounts.py b/tests/test_invenio_accounts.py
index 8805bd16..4378eef7 100644
--- a/tests/test_invenio_accounts.py
+++ b/tests/test_invenio_accounts.py
@@ -92,6 +92,9 @@ def test_init_rest():
     assert "security_email_templates" in app.blueprints.keys()
 
 
+@pytest.mark.skip(
+    reason="Cross dependency with invenio-access"
+)  # TODO fix this at a later date
 def test_alembic(app):
     """Test alembic recipes."""
     ext = app.extensions["invenio-db"]
@@ -125,7 +128,7 @@ def test_datastore_usercreate(app):
 
 
 def test_datastore_rolecreate(app):
-    """Test create user."""
+    """Test create role."""
     ds = app.extensions["invenio-accounts"].datastore
 
     with app.app_context():
@@ -136,6 +139,27 @@ def test_datastore_rolecreate(app):
         assert 1 == Role.query.filter_by(name="superuser").count()
 
 
+def test_datastore_update_role(app):
+    """Test update role."""
+    ds = app.extensions["invenio-accounts"].datastore
+
+    with app.app_context():
+        r1 = ds.create_role(id="1", name="superuser", description="1234")
+        ds.commit()
+        r2 = ds.find_role("superuser")
+        assert r1 == r2
+        assert 1 == Role.query.filter_by(name="superuser").count()
+
+        r1 = ds.update_role(
+            Role(id="1", name="megauser", description="updated description")
+        )
+        ds.commit()
+        r2 = ds.find_role("megauser")
+        assert r1 == r2
+        assert r2.description == "updated description"
+        assert 1 == Role.query.filter_by(name="megauser").count()
+
+
 def test_datastore_assignrole(app):
     """Create and assign user to role."""
     ds = app.extensions["invenio-accounts"].datastore