diff --git a/apps/ops/utils.py b/apps/ops/utils.py
index 81b5a1afd..83501a6cb 100644
--- a/apps/ops/utils.py
+++ b/apps/ops/utils.py
@@ -69,7 +69,7 @@ def send_server_performance_mail(path, usage, usages):
     from users.models import User
     subject = _("Disk used more than 80%: {} => {}").format(path, usage.percent)
     message = subject
-    admins = User.objects.filter(role=User.ROLE_ADMIN)
+    admins = User.objects.filter(role=User.ROLE.ADMIN)
     recipient_list = [u.email for u in admins if u.email]
     logger.info(subject)
     send_mail_async(subject, message, recipient_list, html_message=message)
diff --git a/apps/orgs/migrations/0007_auto_20200728_1805.py b/apps/orgs/migrations/0007_auto_20200728_1805.py
new file mode 100644
index 000000000..6c05e75b2
--- /dev/null
+++ b/apps/orgs/migrations/0007_auto_20200728_1805.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.2.10 on 2020-07-28 10:05
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('orgs', '0006_auto_20200721_1937'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='organizationmember',
+            name='role',
+            field=models.CharField(choices=[('Admin', 'Organization administrator'), ('User', 'User'), ('Auditor', 'Organization auditor')], default='User', max_length=16, verbose_name='Role'),
+        ),
+    ]
diff --git a/apps/terminal/utils.py b/apps/terminal/utils.py
index cb8308fcd..2ea2768bc 100644
--- a/apps/terminal/utils.py
+++ b/apps/terminal/utils.py
@@ -20,7 +20,7 @@ def get_session_asset_list():
 
 
 def get_session_user_list():
-    return User.objects.exclude(role=User.ROLE_APP).values_list('username', flat=True)
+    return User.objects.exclude(role=User.ROLE.APP).values_list('username', flat=True)
 
 
 def get_session_system_user_list():
diff --git a/apps/tickets/api/request_asset_perm.py b/apps/tickets/api/request_asset_perm.py
index 40add8659..c79d57d58 100644
--- a/apps/tickets/api/request_asset_perm.py
+++ b/apps/tickets/api/request_asset_perm.py
@@ -48,7 +48,7 @@ class RequestAssetPermTicketViewSet(JMSModelViewSet):
         org_mapper = {}
         UserTuple = namedtuple('UserTuple', ('id', 'name', 'username'))
         user = request.user
-        superusers = User.objects.filter(role=User.ROLE_ADMIN)
+        superusers = User.objects.filter(role=User.ROLE.ADMIN)
 
         admins_with_org = User.objects.filter(related_admin_orgs__users=user).annotate(
             org_id=F('related_admin_orgs__id'), org_name=F('related_admin_orgs__name')
diff --git a/apps/tickets/serializers/request_asset_perm.py b/apps/tickets/serializers/request_asset_perm.py
index 54e5ed79c..9bdce49c1 100644
--- a/apps/tickets/serializers/request_asset_perm.py
+++ b/apps/tickets/serializers/request_asset_perm.py
@@ -58,7 +58,7 @@ class RequestAssetPermTicketSerializer(serializers.ModelSerializer):
     def validate_assignees(self, assignees):
         user = self.context['request'].user
 
-        count = User.objects.filter(Q(related_admin_orgs__users=user) | Q(role=User.ROLE_ADMIN)).filter(
+        count = User.objects.filter(Q(related_admin_orgs__users=user) | Q(role=User.ROLE.ADMIN)).filter(
             id__in=[assignee.id for assignee in assignees]).distinct().count()
 
         if count != len(assignees):
diff --git a/apps/users/filters.py b/apps/users/filters.py
index 0aa46609e..faf5959c8 100644
--- a/apps/users/filters.py
+++ b/apps/users/filters.py
@@ -12,7 +12,7 @@ class OrgRoleUserFilterBackend(filters.BaseFilterBackend):
             return queryset
 
         if org_role == 'admins':
-            return queryset & (current_org.admins | User.objects.filter(role=User.ROLE_ADMIN))
+            return queryset & (current_org.admins | User.objects.filter(role=User.ROLE.ADMIN))
         elif org_role == 'auditors':
             return queryset & current_org.auditors
         elif org_role == 'users':
diff --git a/apps/users/forms/user.py b/apps/users/forms/user.py
index e02aaf17e..f3852c0dd 100644
--- a/apps/users/forms/user.py
+++ b/apps/users/forms/user.py
@@ -60,9 +60,9 @@ class UserCreateUpdateFormMixin(OrgModelForm):
         roles = []
         # Super admin user
         if self.request.user.is_superuser:
-            roles.append((User.ROLE_ADMIN, dict(User.ROLE_CHOICES).get(User.ROLE_ADMIN)))
-            roles.append((User.ROLE_USER, dict(User.ROLE_CHOICES).get(User.ROLE_USER)))
-            roles.append((User.ROLE_AUDITOR, dict(User.ROLE_CHOICES).get(User.ROLE_AUDITOR)))
+            roles.append((User.ROLE.ADMIN, User.ROLE.ADMIN.label))
+            roles.append((User.ROLE.USER, User.ROLE.USER.label))
+            roles.append((User.ROLE.AUDITOR, User.ROLE.AUDITOR.label))
 
         # Org admin user
         else:
@@ -70,10 +70,10 @@ class UserCreateUpdateFormMixin(OrgModelForm):
             # Update
             if user:
                 role = kwargs.get('instance').role
-                roles.append((role, dict(User.ROLE_CHOICES).get(role)))
+                roles.append((role, User.ROLE[role]))
             # Create
             else:
-                roles.append((User.ROLE_USER, dict(User.ROLE_CHOICES).get(User.ROLE_USER)))
+                roles.append((User.ROLE.USER, User.ROLE.USER.label))
 
         field = self.fields['role']
         field.choices = set(roles)
diff --git a/apps/users/migrations/0028_auto_20200728_1805.py b/apps/users/migrations/0028_auto_20200728_1805.py
new file mode 100644
index 000000000..6e57d04a6
--- /dev/null
+++ b/apps/users/migrations/0028_auto_20200728_1805.py
@@ -0,0 +1,18 @@
+# Generated by Django 2.2.10 on 2020-07-28 10:05
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0027_auto_20200616_1503'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='user',
+            name='role',
+            field=models.CharField(blank=True, choices=[('Admin', 'Super administrator'), ('User', 'User'), ('Auditor', 'Super auditor'), ('App', 'Application')], default='User', max_length=10, verbose_name='Role'),
+        ),
+    ]
diff --git a/apps/users/serializers_v2/user.py b/apps/users/serializers_v2/user.py
index 884c789af..d2b9cfa1c 100644
--- a/apps/users/serializers_v2/user.py
+++ b/apps/users/serializers_v2/user.py
@@ -39,7 +39,7 @@ class ServiceAccountSerializer(serializers.ModelSerializer):
     def save(self, **kwargs):
         self.validated_data['email'] = self.get_email()
         self.validated_data['username'] = self.get_username()
-        self.validated_data['role'] = User.ROLE_APP
+        self.validated_data['role'] = User.ROLE.APP
         return super().save(**kwargs)
 
     def create(self, validated_data):
diff --git a/apps/users/tasks.py b/apps/users/tasks.py
index 5c7bc0e47..f575a3afc 100644
--- a/apps/users/tasks.py
+++ b/apps/users/tasks.py
@@ -22,7 +22,7 @@ logger = get_logger(__file__)
 
 @shared_task
 def check_password_expired():
-    users = User.objects.filter(source=User.SOURCE_LOCAL).exclude(role=User.ROLE_APP)
+    users = User.objects.filter(source=User.SOURCE_LOCAL).exclude(role=User.ROLE.APP)
     for user in users:
         if not user.is_valid:
             continue
@@ -49,7 +49,7 @@ def check_password_expired_periodic():
 
 @shared_task
 def check_user_expired():
-    users = User.objects.exclude(role=User.ROLE_APP)
+    users = User.objects.exclude(role=User.ROLE.APP)
     for user in users:
         if not user.is_valid:
             continue