diff --git a/src/feature/role_permission.rs b/src/feature/role_permission.rs
index 22b5ca6..c192209 100644
--- a/src/feature/role_permission.rs
+++ b/src/feature/role_permission.rs
@@ -1,4 +1,57 @@
+use serde::{Deserialize, Serialize};
+use sqlx::{Pool, Postgres};
+
+use crate::database::role_permission;
+
+#[derive(Debug, Serialize, Deserialize)]
 pub struct RolePermission {
     pub role_id: i64,
     pub permission_id: i64,
 }
+
+impl RolePermission {
+    pub async fn create(
+        role_id: &i64,
+        permission_id: &i64,
+        database_connection: &Pool<Postgres>,
+    ) -> Result<RolePermission, sqlx::Error> {
+        role_permission::create(role_id, permission_id, database_connection).await
+    }
+
+    pub async fn read(
+        role_id: &i64,
+        permission_id: &i64,
+        database_connection: &Pool<Postgres>,
+    ) -> Result<RolePermission, sqlx::Error> {
+        role_permission::read(role_id, permission_id, database_connection).await
+    }
+
+    pub async fn update(
+        role_id: &i64,
+        permission_id: &i64,
+        database_connection: &Pool<Postgres>,
+    ) -> Result<RolePermission, sqlx::Error> {
+        role_permission::update(role_id, permission_id, database_connection).await
+    }
+    pub async fn delete(
+        role_id: &i64,
+        permission_id: &i64,
+        database_connection: &Pool<Postgres>,
+    ) -> Result<RolePermission, sqlx::Error> {
+        role_permission::delete(role_id, permission_id, database_connection).await
+    }
+
+    pub async fn read_all_for_role(
+        role_id: &i64,
+        database_connection: &Pool<Postgres>,
+    ) -> Result<Vec<RolePermission>, sqlx::Error> {
+        role_permission::read_all_for_role(role_id, database_connection).await
+    }
+
+    pub async fn delete_all_for_role(
+        role_id: &i64,
+        database_connection: &Pool<Postgres>,
+    ) -> Result<Vec<RolePermission>, sqlx::Error> {
+        role_permission::delete_all_for_role(role_id, database_connection).await
+    }
+}
diff --git a/src/routing.rs b/src/routing.rs
index 763217e..d5e0160 100644
--- a/src/routing.rs
+++ b/src/routing.rs
@@ -5,6 +5,7 @@ pub mod permission;
 pub mod post;
 pub mod post_interaction;
 pub mod role;
+pub mod role_permission;
 pub mod user;
 
 use axum::{extract::State, http::StatusCode, response::IntoResponse, routing::get, Router};
@@ -43,6 +44,10 @@ pub async fn route(State(app_state): State<AppState>) -> Router {
             "/comment_interactions",
             comment_interaction::route(axum::extract::State(app_state.clone())),
         )
+        .nest(
+            "/role_permissions",
+            role_permission::route(axum::extract::State(app_state.clone())),
+        )
         .layer(CorsLayer::permissive())
         .with_state(app_state)
 }
diff --git a/src/routing/role_permission.rs b/src/routing/role_permission.rs
new file mode 100644
index 0000000..8a5a55c
--- /dev/null
+++ b/src/routing/role_permission.rs
@@ -0,0 +1,135 @@
+use axum::{
+    extract::{Path, State},
+    http::StatusCode,
+    response::IntoResponse,
+    routing::{delete, get, patch, post},
+    Json, Router,
+};
+use serde::{Deserialize, Serialize};
+
+use crate::{feature::role_permission::RolePermission, AppState};
+
+#[derive(Debug, Serialize, Deserialize)]
+struct CreateRolePermission {
+    pub role_id: i64,
+    pub permission_id: i64,
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+struct UpdateRolePermission {
+    pub role_id: i64,
+    pub permission_id: i64,
+}
+
+pub fn route(State(app_state): State<AppState>) -> Router<AppState> {
+    Router::new()
+        .route("/", post(create))
+        .route("/roles/:role_id/permissions/:permission_id", get(read))
+        .route("/", patch(update))
+        .route(
+            "/roles/:role_id/permissions/:permission_id",
+            delete(delete_),
+        )
+        .route("/role/:role_id", get(read_all_for_role))
+        .route("/role/:role_id", delete(delete_all_for_role))
+        .with_state(app_state)
+}
+
+async fn create(
+    State(app_state): State<AppState>,
+    Json(create_role_permission): Json<CreateRolePermission>,
+) -> impl IntoResponse {
+    match RolePermission::create(
+        &create_role_permission.role_id,
+        &create_role_permission.permission_id,
+        &app_state.database_connection,
+    )
+    .await
+    {
+        Ok(role_permission) => (
+            StatusCode::CREATED,
+            Json(serde_json::json!(role_permission)),
+        ),
+        Err(err_val) => (
+            StatusCode::BAD_REQUEST,
+            Json(serde_json::json!(err_val.to_string())),
+        ),
+    }
+}
+
+async fn read(
+    State(app_state): State<AppState>,
+    Path((role_id, permission_id)): Path<(i64, i64)>,
+) -> impl IntoResponse {
+    match RolePermission::read(&role_id, &permission_id, &app_state.database_connection).await {
+        Ok(role_permission) => (StatusCode::OK, Json(serde_json::json!(role_permission))),
+        Err(err_val) => (
+            StatusCode::BAD_REQUEST,
+            Json(serde_json::json!(err_val.to_string())),
+        ),
+    }
+}
+
+async fn update(
+    State(app_state): State<AppState>,
+    Json(update_role): Json<UpdateRolePermission>,
+) -> impl IntoResponse {
+    match RolePermission::update(
+        &update_role.role_id,
+        &update_role.permission_id,
+        &app_state.database_connection,
+    )
+    .await
+    {
+        Ok(role_permission) => (
+            StatusCode::ACCEPTED,
+            Json(serde_json::json!(role_permission)),
+        ),
+        Err(err_val) => (
+            StatusCode::BAD_REQUEST,
+            Json(serde_json::json!(err_val.to_string())),
+        ),
+    }
+}
+
+async fn delete_(
+    State(app_state): State<AppState>,
+    Path((role_id, permission_id)): Path<(i64, i64)>,
+) -> impl IntoResponse {
+    match RolePermission::delete(&role_id, &permission_id, &app_state.database_connection).await {
+        Ok(role_permission) => (
+            StatusCode::NO_CONTENT,
+            Json(serde_json::json!(role_permission)),
+        ),
+        Err(err_val) => (
+            StatusCode::BAD_REQUEST,
+            Json(serde_json::json!(err_val.to_string())),
+        ),
+    }
+}
+
+async fn read_all_for_role(
+    State(app_state): State<AppState>,
+    Path(role_id): Path<i64>,
+) -> impl IntoResponse {
+    match RolePermission::read_all_for_role(&role_id, &app_state.database_connection).await {
+        Ok(role_permissions) => (StatusCode::OK, Json(serde_json::json!(role_permissions))),
+        Err(err_val) => (
+            StatusCode::BAD_REQUEST,
+            Json(serde_json::json!(err_val.to_string())),
+        ),
+    }
+}
+
+async fn delete_all_for_role(
+    State(app_state): State<AppState>,
+    Path(role_id): Path<i64>,
+) -> impl IntoResponse {
+    match RolePermission::delete_all_for_role(&role_id, &app_state.database_connection).await {
+        Ok(role_permissions) => (StatusCode::OK, Json(serde_json::json!(role_permissions))),
+        Err(err_val) => (
+            StatusCode::BAD_REQUEST,
+            Json(serde_json::json!(err_val.to_string())),
+        ),
+    }
+}