diff --git a/csharp/App/Backend/Controllers/Controller.cs b/csharp/App/Backend/Controllers/Controller.cs
index 596b0bcbd..e3c285dcb 100644
--- a/csharp/App/Backend/Controllers/Controller.cs
+++ b/csharp/App/Backend/Controllers/Controller.cs
@@ -193,7 +193,63 @@ public class Controller
              ? folder 
              : _Unauthorized;
     }
+    
+    [Returns(OK)]
+    [Returns(Unauthorized)]
+    [HttpPost($"{nameof(GrantUserAccessToFolder)}/")]
+    public Object GrantUserAccessToFolder([FromQuery] Int64 folderId, [FromQuery] Int64? id)
+    {
+        var session = GetSession();
+        var user = id is not null ? Db.GetUserById(id) : session?.User;
 
+        return session.GrantUserAccessTo(user, Db.GetFolderById(folderId))
+            ? _Ok
+            : _Unauthorized;
+    }
+    
+    
+    [Returns(OK)]
+    [Returns(Unauthorized)]
+    [HttpPost($"{nameof(GrantUserAccessToInstallation)}/")]
+    public Object GrantUserAccessToInstallation([FromQuery] Int64 installationId, [FromQuery] Int64? id)
+    {
+        var session = GetSession();
+        
+        var user = id is not null ? Db.GetUserById(id) : session?.User;
+
+        return session.GrantUserAccessTo(user, Db.GetInstallationById(installationId)) 
+            ? _Ok
+            : _Unauthorized;
+    }
+    
+    [Returns(OK)]
+    [Returns(Unauthorized)]
+    [HttpPost($"{nameof(RevokeUserAccessToInstallation)}/")]
+    public Object RevokeUserAccessToInstallation([FromQuery] Int64 installationId, [FromQuery] Int64? id)
+    {
+        var session = GetSession();
+        var user = id is not null ? Db.GetUserById(id) : session?.User;
+
+        
+        return session.RevokeAccessTo(user, Db.GetInstallationById(installationId)) 
+            ? _Ok
+            : _Unauthorized;
+    }
+    
+    [Returns(OK)]
+    [Returns(Unauthorized)]
+    [HttpPost($"{nameof(RevokeUserAccessToFolder)}/")]
+    public Object RevokeUserAccessToFolder([FromQuery] Int64 folderId, [FromQuery] Int64? id)
+    {
+        var session = GetSession();
+        var user = id is not null ? Db.GetUserById(id) : session?.User;
+
+        
+        return session.RevokeAccessTo(user, Db.GetFolderById(folderId)) 
+            ? _Ok
+            : _Unauthorized;
+    }
+    
     [Returns(OK)]
     [Returns(Unauthorized)]
     [HttpPut($"{nameof(UpdateUser)}/")]
diff --git a/csharp/App/Backend/DataTypes/Methods/Session.cs b/csharp/App/Backend/DataTypes/Methods/Session.cs
index f51e15883..844b1cca2 100644
--- a/csharp/App/Backend/DataTypes/Methods/Session.cs
+++ b/csharp/App/Backend/DataTypes/Methods/Session.cs
@@ -122,7 +122,6 @@ public static class SessionMethods
             && sessionUser.HasAccessTo(installation)
             && !user.HasAccessTo(installation)
             && Db.Create(new InstallationAccess { UserId = user.Id, InstallationId = installation.Id });
-        
     }
 
     public static Boolean GrantUserAccessTo(this Session? session, User? user, Folder? folder)
@@ -138,6 +137,34 @@ public static class SessionMethods
             && Db.Create(new FolderAccess { UserId = user.Id, FolderId = folder.Id });
     }
     
+    public static Boolean RevokeAccessTo(this Session? session, User? user, Installation? installation)
+    {
+        var sessionUser = session?.User;
+        
+        return sessionUser is not null
+               && user is not null
+               && installation is not null
+               && user.IsDescendantOf(sessionUser)
+               && sessionUser.HasAccessTo(installation)
+               && user.HasAccessTo(installation)
+               && Db.InstallationAccess.Delete(access =>
+                   access.UserId == user.Id && access.InstallationId == installation.Id) > 0;
+    }
+    
+    public static Boolean RevokeAccessTo(this Session? session, User? user, Folder? folder)
+    {
+        var sessionUser = session?.User;
+        
+        return sessionUser is not null
+               && user is not null
+               && folder is not null
+               && user.IsDescendantOf(sessionUser)
+               && sessionUser.HasAccessTo(folder)
+               && user.HasAccessTo(folder)
+               && Db.FolderAccess.Delete(access =>
+                   access.UserId == user.Id && access.FolderId == folder.Id) > 0;
+    }
+    
     public static Boolean Logout(this Session? session)
     {
         return session is not null
diff --git a/csharp/App/Backend/DataTypes/Methods/User.cs b/csharp/App/Backend/DataTypes/Methods/User.cs
index 30c350c27..b7498ccfe 100644
--- a/csharp/App/Backend/DataTypes/Methods/User.cs
+++ b/csharp/App/Backend/DataTypes/Methods/User.cs
@@ -78,6 +78,7 @@ public static class UserMethods
 
     public static Boolean IsDescendantOf(this User user, User ancestor)
     {
+        if (user.Id == ancestor.Id) return true;
         return user
               .Ancestors()
               .Any(u => u.Id == ancestor.Id);
diff --git a/csharp/App/Backend/Database/Read.cs b/csharp/App/Backend/Database/Read.cs
index 312d0c94d..53c0586de 100644
--- a/csharp/App/Backend/Database/Read.cs
+++ b/csharp/App/Backend/Database/Read.cs
@@ -19,7 +19,7 @@ public static partial class Db
               .FirstOrDefault(i => i.Id == id);
     }
     
-    public static User? GetUserById(Int64 id)
+    public static User? GetUserById(Int64? id)
     {
         return Users
               .FirstOrDefault(u => u.Id == id);
diff --git a/csharp/App/Backend/db.sqlite b/csharp/App/Backend/db.sqlite
index fa9af84f7..ef955850d 100644
Binary files a/csharp/App/Backend/db.sqlite and b/csharp/App/Backend/db.sqlite differ