diff --git a/docs/IMPLEMENTATION_PLAN.md b/docs/IMPLEMENTATION_PLAN.md
index e215cc4..6b945e7 100644
--- a/docs/IMPLEMENTATION_PLAN.md
+++ b/docs/IMPLEMENTATION_PLAN.md
@@ -1702,7 +1702,7 @@ public enum CashBookEntryType { Income = 0, Expense = 1 }
 | ✓ | K1 | Domain | Entities + Enums | 5 |
 | ✓ | K2 | Infrastructure | EF Configurations | 4 |
 | ✓ | K3 | Infrastructure | Migration | - |
-| ☐ | K4 | Security | Kassenwart Role + Policy | 4 |
+| ✓ | K4 | Security | Kassenwart Role + Policy | 4 |
 | ☐ | K5 | Infrastructure | Repositories | 5 |
 | ☐ | K6 | Application | DTOs | 3 |
 | ☐ | K7 | Application | Service Interfaces | 2 |
diff --git a/src/Koogle.Domain/Enums/UserRole.cs b/src/Koogle.Domain/Enums/UserRole.cs
index e4e2e94..d0a9be5 100644
--- a/src/Koogle.Domain/Enums/UserRole.cs
+++ b/src/Koogle.Domain/Enums/UserRole.cs
@@ -25,6 +25,12 @@ namespace Koogle.Domain.Enums
         /// </summary>
         public const string Admin = "Admin";
 
+        /// <summary>
+        /// With this role, the user can manage the cash book within a club.
+        /// Rank between Editor and Admin.
+        /// </summary>
+        public const string Treasurer = "Kassenwart";
+
         /// <summary>
         /// With this role, the user can edit content within a club but does not have administrative rights.
         /// </summary>
diff --git a/src/Koogle.Infrastructure/DependencyInjection.cs b/src/Koogle.Infrastructure/DependencyInjection.cs
index 5fe664e..32f6ecd 100644
--- a/src/Koogle.Infrastructure/DependencyInjection.cs
+++ b/src/Koogle.Infrastructure/DependencyInjection.cs
@@ -74,6 +74,7 @@ public static class DependencyInjection
         {
             options.AddPolicy("ClubViewer", p => p.Requirements.Add(new ClubRoleRequirement("Viewer")));
             options.AddPolicy("ClubEditor", p => p.Requirements.Add(new ClubRoleRequirement("Editor")));
+            options.AddPolicy("ClubTreasurer", p => p.Requirements.Add(new ClubRoleRequirement("Kassenwart")));
             options.AddPolicy("ClubAdmin", p => p.Requirements.Add(new ClubRoleRequirement("Admin")));
         });
         services.AddSingleton<IAuthorizationHandler, ClubRoleHandler>();
diff --git a/src/Koogle.Infrastructure/Security/ClubRoleRequirement.cs b/src/Koogle.Infrastructure/Security/ClubRoleRequirement.cs
index e7ca08d..0025943 100644
--- a/src/Koogle.Infrastructure/Security/ClubRoleRequirement.cs
+++ b/src/Koogle.Infrastructure/Security/ClubRoleRequirement.cs
@@ -16,7 +16,8 @@ public static class ClubRoleHelper
     {
         static int Rank(string role) => role switch
         {
-            "Admin" => 3,
+            "Admin" => 4,
+            "Kassenwart" => 3,
             "Editor" => 2,
             "Viewer" => 1,
             _ => 0
diff --git a/src/Koogle.Infrastructure/Security/IdentityRoleSeeder.cs b/src/Koogle.Infrastructure/Security/IdentityRoleSeeder.cs
index a1b55a6..49fae73 100644
--- a/src/Koogle.Infrastructure/Security/IdentityRoleSeeder.cs
+++ b/src/Koogle.Infrastructure/Security/IdentityRoleSeeder.cs
@@ -16,7 +16,7 @@ public static class IdentityRoleSeeder
     {
         var roleManager = services.GetRequiredService<RoleManager<ApplicationRole>>();
 
-        string[] roles = { "SuperAdmin", "Admin", "Editor", "Viewer" };
+        string[] roles = { "SuperAdmin", "Admin", "Kassenwart", "Editor", "Viewer" };
 
         foreach (var roleName in roles)
         {