diff --git a/accounts/pkg/service/v0/service.go b/accounts/pkg/service/v0/service.go
index 21e3a58dd1..f709b70f20 100644
--- a/accounts/pkg/service/v0/service.go
+++ b/accounts/pkg/service/v0/service.go
@@ -253,6 +253,25 @@ func (s Service) createDefaultAccounts(withDemoAccounts bool) (err error) {
 				{Id: "509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"}, // users
 			},
 		},
+		{
+			Id:                       "534bb038-6f9d-4093-946f-133be61fa4e7",
+			PreferredName:            "katherine",
+			OnPremisesSamAccountName: "katherine",
+			Mail:                     "katherine@example.org",
+			DisplayName:              "Katherine Johnson",
+			UidNumber:                20005,
+			GidNumber:                30000,
+			PasswordProfile: &accountsmsg.PasswordProfile{
+				Password: "$2a$11$6SIBlZ.8BzjBsDTRrThUyuz6OvP.XLo7101oFiwHHB.jufKGS9.Ji",
+			},
+			AccountEnabled: true,
+			MemberOf: []*accountsmsg.Group{
+				{Id: "509a9dcd-bb37-4f4f-a01a-19dca27d9cfa"}, // users
+				{Id: "6040aa17-9c64-4fef-9bd0-77234d71bad0"}, // sailing-lovers
+				{Id: "a1726108-01f8-4c30-88df-2b1a9d1cba1a"}, // quantum-lovers
+				{Id: "262982c1-2362-4afa-bfdf-8cbfef64a06e"}, // physics-lovers
+			},
+		},
 		// technical users for kopano and reva
 		{
 			Id:                       "820ba2a1-3f54-4538-80a4-2d73007e30bf",
@@ -353,9 +372,11 @@ func (s Service) createDefaultGroups(withDemoGroups bool) (err error) {
 			{Id: "4c510ada-c86b-4815-8820-42cdf82c3d51"}, // einstein
 			{Id: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c"}, // marie
 			{Id: "932b4540-8d16-481e-8ef4-588e4b6b151c"}, // feynman
+			{Id: "534bb038-6f9d-4093-946f-133be61fa4e7"}, // katherine
 		}},
 		{Id: "6040aa17-9c64-4fef-9bd0-77234d71bad0", GidNumber: 30001, OnPremisesSamAccountName: "sailing-lovers", DisplayName: "Sailing lovers", Members: []*accountsmsg.Account{
 			{Id: "4c510ada-c86b-4815-8820-42cdf82c3d51"}, // einstein
+			{Id: "534bb038-6f9d-4093-946f-133be61fa4e7"}, // katherine
 		}},
 		{Id: "dd58e5ec-842e-498b-8800-61f2ec6f911f", GidNumber: 30002, OnPremisesSamAccountName: "violin-haters", DisplayName: "Violin haters", Members: []*accountsmsg.Account{
 			{Id: "4c510ada-c86b-4815-8820-42cdf82c3d51"}, // einstein
@@ -368,6 +389,7 @@ func (s Service) createDefaultGroups(withDemoGroups bool) (err error) {
 		}},
 		{Id: "a1726108-01f8-4c30-88df-2b1a9d1cba1a", GidNumber: 30005, OnPremisesSamAccountName: "quantum-lovers", DisplayName: "Quantum lovers", Members: []*accountsmsg.Account{
 			{Id: "932b4540-8d16-481e-8ef4-588e4b6b151c"}, // feynman
+			{Id: "534bb038-6f9d-4093-946f-133be61fa4e7"}, // katherine
 		}},
 		{Id: "167cbee2-0518-455a-bfb2-031fe0621e5d", GidNumber: 30006, OnPremisesSamAccountName: "philosophy-haters", DisplayName: "Philosophy haters", Members: []*accountsmsg.Account{
 			{Id: "932b4540-8d16-481e-8ef4-588e4b6b151c"}, // feynman
@@ -376,6 +398,7 @@ func (s Service) createDefaultGroups(withDemoGroups bool) (err error) {
 			{Id: "4c510ada-c86b-4815-8820-42cdf82c3d51"}, // einstein
 			{Id: "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c"}, // marie
 			{Id: "932b4540-8d16-481e-8ef4-588e4b6b151c"}, // feynman
+			{Id: "534bb038-6f9d-4093-946f-133be61fa4e7"}, // katherine
 		}},
 	}
 
diff --git a/docs/ocis/getting-started/demo-users.md b/docs/ocis/getting-started/demo-users.md
index 39da4f92c4..2023d4c6e1 100644
--- a/docs/ocis/getting-started/demo-users.md
+++ b/docs/ocis/getting-started/demo-users.md
@@ -16,12 +16,13 @@ To skip the generation of demo users, run the inital setup step with an addition
 
 Following users are available in the demo set:
 
-| username | password      | email                | role  | groups                                                                  |
-| -------- | ------------- | -------------------- | ----- | ----------------------------------------------------------------------- |
-| admin    | admin         | admin@example.org    | admin | users                                                                   |
-| einstein | relativity    | einstein@example.org | user  | users, philosophy-haters, physics-lovers, sailing-lovers, violin-haters |
-| marie    | radioactivity | marie@example.org    | user  | users, physics-lovers, polonium-lovers, radium-lovers                   |
-| moss     | vista         | moss@example.org     | admin | users                                                                   |
-| richard  | superfluidity | richard@example.org  | user  | users, philosophy-haters, physics-lovers, quantum-lovers                |
+| username  | password      | email                 | role                | groups                                                                  |
+| --------- | ------------- | --------------------- | ------------------- | ----------------------------------------------------------------------- |
+| admin     | admin         | admin@example.org     | admin               | users                                                                   |
+| einstein  | relativity    | einstein@example.org  | user                | users, philosophy-haters, physics-lovers, sailing-lovers, violin-haters |
+| marie     | radioactivity | marie@example.org     | user                | users, physics-lovers, polonium-lovers, radium-lovers                   |
+| moss      | vista         | moss@example.org      | admin               | users                                                                   |
+| richard   | superfluidity | richard@example.org   | user                | users, philosophy-haters, physics-lovers, quantum-lovers                |
+| katherine | gemini        | katherine@example.org | user, space-manager | users, sailing-lovers, physics-lovers, quantum-lovers                   |
 
 You may also want to run oCIS with only your custom users by [deleting the demo users]({{< ref "../deployment#delete-demo-users" >}}).
diff --git a/ocs/pkg/server/http/svc_test.go b/ocs/pkg/server/http/svc_test.go
index 410b714317..a8158dc1be 100644
--- a/ocs/pkg/server/http/svc_test.go
+++ b/ocs/pkg/server/http/svc_test.go
@@ -49,13 +49,14 @@ const (
 )
 
 const (
-	userEinstein string = "einstein"
-	userMarie    string = "marie"
-	userRichard  string = "richard"
-	userIDP      string = "idp"
-	userReva     string = "reva"
-	userMoss     string = "moss"
-	userAdmin    string = "admin"
+	userEinstein  string = "einstein"
+	userMarie     string = "marie"
+	userRichard   string = "richard"
+	userIDP       string = "idp"
+	userReva      string = "reva"
+	userMoss      string = "moss"
+	userAdmin     string = "admin"
+	userKatherine string = "katherine"
 )
 const (
 	groupPhilosophyHaters string = "philosophy-haters"
@@ -100,6 +101,12 @@ var defaultMemberOf = map[string][]string{
 	userAdmin: {
 		groupUsers,
 	},
+	userKatherine: {
+		groupUsers,
+		groupSailingLovers,
+		groupQuantumLovers,
+		groupPhysicsLovers,
+	},
 }
 
 var defaultMembers = map[string][]string{
@@ -111,9 +118,11 @@ var defaultMembers = map[string][]string{
 		userEinstein,
 		userMarie,
 		userRichard,
+		userKatherine,
 	},
 	groupSailingLovers: {
 		userEinstein,
+		userKatherine,
 	},
 	groupViolinHaters: {
 		userEinstein,
@@ -123,6 +132,7 @@ var defaultMembers = map[string][]string{
 	},
 	groupQuantumLovers: {
 		userRichard,
+		userKatherine,
 	},
 	groupPhilosophyHaters: {
 		userRichard,
@@ -131,18 +141,20 @@ var defaultMembers = map[string][]string{
 		userEinstein,
 		userMarie,
 		userRichard,
+		userKatherine,
 	},
 }
 
 // These account ids are only needed for cleanup
 const (
-	userIDEinstein string = "4c510ada-c86b-4815-8820-42cdf82c3d51"
-	userIDMarie    string = "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c"
-	userIDFeynman  string = "932b4540-8d16-481e-8ef4-588e4b6b151c"
-	userIDIDP      string = "820ba2a1-3f54-4538-80a4-2d73007e30bf"
-	userIDReva     string = "bc596f3c-c955-4328-80a0-60d018b4ad57"
-	userIDMoss     string = "058bff95-6708-4fe5-91e4-9ea3d377588b"
-	userIDAdmin    string = "ddc2004c-0977-11eb-9d3f-a793888cd0f8"
+	userIDEinstein  string = "4c510ada-c86b-4815-8820-42cdf82c3d51"
+	userIDMarie     string = "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c"
+	userIDFeynman   string = "932b4540-8d16-481e-8ef4-588e4b6b151c"
+	userIDIDP       string = "820ba2a1-3f54-4538-80a4-2d73007e30bf"
+	userIDReva      string = "bc596f3c-c955-4328-80a0-60d018b4ad57"
+	userIDMoss      string = "058bff95-6708-4fe5-91e4-9ea3d377588b"
+	userIDAdmin     string = "ddc2004c-0977-11eb-9d3f-a793888cd0f8"
+	userIDKatherine string = "534bb038-6f9d-4093-946f-133be61fa4e7"
 )
 
 // These group ids are only needed for cleanup
@@ -181,6 +193,7 @@ var defaultUsers = []string{
 	userMarie,
 	userMoss,
 	userAdmin,
+	userKatherine,
 }
 var defaultUserIDs = []string{
 	userIDEinstein,
@@ -190,6 +203,7 @@ var defaultUserIDs = []string{
 	userIDMarie,
 	userIDMoss,
 	userIDAdmin,
+	userIDKatherine,
 }
 
 var defaultGroups = []string{
diff --git a/settings/pkg/service/v0/settings.go b/settings/pkg/service/v0/settings.go
index 338e4d44da..d6b6a6c8e2 100644
--- a/settings/pkg/service/v0/settings.go
+++ b/settings/pkg/service/v0/settings.go
@@ -447,7 +447,6 @@ func generatePermissionRequests() []*settingssvc.AddSettingToBundleRequest {
 func defaultRoleAssignments() []*settingsmsg.UserRoleAssignment {
 	return []*settingsmsg.UserRoleAssignment{
 		// accounts service user for the metadata user is allowed to create spaces
-
 		{
 			AccountUuid: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
 			RoleId:      BundleUUIDRoleAdmin,
@@ -476,6 +475,18 @@ func defaultRoleAssignments() []*settingsmsg.UserRoleAssignment {
 		}, {
 			AccountUuid: "932b4540-8d16-481e-8ef4-588e4b6b151c",
 			RoleId:      BundleUUIDRoleUser,
+		}, {
+			AccountUuid: "534bb038-6f9d-4093-946f-133be61fa4e7",
+			RoleId:      BundleUUIDRoleUser,
+		},
+		// kjohnson with additional role "space-manager" (ListAllSpaces + CreateSpace)
+		{
+			AccountUuid: "534bb038-6f9d-4093-946f-133be61fa4e7",
+			RoleId:      ListAllSpacesPermissionID,
+		},
+		{
+			AccountUuid: "534bb038-6f9d-4093-946f-133be61fa4e7",
+			RoleId:      CreateSpacePermissionID,
 		},
 	}
 }