diff --git a/csharp/App/Backend/Controllers/Controller.cs b/csharp/App/Backend/Controllers/Controller.cs
index 484039384..10d4ba578 100644
--- a/csharp/App/Backend/Controllers/Controller.cs
+++ b/csharp/App/Backend/Controllers/Controller.cs
@@ -4,7 +4,6 @@ using InnovEnergy.App.Backend.Database;
 using InnovEnergy.App.Backend.Model;
 using InnovEnergy.App.Backend.Model.Relations;
 using InnovEnergy.App.Backend.Utils;
-using InnovEnergy.Lib.Utils;
 using Microsoft.AspNetCore.Mvc;
 using HttpContextAccessor = Microsoft.AspNetCore.Http.HttpContextAccessor;
 
@@ -227,23 +226,68 @@ public class Controller
      
         return folder;
     }
+    
+    [Returns(HttpStatusCode.OK)]
+    [Returns(HttpStatusCode.Unauthorized)]
+    [HttpPost($"{nameof(CreateUser)}/")]
+    public Object CreateUser(User newUser)
+    {
+        var caller = GetCaller();
+        using var db = Db.Connect();
+        if (caller == null || !caller.HasWriteAccess)
+            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
 
+        newUser.ParentId = caller.Id;
+        
+        return db.CreateUser(newUser);
+    }
+    
+    [Returns(HttpStatusCode.OK)]
+    [Returns(HttpStatusCode.Unauthorized)]
+    [HttpPost($"{nameof(CreateInstallation)}/")]
+    public Object CreateInstallation(Installation installation)
+    {
+        var caller = GetCaller();
+        using var db = Db.Connect();
+        if (caller == null || !caller.HasWriteAccess)
+            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
+        
+        db.CreateInstallation(installation);
+        if (db.GetInstallationById(1)!.Name != installation.Name)
+        {
+            return new HttpResponseMessage(HttpStatusCode.BadRequest);
+        }
+
+        return db.AddToAccessibleInstallations(caller.Id, 1);
+
+    }
+    
+    [Returns(HttpStatusCode.OK)]
+    [Returns(HttpStatusCode.Unauthorized)]
+    [HttpPost($"{nameof(CreateFolder)}/")]
+    public Object CreateFolder(Folder folder)
+    {
+        var caller = GetCaller();
+        using var db = Db.Connect();
+        if (caller == null || !caller.HasWriteAccess || db.GetInstallationByName(folder.Name) != null)
+            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
+
+        db.CreateFolder(folder);
+        return db.AddToAccessibleInstallations(caller.Id, db.GetInstallationByName(folder.Name)!.Id);
+
+    }
 
     [Returns(HttpStatusCode.OK)]
     [Returns(HttpStatusCode.Unauthorized)]
     [HttpPut($"{nameof(UpdateUser)}/")]
     public Object UpdateUser(User updatedUser)
     {
-        // TODO: distinguish between create and update
-        
         var caller = GetCaller();
         using var db = Db.Connect();
-        if (caller == null || !db.IsParentOfChild(caller.Id, updatedUser))
-        return new HttpResponseMessage(HttpStatusCode.Unauthorized);
+        if (caller == null || !db.IsParentOfChild(caller.Id, updatedUser) || !caller.HasWriteAccess)
+            return new HttpResponseMessage(HttpStatusCode.Unauthorized);
         
-        return db.GetUserById(updatedUser.Id) != null 
-             ? db.UpdateUser(updatedUser) 
-             : db.CreateUser(updatedUser);
+        return db.UpdateUser(updatedUser);
     }
     
     
diff --git a/csharp/App/Backend/Database/Db.cs b/csharp/App/Backend/Database/Db.cs
index 06bdbd2e7..556704cc7 100644
--- a/csharp/App/Backend/Database/Db.cs
+++ b/csharp/App/Backend/Database/Db.cs
@@ -213,8 +213,7 @@ public partial class Db : IDisposable
     public Object? GetInstallationS3Key(Int64 installationId)
     {
         return Installations
-            .Where(installation => installation.Id == installationId)
-            .Select(installation => installation.S3Key);
+            .FirstOrDefault(installation => installation.Id == installationId).S3Key;
     }
 
     public void DeleteS3KeysDaily()
@@ -225,5 +224,16 @@ public partial class Db : IDisposable
             Update(installation);
         }
     }
+
+    public Installation? GetInstallationByName(String installationName)
+    {
+        return Installations
+            .FirstOrDefault(installation => installation.Name == installationName);
+    }
+
+    public Int64 LastInsertRowId()
+    {
+        return _Db.;
+    }
 }
 
diff --git a/csharp/App/Backend/Database/Installation.cs b/csharp/App/Backend/Database/Installation.cs
index e02ad9277..9bd78ca93 100644
--- a/csharp/App/Backend/Database/Installation.cs
+++ b/csharp/App/Backend/Database/Installation.cs
@@ -31,6 +31,7 @@ public partial class Db
 
         return Delete(installation);
     }
-    
+
+
 }
 
diff --git a/csharp/App/Backend/Database/User.cs b/csharp/App/Backend/Database/User.cs
index b07bc6b62..af5f09043 100644
--- a/csharp/App/Backend/Database/User.cs
+++ b/csharp/App/Backend/Database/User.cs
@@ -53,7 +53,7 @@ public partial class Db
 
     public User? GetUserByEmail(String email) => Users.FirstOrDefault(u => u.Email == email);
 
-    public Result CreateUser(User user)
+    public Object CreateUser(User user)
     {
         if (GetUserByEmail(user.Email) is not null)
             return Result.Error("User with that email already exists");