diff --git a/services/auth/app/models/users.py b/services/auth/app/models/users.py
index 2dfdebce..43c343c1 100644
--- a/services/auth/app/models/users.py
+++ b/services/auth/app/models/users.py
@@ -31,7 +31,7 @@ class User(Base):
     phone = Column(String(20))
     language = Column(String(10), default="es")
     timezone = Column(String(50), default="Europe/Madrid")
-    role = Column(String(20), default="user")
+    role = Column(String(20), nullable=False)
 
     # REMOVED: All tenant relationships - these are handled by tenant service
     # No tenant_memberships, tenants relationships
@@ -50,6 +50,7 @@ class User(Base):
             "phone": self.phone,
             "language": self.language,
             "timezone": self.timezone,
+            "role": self.role,
             "created_at": self.created_at.isoformat() if self.created_at else None,
             "updated_at": self.updated_at.isoformat() if self.updated_at else None,
             "last_login": self.last_login.isoformat() if self.last_login else None
diff --git a/services/auth/app/services/auth_service.py b/services/auth/app/services/auth_service.py
index bbc98178..642686e4 100644
--- a/services/auth/app/services/auth_service.py
+++ b/services/auth/app/services/auth_service.py
@@ -38,6 +38,8 @@ class AuthService:
                     detail="User with this email already exists"
                 )
             
+            user_role = user_data.role if user_data.role else "user"
+            
             # Create new user
             hashed_password = SecurityManager.hash_password(user_data.password)
             new_user = User(
@@ -49,12 +51,14 @@ class AuthService:
                 is_verified=False,
                 created_at=datetime.now(timezone.utc),
                 updated_at=datetime.now(timezone.utc),
-                role=user_data.role
+                role=user_role
             )
             
             db.add(new_user)
             await db.flush()  # Get user ID without committing
             
+            logger.debug(f"User created with role: {new_user.role} for {user_data.email}")
+            
             # ✅ FIX 1: Create SEPARATE access and refresh tokens with different payloads
             access_token_data = {
                 "user_id": str(new_user.id),
@@ -99,6 +103,7 @@ class AuthService:
                     "user_id": str(new_user.id),
                     "email": new_user.email,
                     "full_name": new_user.full_name,
+                    "role": new_user.role,
                     "registered_at": datetime.now(timezone.utc).isoformat()
                 })
             except Exception as e: