diff --git a/config/alfresco/messages/webclient.properties b/config/alfresco/messages/webclient.properties
index 76224db2a5..8a529d69aa 100644
--- a/config/alfresco/messages/webclient.properties
+++ b/config/alfresco/messages/webclient.properties
@@ -218,6 +218,10 @@ Collaborator=Collaborator
 Contributor=Contributor
 Editor=Editor
 All=All
+ContentManager=Content Manager
+ContentPublisher=Content Publisher
+ContentContributor=Content Contributor
+ContentReviewer=Content Reviewer
 
 # Actions
 delete=Delete
diff --git a/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java b/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java
index dad327b48e..04d9940a78 100644
--- a/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java
+++ b/source/java/org/alfresco/web/bean/wcm/CreateWebsiteWizard.java
@@ -51,6 +51,8 @@ import org.apache.commons.logging.LogFactory;
  */
 public class CreateWebsiteWizard extends BaseWizardBean
 {
+   private static final String ROLE_CONTENT_MANAGER = "ContentManager";
+
    private static Log logger = LogFactory.getLog(CreateWebsiteWizard.class);
    
    protected String name;
@@ -113,24 +115,40 @@ public class CreateWebsiteWizard extends BaseWizardBean
       outcome = wiz.finish();
       if (outcome != null)
       {       
-         // create the AVM stores (layers) to represent the newly created location website
+         // create the AVM stores to represent the newly created location website
          createStagingSandbox(this.name);
          
-         // create a sandbox for each user
-         // TODO: create sandbox appropriately based on role
-         List<String> invitedUsers = getInvitedUsernames(wiz);
+         // create a sandbox for each user appropriately with permissions based on role
+         boolean foundCurrentUser = false;
+         List<UserGroupRole> invitedUserRoles = (List<UserGroupRole>)wiz.getUserRolesDataModel().getWrappedData();
          String currentUser = Application.getCurrentUser(context).getUserName();
-         if (invitedUsers.contains(currentUser) == false)
+         for (UserGroupRole userRole : invitedUserRoles)
          {
-            invitedUsers.add(Application.getCurrentUser(context).getUserName());
+            if (currentUser.equals(userRole.getAuthority()))
+            {
+               foundCurrentUser = true;
+            }
+            createUserSandbox(this.name, userRole.getAuthority(), userRole.getRole());
          }
-         for (String username : invitedUsers)
+         if (foundCurrentUser == false)
          {
-            createUserSandbox(this.name, username);
+            createUserSandbox(this.name, currentUser, ROLE_CONTENT_MANAGER);
+            invitedUserRoles.add(new UserGroupRole(currentUser, ROLE_CONTENT_MANAGER, null));
          }
          
          // save the list of invited users against the store
-         this.nodeService.setProperty(nodeRef, ContentModel.PROP_USERSANDBOXES, (Serializable)invitedUsers);
+         for (UserGroupRole userRole : invitedUserRoles)
+         {
+            // create an app:webuser instance for each authority and assoc to the website node
+            Map<QName, Serializable> props = new HashMap<QName, Serializable>(2, 1.0f);
+            props.put(ContentModel.PROP_WEBUSERNAME, userRole.getAuthority());
+            props.put(ContentModel.PROP_WEBUSERROLE, userRole.getRole());
+            this.nodeService.createNode(nodeRef,
+                  ContentModel.ASSOC_WEBUSER,
+                  ContentModel.ASSOC_WEBUSER,
+                  ContentModel.TYPE_WEBUSER,
+                  props);
+         }
          
          // set the property on the node to reference the AVM store
          this.nodeService.setProperty(nodeRef, ContentModel.PROP_AVMSTORE, this.name);
@@ -327,8 +345,9 @@ public class CreateWebsiteWizard extends BaseWizardBean
     * 
     * @param name       The store name to create the sandbox for
     * @param username   Username of the user to create the sandbox for
+    * @param role       Role permission for the user
     */
-   private void createUserSandbox(String name, String username)
+   private void createUserSandbox(String name, String username, String role)
    {
       // create the user 'main' store
       String userStore = AVMConstants.buildAVMUserMainStoreName(name, username);
@@ -409,19 +428,4 @@ public class CreateWebsiteWizard extends BaseWizardBean
       this.avmService.setStoreProperty(store, QName.createQName(null, dnsProp),
             new PropertyValue(DataTypeDefinition.TEXT, path));
    }
-   
-   /**
-    * @return The list of invited usernames
-    */
-   private List<String> getInvitedUsernames(InviteWebsiteUsersWizard wizard)
-   {
-      // add the list of invited users here
-      List<UserGroupRole> users = (List<UserGroupRole>)wizard.getUserRolesDataModel().getWrappedData();
-      List<String> invited = new ArrayList<String>(users.size());
-      for (UserGroupRole u : users)
-      {
-         invited.add(u.getAuthority());
-      }
-      return invited;
-   }
 }
diff --git a/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java b/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java
index 076460dc13..d1c5ee2819 100644
--- a/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java
+++ b/source/java/org/alfresco/web/bean/wcm/InviteWebsiteUsersWizard.java
@@ -52,8 +52,8 @@ public class InviteWebsiteUsersWizard extends InviteUsersWizard
    {
       if (this.folderPermissions == null)
       {
-         // TODO: get permissions for a website folder type
-         this.folderPermissions = this.permissionService.getSettablePermissions(ContentModel.TYPE_FOLDER);
+         // get permissions and roles for a website folder type
+         this.folderPermissions = this.permissionService.getSettablePermissions(ContentModel.TYPE_AVMWEBFOLDER);
       }
        
       return this.folderPermissions;
diff --git a/source/java/org/alfresco/web/ui/wcm/component/UIUserSandboxes.java b/source/java/org/alfresco/web/ui/wcm/component/UIUserSandboxes.java
index 98bcc16e8f..350a8d1e52 100644
--- a/source/java/org/alfresco/web/ui/wcm/component/UIUserSandboxes.java
+++ b/source/java/org/alfresco/web/ui/wcm/component/UIUserSandboxes.java
@@ -39,8 +39,10 @@ import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
 import org.alfresco.service.cmr.avm.AVMService;
 import org.alfresco.service.cmr.avmsync.AVMDifference;
 import org.alfresco.service.cmr.avmsync.AVMSyncService;
+import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
+import org.alfresco.service.namespace.RegexQNamePattern;
 import org.alfresco.web.app.Application;
 import org.alfresco.web.app.servlet.DownloadContentServlet;
 import org.alfresco.web.bean.BrowseBean;
@@ -195,13 +197,17 @@ public class UIUserSandboxes extends SelfRenderingComponent
          }
          String storeRoot = (String)nodeService.getProperty(websiteRef, ContentModel.PROP_AVMSTORE);
          
-         // find the list of users who have a sandbox in the website
-         List<String> users = (List<String>)nodeService.getProperty(websiteRef, ContentModel.PROP_USERSANDBOXES);
-         for (int i=0; i<users.size(); i++)
+         // get the list of users who have a sandbox in the website
+         int index = 0;
+         List<ChildAssociationRef> userInfoRefs = nodeService.getChildAssocs(
+               websiteRef, ContentModel.ASSOC_WEBUSER, RegexQNamePattern.MATCH_ALL);
+         for (ChildAssociationRef ref : userInfoRefs)
          {
-            String username = users.get(i);
+            NodeRef userInfoRef = ref.getChildRef();
+            String username = (String)nodeService.getProperty(userInfoRef, ContentModel.PROP_WEBUSERNAME);
+            String userrole = (String)nodeService.getProperty(userInfoRef, ContentModel.PROP_WEBUSERROLE);
             
-            // build the name of the main store for the user
+            // build the name of the main store for this user
             String mainStore = AVMConstants.buildAVMUserMainStoreName(storeRoot, username);
             
             // check it exists before we render the view
@@ -227,8 +233,10 @@ public class UIUserSandboxes extends SelfRenderingComponent
                out.write("<b>");
                out.write(bundle.getString(MSG_USERNAME));
                out.write(":</b>&nbsp;");
-               out.write(username); // TODO: convert to full name?
-               out.write("</td><td><nobr>");
+               out.write(username);
+               out.write(" (");
+               out.write(bundle.getString(userrole));
+               out.write(")</td><td><nobr>");
                
                // direct actions for a sandbox
                String sandboxUrl = AVMConstants.buildAVMStoreUrl(mainStore);
@@ -279,7 +287,7 @@ public class UIUserSandboxes extends SelfRenderingComponent
                      "white");
                
                // spacer row
-               if (i < users.size() - 1)
+               if (index++ < userInfoRefs.size() - 1)
                {
                   out.write("<div style='padding:4px'></div>");
                }