diff --git a/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfRolePermissionRepository.cs b/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfRolePermissionRepository.cs
index 0ba4322..f5ad1e1 100644
--- a/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfRolePermissionRepository.cs
+++ b/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfRolePermissionRepository.cs
@@ -28,11 +28,14 @@ public sealed class EfRolePermissionRepository(IdentityDbContext dbContext) : IR
 
     public async Task ReplaceRolePermissionsAsync(long tenantId, long roleId, IEnumerable<long> permissionIds, CancellationToken cancellationToken = default)
     {
+        await using var trx = await dbContext.Database.BeginTransactionAsync(cancellationToken);
+
         var existing = await dbContext.RolePermissions
             .Where(x => x.TenantId == tenantId && x.RoleId == roleId)
             .ToListAsync(cancellationToken);
 
         dbContext.RolePermissions.RemoveRange(existing);
+        await dbContext.SaveChangesAsync(cancellationToken);
 
         var toAdd = permissionIds.Distinct().Select(permissionId => new RolePermission
         {
@@ -42,6 +45,8 @@ public sealed class EfRolePermissionRepository(IdentityDbContext dbContext) : IR
         });
 
         await dbContext.RolePermissions.AddRangeAsync(toAdd, cancellationToken);
+        await dbContext.SaveChangesAsync(cancellationToken);
+        await trx.CommitAsync(cancellationToken);
     }
 
     public Task SaveChangesAsync(CancellationToken cancellationToken = default)
diff --git a/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfUserRoleRepository.cs b/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfUserRoleRepository.cs
index bf3c334..6e1f2ae 100644
--- a/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfUserRoleRepository.cs
+++ b/src/Infrastructure/TakeoutSaaS.Infrastructure/Identity/Persistence/EfUserRoleRepository.cs
@@ -23,11 +23,14 @@ public sealed class EfUserRoleRepository(IdentityDbContext dbContext) : IUserRol
 
     public async Task ReplaceUserRolesAsync(long tenantId, long userId, IEnumerable<long> roleIds, CancellationToken cancellationToken = default)
     {
+        await using var trx = await dbContext.Database.BeginTransactionAsync(cancellationToken);
+
         var existing = await dbContext.UserRoles
             .Where(x => x.TenantId == tenantId && x.UserId == userId)
             .ToListAsync(cancellationToken);
 
         dbContext.UserRoles.RemoveRange(existing);
+        await dbContext.SaveChangesAsync(cancellationToken);
 
         var toAdd = roleIds.Distinct().Select(roleId => new UserRole
         {
@@ -37,6 +40,8 @@ public sealed class EfUserRoleRepository(IdentityDbContext dbContext) : IUserRol
         });
 
         await dbContext.UserRoles.AddRangeAsync(toAdd, cancellationToken);
+        await dbContext.SaveChangesAsync(cancellationToken);
+        await trx.CommitAsync(cancellationToken);
     }
 
     public Task SaveChangesAsync(CancellationToken cancellationToken = default)