diff --git a/appinfo/routes.php b/appinfo/routes.php
index c6be018..3e38267 100644
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@@ -8,6 +8,8 @@ return [
 		['name' => 'resource#show', 'url' => '/resources/{resourceId}', 'verb' => 'GET'],
 		['name' => 'resource#create', 'url' => '/resources/{resourceId}', 'verb' => 'POST'],
 		['name' => 'resource#update', 'url' => '/resources/{resourceId}', 'verb' => 'PUT'],
+		['name' => 'resource_member#index', 'url' => '/resources/{resourceId}/members', 'verb' => 'GET'],
+		['name' => 'resource_member#create', 'url' => '/resources/{resourceId}/members', 'verb' => 'POST'],
 		['name' => 'organization#getOrganizationProviders', 'url' => '/organizationProviders', 'verb' => 'GET'],
 		['name' => 'organization#getOrganization', 'url' => '/organizationProviders/{organizationProviderId}/organizations/{organizationId}', 'verb' => 'GET'],
 		['name' => 'organization#getSubOrganizations', 'url' => '/organizationProviders/{organizationProviderId}/organizations/{parentOrganizationId}/subOrganizations', 'verb' => 'GET'],
diff --git a/lib/Controller/ResourceMemberController.php b/lib/Controller/ResourceMemberController.php
new file mode 100644
index 0000000..2e86134
--- /dev/null
+++ b/lib/Controller/ResourceMemberController.php
@@ -0,0 +1,92 @@
+<?php
+
+namespace OCA\OrganizationFolders\Controller;
+
+use OCA\OrganizationFolders\Model\Principal;
+use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
+
+use OCA\OrganizationFolders\Db\ResourceMember;
+use OCA\OrganizationFolders\Service\ResourceService;
+use OCA\OrganizationFolders\Service\ResourceMemberService;
+use OCA\OrganizationFolders\Enum\PrincipalType;
+use OCA\OrganizationFolders\Enum\ResourceMemberPermissionLevel;
+
+class ResourceMemberController extends BaseController {
+	use Errors;
+
+	public function __construct(
+		private ResourceMemberService $service,
+		private ResourceService $resourceService,
+		private string $userId,
+    ) {
+		parent::__construct();
+	}
+
+    #[NoAdminRequired]
+	public function index(int $resourceId): JSONResponse {
+		return $this->handleNotFound(function () use ($resourceId) {
+            $resource = $this->resourceService->find($resourceId);
+
+            $this->denyAccessUnlessGranted(['READ'], $resource);
+
+			return $this->service->findAll($resourceId);
+		});
+	}
+
+    #[NoAdminRequired]
+	public function create(
+		int $resourceId,
+        string|int $permissionLevel,
+		string|int $principalType,
+		string $principalId,
+	): JSONResponse {
+		return $this->handleErrors(function () use ($resourceId, $permissionLevel, $principalType, $principalId): ResourceMember {
+			$resource = $this->resourceService->find($resourceId);
+
+            $this->denyAccessUnlessGranted(['UPDATE_MEMBERS'], $resource);
+
+			$resourceMember = $this->service->create(
+				resourceId: $resourceId,
+                permissionLevel: ResourceMemberPermissionLevel::fromNameOrValue($permissionLevel),
+				principal: new Principal(PrincipalType::fromNameOrValue($principalType), $principalId),
+			);
+
+			return $resourceMember;
+		});
+	}
+
+	#[NoAdminRequired]
+	public function update(
+		int $id,
+		string|int $permissionLevel,
+	): JSONResponse {
+		return $this->handleErrors(function () use ($id, $permissionLevel): ResourceMember {
+			$resourceMember = $this->service->find($id);
+
+			$resource = $this->resourceService->find($resourceMember->getResourceId());
+			
+			$this->denyAccessUnlessGranted(['UPDATE_MEMBERS'], $resource);
+
+			$resourceMember = $this->service->update(
+				id: $resourceMember->getId(),
+				permissionLevel: ResourceMemberPermissionLevel::fromNameOrValue($permissionLevel),
+			);
+
+			return $resourceMember;
+		});
+	}
+
+	#[NoAdminRequired]
+	public function destroy(int $id): JSONResponse {
+		return $this->handleNotFound(function () use ($id): ResourceMember {
+			$resourceMember = $this->service->find($id);
+
+			$resource = $this->resourceService->find($resourceMember->getResourceId());
+			
+			$this->denyAccessUnlessGranted(['UPDATE_MEMBERS'], $resource);
+
+			return $this->service->delete($resourceMember->getId());
+		});
+	}
+}
\ No newline at end of file