summaryrefslogtreecommitdiff
path: root/sql/modules/Roles.sql
blob: 0603d92ff30c160ac4e0ed61351db57fd8b80d82 (plain)
  1. GRANT ALL ON SCHEMA public TO public; -- required for Pg 8.2
  2. -- Contacts
  3. CREATE ROLE "lsmb_<?lsmb dbname ?>__read_contact"
  4. WITH INHERIT NOLOGIN;
  5. GRANT SELECT ON entity TO "lsmb_<?lsmb dbname ?>__read_contact";
  6. GRANT SELECT ON company TO "lsmb_<?lsmb dbname ?>__read_contact";
  7. GRANT SELECT ON location TO "lsmb_<?lsmb dbname ?>__read_contact";
  8. GRANT SELECT ON person TO "lsmb_<?lsmb dbname ?>__read_contact";
  9. GRANT SELECT ON entity_credit_account TO "lsmb_<?lsmb dbname ?>__read_contact";
  10. GRANT SELECT ON company_to_contact TO "lsmb_<?lsmb dbname ?>__read_contact";
  11. GRANT SELECT ON company_to_entity TO "lsmb_<?lsmb dbname ?>__read_contact";
  12. GRANT SELECT ON company_to_location TO "lsmb_<?lsmb dbname ?>__read_contact";
  13. GRANT SELECT ON customertax TO "lsmb_<?lsmb dbname ?>__read_contact";
  14. GRANT SELECT ON contact_class TO "lsmb_<?lsmb dbname ?>__read_contact";
  15. GRANT SELECT ON entity_class TO "lsmb_<?lsmb dbname ?>__read_contact";
  16. GRANT SELECT ON entity_bank_account TO "lsmb_<?lsmb dbname ?>__read_contact";
  17. GRANT SELECT ON entity_note TO "lsmb_<?lsmb dbname ?>__read_contact";
  18. GRANT SELECT ON entity_class_to_entity TO "lsmb_<?lsmb dbname ?>__read_contact";
  19. GRANT SELECT ON entity_other_name TO "lsmb_<?lsmb dbname ?>__read_contact";
  20. GRANT SELECT ON location_class TO "lsmb_<?lsmb dbname ?>__read_contact";
  21. GRANT SELECT ON person_to_company TO "lsmb_<?lsmb dbname ?>__read_contact";
  22. GRANT SELECT ON person_to_contact TO "lsmb_<?lsmb dbname ?>__read_contact";
  23. GRANT SELECT ON person_to_contact TO "lsmb_<?lsmb dbname ?>__read_contact";
  24. GRANT SELECT ON person_to_location TO "lsmb_<?lsmb dbname ?>__read_contact";
  25. GRANT SELECT ON person_to_location TO "lsmb_<?lsmb dbname ?>__read_contact";
  26. GRANT SELECT ON company_to_location TO "lsmb_<?lsmb dbname ?>__read_contact";
  27. GRANT SELECT ON vendortax TO "lsmb_<?lsmb dbname ?>__read_contact";
  28. GRANT SELECT ON eca_to_location TO "lsmb_<?lsmb dbname ?>__read_contact";
  29. GRANT SELECT ON eca_to_contact TO "lsmb_<?lsmb dbname ?>__read_contact";
  30. GRANT EXECUTE ON FUNCTION eca__list_notes(int) TO "lsmb_<?lsmb dbname ?>__read_contact";
  31. INSERT INTO menu_acl (node_id, acl_type, role_name)
  32. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  33. INSERT INTO menu_acl (node_id, acl_type, role_name)
  34. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  35. INSERT INTO menu_acl (node_id, acl_type, role_name)
  36. values (14, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  37. INSERT INTO menu_acl (node_id, acl_type, role_name)
  38. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  39. INSERT INTO menu_acl (node_id, acl_type, role_name)
  40. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  41. INSERT INTO menu_acl (node_id, acl_type, role_name)
  42. values (33, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  43. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_contact"
  44. WITH INHERIT NOLOGIN
  45. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  46. GRANT INSERT ON entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  47. GRANT ALL ON entity_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  48. GRANT INSERT ON company TO "lsmb_<?lsmb dbname ?>__create_contact";
  49. GRANT ALL ON company_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  50. GRANT INSERT ON location TO "lsmb_<?lsmb dbname ?>__create_contact";
  51. GRANT ALL ON location_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  52. GRANT INSERT ON person TO "lsmb_<?lsmb dbname ?>__create_contact";
  53. GRANT ALL ON person_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  54. GRANT INSERT ON entity_credit_account TO "lsmb_<?lsmb dbname ?>__create_contact";
  55. GRANT ALL ON entity_credit_account_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  56. GRANT INSERT ON company_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  57. GRANT INSERT ON company_to_entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  58. GRANT ALL ON SEQUENCE note_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  59. GRANT INSERT ON company_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  60. GRANT INSERT ON customertax TO "lsmb_<?lsmb dbname ?>__create_contact";
  61. GRANT INSERT ON entity_bank_account TO "lsmb_<?lsmb dbname ?>__create_contact";
  62. GRANT ALL ON entity_bank_account_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  63. GRANT INSERT ON entity_note TO "lsmb_<?lsmb dbname ?>__create_contact";
  64. GRANT INSERT ON entity_class_to_entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  65. GRANT INSERT ON entity_other_name TO "lsmb_<?lsmb dbname ?>__create_contact";
  66. GRANT INSERT ON person_to_company TO "lsmb_<?lsmb dbname ?>__create_contact";
  67. GRANT INSERT ON person_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  68. GRANT INSERT ON person_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  69. GRANT INSERT ON person_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  70. GRANT INSERT ON person_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  71. GRANT INSERT ON company_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  72. GRANT DELETE ON company_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  73. GRANT INSERT ON vendortax TO "lsmb_<?lsmb dbname ?>__create_contact";
  74. GRANT INSERT ON eca_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  75. GRANT DELETE ON eca_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  76. GRANT INSERT ON eca_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  77. GRANT DELETE ON eca_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  78. GRANT INSERT ON eca_note TO "lsmb_<?lsmb dbname ?>__create_contact";
  79. INSERT INTO menu_acl (node_id, acl_type, role_name)
  80. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  81. INSERT INTO menu_acl (node_id, acl_type, role_name)
  82. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  83. INSERT INTO menu_acl (node_id, acl_type, role_name)
  84. values (12, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  85. INSERT INTO menu_acl (node_id, acl_type, role_name)
  86. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  87. INSERT INTO menu_acl (node_id, acl_type, role_name)
  88. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  89. INSERT INTO menu_acl (node_id, acl_type, role_name)
  90. values (31, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  91. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_contact"
  92. WITH INHERIT NOLOGIN
  93. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  94. GRANT UPDATE ON entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  95. GRANT UPDATE ON company TO "lsmb_<?lsmb dbname ?>__create_contact";
  96. GRANT UPDATE ON location TO "lsmb_<?lsmb dbname ?>__create_contact";
  97. GRANT UPDATE ON person TO "lsmb_<?lsmb dbname ?>__create_contact";
  98. GRANT UPDATE ON entity_credit_account TO "lsmb_<?lsmb dbname ?>__create_contact";
  99. GRANT UPDATE ON company_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  100. GRANT UPDATE ON company_to_entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  101. GRANT UPDATE ON company_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  102. GRANT UPDATE ON customertax TO "lsmb_<?lsmb dbname ?>__create_contact";
  103. GRANT UPDATE ON entity_bank_account TO "lsmb_<?lsmb dbname ?>__create_contact";
  104. GRANT UPDATE ON entity_note TO "lsmb_<?lsmb dbname ?>__create_contact";
  105. GRANT UPDATE ON entity_class_to_entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  106. GRANT UPDATE ON entity_other_name TO "lsmb_<?lsmb dbname ?>__create_contact";
  107. GRANT UPDATE ON person_to_company TO "lsmb_<?lsmb dbname ?>__create_contact";
  108. GRANT UPDATE ON person_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  109. GRANT UPDATE ON person_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  110. GRANT UPDATE ON person_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  111. GRANT UPDATE ON person_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  112. GRANT DELETE, INSERT ON vendortax TO "lsmb_<?lsmb dbname ?>__create_contact";
  113. CREATE ROLE "lsmb_<?lsmb dbname ?>__contact_all_rights"
  114. WITH INHERIT NOLOGIN
  115. in role "lsmb_<?lsmb dbname ?>__create_contact",
  116. "lsmb_<?lsmb dbname ?>__edit_contact",
  117. "lsmb_<?lsmb dbname ?>__read_contact";
  118. -- Batches and VOuchers
  119. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_batch"
  120. WITH INHERIT NOLOGIN;
  121. GRANT INSERT ON batch TO "lsmb_<?lsmb dbname ?>__create_batch";
  122. GRANT ALL ON batch_id_seq TO "lsmb_<?lsmb dbname ?>__create_batch";
  123. GRANT SELECT ON batch_class TO "lsmb_<?lsmb dbname ?>__create_batch";
  124. GRANT INSERT ON voucher TO "lsmb_<?lsmb dbname ?>__create_batch";
  125. GRANT ALL ON voucher_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  126. -- TODO add Menu ACLs
  127. CREATE ROLE "lsmb_<?lsmb dbname ?>__post_batches"
  128. WITH INHERIT NOLOGIN;
  129. GRANT UPDATE ON ar TO "lsmb_<?lsmb dbname ?>__post_batches";
  130. GRANT UPDATE ON ap TO "lsmb_<?lsmb dbname ?>__post_batches";
  131. GRANT UPDATE ON acc_trans TO "lsmb_<?lsmb dbname ?>__post_batches";
  132. GRANT UPDATE ON batch TO "lsmb_<?lsmb dbname ?>__post_batches";
  133. GRANT UPDATE ON gl TO "lsmb_<?lsmb dbname ?>__post_batches";
  134. -- TODO add Menu ACLs
  135. -- AR
  136. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ar_transaction"
  137. WITH INHERIT NOLOGIN
  138. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  139. GRANT INSERT ON ar TO "lsmb_<?lsmb dbname ?>__create_ar_transaction";
  140. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_ar_transaction";
  141. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_ar_transaction";
  142. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_transaction";
  143. INSERT INTO menu_acl (node_id, acl_type, role_name)
  144. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  145. INSERT INTO menu_acl (node_id, acl_type, role_name)
  146. values (2, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  147. INSERT INTO menu_acl (node_id, acl_type, role_name)
  148. values (194, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  149. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher"
  150. WITH INHERIT NOLOGIN
  151. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  152. "lsmb_<?lsmb dbname ?>__create_batch";
  153. GRANT INSERT ON ar TO "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher";
  154. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher";
  155. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher";
  156. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher";
  157. -- TODO add Menu ACLs
  158. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ar_invoice"
  159. WITH INHERIT NOLOGIN
  160. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  161. "lsmb_<?lsmb dbname ?>__create_ar_transaction";
  162. GRANT INSERT ON invoice TO "lsmb_<?lsmb dbname ?>__create_ar_invoice";
  163. GRANT ALL ON invoice_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_invoice";
  164. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__create_ar_invoice";
  165. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_invoice";
  166. INSERT INTO menu_acl (node_id, acl_type, role_name)
  167. values (3, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_invoice');
  168. INSERT INTO menu_acl (node_id, acl_type, role_name)
  169. values (195, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  170. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher"
  171. WITH INHERIT NOLOGIN
  172. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  173. "lsmb_<?lsmb dbname ?>__create_batch",
  174. "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher";
  175. GRANT INSERT ON invoice TO "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher";
  176. GRANT ALL ON invoice_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher";
  177. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher";
  178. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher";
  179. -- TODO add Menu ACLs
  180. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_ar_transactions"
  181. WITH INHERIT NOLOGIN
  182. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  183. GRANT SELECT ON ar TO "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  184. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  185. GRANT SELECT ON invoice TO "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  186. GRANT SELECT ON inventory TO "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  187. INSERT INTO menu_acl (node_id, acl_type, role_name)
  188. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  189. INSERT INTO menu_acl (node_id, acl_type, role_name)
  190. values (4, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  191. INSERT INTO menu_acl (node_id, acl_type, role_name)
  192. values (5, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  193. INSERT INTO menu_acl (node_id, acl_type, role_name)
  194. values (6, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  195. INSERT INTO menu_acl (node_id, acl_type, role_name)
  196. values (7, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  197. INSERT INTO menu_acl (node_id, acl_type, role_name)
  198. values (9, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  199. INSERT INTO menu_acl (node_id, acl_type, role_name)
  200. values (10, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  201. INSERT INTO menu_acl (node_id, acl_type, role_name)
  202. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  203. INSERT INTO menu_acl (node_id, acl_type, role_name)
  204. values (13, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  205. INSERT INTO menu_acl (node_id, acl_type, role_name)
  206. values (15, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  207. CREATE ROLE "lsmb_<?lsmb dbname ?>__ar_all_vouchers"
  208. WITH INHERIT NOLOGIN
  209. IN ROLE "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher",
  210. "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher";
  211. CREATE ROLE "lsmb_<?lsmb dbname ?>__ar_all_transactions"
  212. WITH INHERIT NOLOGIN
  213. IN ROLE "lsmb_<?lsmb dbname ?>__create_ar_transaction",
  214. "lsmb_<?lsmb dbname ?>__create_ar_invoice",
  215. "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  216. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_sales_order"
  217. WITH INHERIT NOLOGIN
  218. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  219. GRANT INSERT ON oe TO "lsmb_<?lsmb dbname ?>__create_sales_order";
  220. GRANT ALL ON oe_id_seq TO "lsmb_<?lsmb dbname ?>__create_sales_order";
  221. GRANT INSERT ON orderitems TO "lsmb_<?lsmb dbname ?>__create_sales_order";
  222. GRANT ALL ON orderitems_id_seq TO "lsmb_<?lsmb dbname ?>__create_sales_order";
  223. INSERT INTO menu_acl (node_id, acl_type, role_name)
  224. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_order');
  225. INSERT INTO menu_acl (node_id, acl_type, role_name)
  226. values (51, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_order');
  227. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_sales_quotation"
  228. WITH INHERIT NOLOGIN
  229. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  230. GRANT INSERT ON oe TO "lsmb_<?lsmb dbname ?>__create_sales_quotation";
  231. GRANT ALL ON oe_id_seq TO "lsmb_<?lsmb dbname ?>__create_sales_quotation";
  232. GRANT INSERT ON orderitems TO "lsmb_<?lsmb dbname ?>__create_sales_quotation";
  233. GRANT ALL ON orderitems_id_seq TO "lsmb_<?lsmb dbname ?>__create_sales_quotation";
  234. INSERT INTO menu_acl (node_id, acl_type, role_name)
  235. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_quotation');
  236. INSERT INTO menu_acl (node_id, acl_type, role_name)
  237. values (68, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_quotation');
  238. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_sales_orders"
  239. WITH INHERIT NOLOGIN
  240. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  241. GRANT SELECT ON oe TO "lsmb_<?lsmb dbname ?>__list_sales_orders";
  242. GRANT SELECT ON orderitems TO "lsmb_<?lsmb dbname ?>__list_sales_orders";
  243. INSERT INTO menu_acl (node_id, acl_type, role_name)
  244. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  245. INSERT INTO menu_acl (node_id, acl_type, role_name)
  246. values (53, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  247. INSERT INTO menu_acl (node_id, acl_type, role_name)
  248. values (54, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  249. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_sales_quotations"
  250. WITH INHERIT NOLOGIN
  251. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  252. GRANT SELECT ON oe TO "lsmb_<?lsmb dbname ?>__list_sales_quotations";
  253. GRANT SELECT ON orderitems TO "lsmb_<?lsmb dbname ?>__list_sales_quotations";
  254. INSERT INTO menu_acl (node_id, acl_type, role_name)
  255. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  256. INSERT INTO menu_acl (node_id, acl_type, role_name)
  257. values (70, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  258. INSERT INTO menu_acl (node_id, acl_type, role_name)
  259. values (71, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  260. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_ar"
  261. WITH INHERIT NOLOGIN
  262. IN ROLE "lsmb_<?lsmb dbname ?>__ar_all_vouchers",
  263. "lsmb_<?lsmb dbname ?>__ar_all_transactions",
  264. "lsmb_<?lsmb dbname ?>__create_sales_order",
  265. "lsmb_<?lsmb dbname ?>__create_sales_quotation",
  266. "lsmb_<?lsmb dbname ?>__list_sales_orders",
  267. "lsmb_<?lsmb dbname ?>__list_sales_quotations";
  268. -- AP
  269. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ap_transaction"
  270. WITH INHERIT NOLOGIN
  271. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  272. GRANT INSERT ON ap TO "lsmb_<?lsmb dbname ?>__create_ap_transaction";
  273. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_ap_transaction";
  274. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_ap_transaction";
  275. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_transaction";
  276. INSERT INTO menu_acl (node_id, acl_type, role_name)
  277. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  278. INSERT INTO menu_acl (node_id, acl_type, role_name)
  279. values (22, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  280. INSERT INTO menu_acl (node_id, acl_type, role_name)
  281. values (196, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  282. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher"
  283. WITH INHERIT NOLOGIN
  284. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  285. "lsmb_<?lsmb dbname ?>__create_batch";
  286. GRANT INSERT ON ar TO "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher";
  287. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher";
  288. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher";
  289. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher";
  290. -- TODO add Menu ACLs
  291. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ap_invoice"
  292. WITH INHERIT NOLOGIN
  293. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  294. "lsmb_<?lsmb dbname ?>__create_ap_transaction";
  295. GRANT INSERT ON invoice TO "lsmb_<?lsmb dbname ?>__create_ap_invoice";
  296. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__create_ap_invoice";
  297. GRANT ALL ON invoice_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_invoice";
  298. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_invoice";
  299. INSERT INTO menu_acl (node_id, acl_type, role_name)
  300. values (23, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_invoice');
  301. INSERT INTO menu_acl (node_id, acl_type, role_name)
  302. values (197, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  303. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher"
  304. WITH INHERIT NOLOGIN
  305. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  306. "lsmb_<?lsmb dbname ?>__create_batch";
  307. GRANT INSERT ON invoice TO "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher";
  308. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher";
  309. GRANT ALL ON invoice_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher";
  310. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher";
  311. -- TODO add Menu ACLs
  312. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_ap_transactions"
  313. WITH INHERIT NOLOGIN
  314. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  315. GRANT SELECT ON ap TO "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  316. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  317. GRANT SELECT ON invoice TO "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  318. GRANT SELECT ON inventory TO "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  319. INSERT INTO menu_acl (node_id, acl_type, role_name)
  320. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  321. INSERT INTO menu_acl (node_id, acl_type, role_name)
  322. values (24, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  323. INSERT INTO menu_acl (node_id, acl_type, role_name)
  324. values (25, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  325. INSERT INTO menu_acl (node_id, acl_type, role_name)
  326. values (26, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  327. INSERT INTO menu_acl (node_id, acl_type, role_name)
  328. values (27, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  329. INSERT INTO menu_acl (node_id, acl_type, role_name)
  330. values (28, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  331. INSERT INTO menu_acl (node_id, acl_type, role_name)
  332. values (29, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  333. INSERT INTO menu_acl (node_id, acl_type, role_name)
  334. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  335. INSERT INTO menu_acl (node_id, acl_type, role_name)
  336. values (32, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  337. INSERT INTO menu_acl (node_id, acl_type, role_name)
  338. values (34, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  339. CREATE ROLE "lsmb_<?lsmb dbname ?>__ap_all_vouchers"
  340. WITH INHERIT NOLOGIN
  341. IN ROLE "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher",
  342. "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher";
  343. CREATE ROLE "lsmb_<?lsmb dbname ?>__ap_all_transactions"
  344. WITH INHERIT NOLOGIN
  345. IN ROLE "lsmb_<?lsmb dbname ?>__create_ap_transaction",
  346. "lsmb_<?lsmb dbname ?>__create_ap_invoice",
  347. "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  348. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_purchase_order"
  349. WITH INHERIT NOLOGIN
  350. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  351. GRANT INSERT ON oe TO "lsmb_<?lsmb dbname ?>__create_purchase_order";
  352. GRANT INSERT ON orderitems TO "lsmb_<?lsmb dbname ?>__create_purchase_order";
  353. GRANT ALL ON oe_id_seq TO "lsmb_<?lsmb dbname ?>__create_purchase_order";
  354. GRANT ALL ON orderitems_id_seq TO "lsmb_<?lsmb dbname ?>__create_purchase_order";
  355. INSERT INTO menu_acl (node_id, acl_type, role_name)
  356. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_order');
  357. INSERT INTO menu_acl (node_id, acl_type, role_name)
  358. values (52, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_order');
  359. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_purchase_rfq"
  360. WITH INHERIT NOLOGIN
  361. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  362. GRANT INSERT ON oe TO "lsmb_<?lsmb dbname ?>__create_purchase_rfq";
  363. GRANT INSERT ON orderitems TO "lsmb_<?lsmb dbname ?>__create_purchase_rfq";
  364. GRANT ALL ON oe_id_seq TO "lsmb_<?lsmb dbname ?>__create_purchase_rfq";
  365. GRANT ALL ON orderitems_id_seq TO "lsmb_<?lsmb dbname ?>__create_purchase_rfq";
  366. INSERT INTO menu_acl (node_id, acl_type, role_name)
  367. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_rfq');
  368. INSERT INTO menu_acl (node_id, acl_type, role_name)
  369. values (69, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_rfq');
  370. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_purchase_orders"
  371. WITH INHERIT NOLOGIN
  372. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  373. GRANT SELECT ON oe TO "lsmb_<?lsmb dbname ?>__list_purchase_orders";
  374. GRANT SELECT ON orderitems TO "lsmb_<?lsmb dbname ?>__list_purchase_orders";
  375. INSERT INTO menu_acl (node_id, acl_type, role_name)
  376. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  377. INSERT INTO menu_acl (node_id, acl_type, role_name)
  378. values (53, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  379. INSERT INTO menu_acl (node_id, acl_type, role_name)
  380. values (55, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  381. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_purchase_rfqs"
  382. WITH INHERIT NOLOGIN
  383. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  384. GRANT SELECT ON oe TO "lsmb_<?lsmb dbname ?>__list_purchase_rfqs";
  385. GRANT SELECT ON orderitems TO "lsmb_<?lsmb dbname ?>__list_purchase_rfqs";
  386. INSERT INTO menu_acl (node_id, acl_type, role_name)
  387. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  388. INSERT INTO menu_acl (node_id, acl_type, role_name)
  389. values (70, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  390. INSERT INTO menu_acl (node_id, acl_type, role_name)
  391. values (72, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  392. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_ap"
  393. WITH INHERIT NOLOGIN
  394. IN ROLE "lsmb_<?lsmb dbname ?>__ap_all_vouchers",
  395. "lsmb_<?lsmb dbname ?>__ap_all_transactions",
  396. "lsmb_<?lsmb dbname ?>__create_purchase_order",
  397. "lsmb_<?lsmb dbname ?>__create_purchase_rfq",
  398. "lsmb_<?lsmb dbname ?>__list_purchase_orders",
  399. "lsmb_<?lsmb dbname ?>__list_purchase_rfqs";
  400. -- POS
  401. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_pos_invoice"
  402. WITH INHERIT NOLOGIN
  403. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  404. GRANT INSERT ON invoice TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  405. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  406. GRANT INSERT ON ar TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  407. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  408. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  409. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  410. GRANT ALL ON invoice_id_seq TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  411. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  412. INSERT INTO menu_acl (node_id, acl_type, role_name)
  413. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  414. INSERT INTO menu_acl (node_id, acl_type, role_name)
  415. values (17, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  416. INSERT INTO menu_acl (node_id, acl_type, role_name)
  417. values (18, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  418. CREATE ROLE "lsmb_<?lsmb dbname ?>__close_till"
  419. WITH INHERIT NOLOGIN;
  420. GRANT INSERT ON gl TO "lsmb_<?lsmb dbname ?>__close_till";
  421. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__close_till";
  422. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__close_till";
  423. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__close_till";
  424. INSERT INTO menu_acl (node_id, acl_type, role_name)
  425. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__close_till');
  426. INSERT INTO menu_acl (node_id, acl_type, role_name)
  427. values (19, 'allow', 'lsmb_<?lsmb dbname ?>__close_till');
  428. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_all_open"
  429. WITH INHERIT NOLOGIN;
  430. GRANT SELECT ON ar TO "lsmb_<?lsmb dbname ?>__list_all_open";
  431. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__list_all_open";
  432. INSERT INTO menu_acl (node_id, acl_type, role_name)
  433. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__list_all_open');
  434. INSERT INTO menu_acl (node_id, acl_type, role_name)
  435. values (18, 'allow', 'lsmb_<?lsmb dbname ?>__list_all_open');
  436. CREATE ROLE "lsmb_<?lsmb dbname ?>__pos_cashier"
  437. WITH INHERIT NOLOGIN
  438. IN ROLE "lsmb_<?lsmb dbname ?>__create_pos_invoice",
  439. "lsmb_<?lsmb dbname ?>__close_till";
  440. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_pos"
  441. WITH INHERIT NOLOGIN
  442. IN ROLE "lsmb_<?lsmb dbname ?>__pos_cashier",
  443. "lsmb_<?lsmb dbname ?>__list_all_open";
  444. -- CASH
  445. CREATE ROLE "lsmb_<?lsmb dbname ?>__reconcile"
  446. WITH INHERIT NOLOGIN;
  447. -- GRANT INSERT ON pending_reports TO "lsmb_<?lsmb dbname ?>__reconcile";
  448. -- GRANT INSERT on report_corrections TO "lsmb_<?lsmb dbname ?>__reconcile";
  449. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__reconcile";
  450. -- GRANT ALL ON pending_reports_id_seq TO "lsmb_<?lsmb dbname ?>__reconcile";
  451. -- GRANT ALL ON report_corrections_id_seq TO "lsmb_<?lsmb dbname ?>__reconcile";
  452. INSERT INTO menu_acl (node_id, acl_type, role_name)
  453. values (35, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  454. INSERT INTO menu_acl (node_id, acl_type, role_name)
  455. values (45, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  456. CREATE ROLE "lsmb_<?lsmb dbname ?>__approve_reconciliation"
  457. WITH INHERIT NOLOGIN;
  458. -- GRANT UPDATE ON pending_reports TO "lsmb_<?lsmb dbname ?>__reconcile";
  459. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__reconcile";
  460. INSERT INTO menu_acl (node_id, acl_type, role_name)
  461. values (35, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  462. INSERT INTO menu_acl (node_id, acl_type, role_name)
  463. values (41, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  464. INSERT INTO menu_acl (node_id, acl_type, role_name)
  465. values (44, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  466. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_reconcile"
  467. WITH INHERIT NOLOGIN
  468. IN ROLE "lsmb_<?lsmb dbname ?>__reconcile",
  469. "lsmb_<?lsmb dbname ?>__approve_reconciliation";
  470. CREATE ROLE "lsmb_<?lsmb dbname ?>__process_payment"
  471. WITH INHERIT NOLOGIN
  472. IN ROLE "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  473. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__process_payment";
  474. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__process_payment";
  475. GRANT UPDATE ON ap TO "lsmb_<?lsmb dbname ?>__process_payment";
  476. INSERT INTO menu_acl (node_id, acl_type, role_name)
  477. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  478. INSERT INTO menu_acl (node_id, acl_type, role_name)
  479. values (38, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  480. CREATE ROLE "lsmb_<?lsmb dbname ?>__process_receipt"
  481. WITH INHERIT NOLOGIN
  482. IN ROLE "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  483. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__process_receipt";
  484. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__process_receipt";
  485. GRANT UPDATE ON ar TO "lsmb_<?lsmb dbname ?>__process_receipt";
  486. INSERT INTO menu_acl (node_id, acl_type, role_name)
  487. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  488. INSERT INTO menu_acl (node_id, acl_type, role_name)
  489. values (36, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  490. INSERT INTO menu_acl (node_id, acl_type, role_name)
  491. values (47, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  492. CREATE ROLE "lsmb_<?lsmb dbname ?>__cash_all"
  493. WITH INHERIT NOLOGIN
  494. IN ROLE "lsmb_<?lsmb dbname ?>__all_reconcile",
  495. "lsmb_<?lsmb dbname ?>__process_payment",
  496. "lsmb_<?lsmb dbname ?>__process_receipt";
  497. -- Inventory Control
  498. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_part"
  499. WITH INHERIT NOLOGIN;
  500. GRANT INSERT ON parts TO "lsmb_<?lsmb dbname ?>__create_part";
  501. GRANT ALL ON parts_id_seq TO "lsmb_<?lsmb dbname ?>__create_part";
  502. INSERT INTO menu_acl (node_id, acl_type, role_name)
  503. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  504. INSERT INTO menu_acl (node_id, acl_type, role_name)
  505. values (78, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  506. INSERT INTO menu_acl (node_id, acl_type, role_name)
  507. values (79, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  508. INSERT INTO menu_acl (node_id, acl_type, role_name)
  509. values (80, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  510. INSERT INTO menu_acl (node_id, acl_type, role_name)
  511. values (81, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  512. INSERT INTO menu_acl (node_id, acl_type, role_name)
  513. values (82, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  514. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_part"
  515. WITH INHERIT NOLOGIN;
  516. GRANT UPDATE ON parts TO "lsmb_<?lsmb dbname ?>__edit_part";
  517. INSERT INTO menu_acl (node_id, acl_type, role_name)
  518. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  519. INSERT INTO menu_acl (node_id, acl_type, role_name)
  520. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  521. INSERT INTO menu_acl (node_id, acl_type, role_name)
  522. values (86, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  523. INSERT INTO menu_acl (node_id, acl_type, role_name)
  524. values (87, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  525. INSERT INTO menu_acl (node_id, acl_type, role_name)
  526. values (88, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  527. INSERT INTO menu_acl (node_id, acl_type, role_name)
  528. values (89, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  529. INSERT INTO menu_acl (node_id, acl_type, role_name)
  530. values (90, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  531. INSERT INTO menu_acl (node_id, acl_type, role_name)
  532. values (91, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  533. INSERT INTO menu_acl (node_id, acl_type, role_name)
  534. values (93, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  535. CREATE ROLE "lsmb_<?lsmb dbname ?>__inventory_reports"
  536. WITH INHERIT NOLOGIN;
  537. GRANT SELECT ON ar TO "lsmb_<?lsmb dbname ?>__inventory_reports";
  538. GRANT SELECT ON ap TO "lsmb_<?lsmb dbname ?>__inventory_reports";
  539. GRANT SELECT ON inventory TO "lsmb_<?lsmb dbname ?>__inventory_reports";
  540. GRANT SELECT ON invoice TO "lsmb_<?lsmb dbname ?>__inventory_reports";
  541. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__inventory_reports";
  542. INSERT INTO menu_acl (node_id, acl_type, role_name)
  543. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  544. INSERT INTO menu_acl (node_id, acl_type, role_name)
  545. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  546. INSERT INTO menu_acl (node_id, acl_type, role_name)
  547. values (88, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  548. INSERT INTO menu_acl (node_id, acl_type, role_name)
  549. values (94, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  550. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_pricegroup"
  551. WITH INHERIT NOLOGIN
  552. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  553. GRANT INSERT ON pricegroup TO "lsmb_<?lsmb dbname ?>__create_pricegroup";
  554. GRANT ALL ON pricegroup_id_seq TO "lsmb_<?lsmb dbname ?>__create_pricegroup";
  555. GRANT UPDATE ON entity_credit_account TO "lsmb_<?lsmb dbname ?>__create_pricegroup";
  556. INSERT INTO menu_acl (node_id, acl_type, role_name)
  557. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_pricegroup');
  558. INSERT INTO menu_acl (node_id, acl_type, role_name)
  559. values (83, 'allow', 'lsmb_<?lsmb dbname ?>__create_pricegroup');
  560. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_pricegroup"
  561. WITH INHERIT NOLOGIN
  562. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  563. GRANT UPDATE ON pricegroup TO "lsmb_<?lsmb dbname ?>__edit_pricegroup";
  564. GRANT UPDATE ON entity_credit_account TO "lsmb_<?lsmb dbname ?>__edit_pricegroup";
  565. INSERT INTO menu_acl (node_id, acl_type, role_name)
  566. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  567. INSERT INTO menu_acl (node_id, acl_type, role_name)
  568. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  569. INSERT INTO menu_acl (node_id, acl_type, role_name)
  570. values (92, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  571. CREATE ROLE "lsmb_<?lsmb dbname ?>__stock_assembly"
  572. WITH INHERIT NOLOGIN;
  573. GRANT UPDATE ON parts TO "lsmb_<?lsmb dbname ?>__stock_assembly";
  574. INSERT INTO menu_acl (node_id, acl_type, role_name)
  575. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__stock_assembly');
  576. INSERT INTO menu_acl (node_id, acl_type, role_name)
  577. values (84, 'allow', 'lsmb_<?lsmb dbname ?>__stock_assembly');
  578. CREATE ROLE "lsmb_<?lsmb dbname ?>__ship_inventory"
  579. WITH INHERIT NOLOGIN
  580. IN ROLE "lsmb_<?lsmb dbname ?>__list_sales_orders";
  581. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__ship_inventory";
  582. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__ship_inventory";
  583. INSERT INTO menu_acl (node_id, acl_type, role_name)
  584. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__ship_inventory');
  585. INSERT INTO menu_acl (node_id, acl_type, role_name)
  586. values (64, 'allow', 'lsmb_<?lsmb dbname ?>__ship_inventory');
  587. CREATE ROLE "lsmb_<?lsmb dbname ?>__receive_inventory"
  588. WITH INHERIT NOLOGIN
  589. IN ROLE "lsmb_<?lsmb dbname ?>__list_purchase_orders";
  590. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__receive_inventory";
  591. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__receive_inventory";
  592. INSERT INTO menu_acl (node_id, acl_type, role_name)
  593. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__receive_inventory');
  594. INSERT INTO menu_acl (node_id, acl_type, role_name)
  595. values (65, 'allow', 'lsmb_<?lsmb dbname ?>__receive_inventory');
  596. CREATE ROLE "lsmb_<?lsmb dbname ?>__transfer_inventory"
  597. WITH INHERIT NOLOGIN;
  598. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__transfer_inventory";
  599. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__transfer_inventory";
  600. INSERT INTO menu_acl (node_id, acl_type, role_name)
  601. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__transfer_inventory');
  602. INSERT INTO menu_acl (node_id, acl_type, role_name)
  603. values (66, 'allow', 'lsmb_<?lsmb dbname ?>__transfer_inventory');
  604. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_warehouse"
  605. WITH INHERIT NOLOGIN;
  606. GRANT INSERT ON warehouse TO "lsmb_<?lsmb dbname ?>__create_warehouse";
  607. GRANT ALL ON warehouse_id_seq TO "lsmb_<?lsmb dbname ?>__create_warehouse";
  608. INSERT INTO menu_acl (node_id, acl_type, role_name)
  609. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  610. INSERT INTO menu_acl (node_id, acl_type, role_name)
  611. values (141, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  612. INSERT INTO menu_acl (node_id, acl_type, role_name)
  613. values (142, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  614. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_warehouse"
  615. WITH INHERIT NOLOGIN;
  616. GRANT UPDATE ON warehouse TO "lsmb_<?lsmb dbname ?>__edit_warehouse";
  617. INSERT INTO menu_acl (node_id, acl_type, role_name)
  618. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  619. INSERT INTO menu_acl (node_id, acl_type, role_name)
  620. values (141, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  621. INSERT INTO menu_acl (node_id, acl_type, role_name)
  622. values (143, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  623. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_inventory"
  624. WITH INHERIT NOLOGIN
  625. IN ROLE "lsmb_<?lsmb dbname ?>__create_part",
  626. "lsmb_<?lsmb dbname ?>__inventory_reports",
  627. "lsmb_<?lsmb dbname ?>__stock_assembly",
  628. "lsmb_<?lsmb dbname ?>__ship_inventory",
  629. "lsmb_<?lsmb dbname ?>__receive_inventory",
  630. "lsmb_<?lsmb dbname ?>__transfer_inventory",
  631. "lsmb_<?lsmb dbname ?>__edit_warehouse",
  632. "lsmb_<?lsmb dbname ?>__create_warehouse";
  633. -- GL
  634. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_transaction"
  635. WITH INHERIT NOLOGIN;
  636. GRANT INSERT ON gl TO "lsmb_<?lsmb dbname ?>__create_transaction";
  637. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_transaction";
  638. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_transaction";
  639. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_transaction";
  640. INSERT INTO menu_acl (node_id, acl_type, role_name)
  641. values (73, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  642. INSERT INTO menu_acl (node_id, acl_type, role_name)
  643. values (74, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  644. INSERT INTO menu_acl (node_id, acl_type, role_name)
  645. values (75, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  646. INSERT INTO menu_acl (node_id, acl_type, role_name)
  647. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  648. INSERT INTO menu_acl (node_id, acl_type, role_name)
  649. values (40, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  650. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_transaction_voucher"
  651. WITH INHERIT NOLOGIN;
  652. GRANT INSERT ON gl TO "lsmb_<?lsmb dbname ?>__create_transaction_voucher";
  653. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_transaction_voucher";
  654. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_transaction_voucher";
  655. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_transaction_voucher";
  656. -- TODO Add menu permissions
  657. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_transactions"
  658. WITH INHERIT NOLOGIN
  659. IN ROLE "lsmb_<?lsmb dbname ?>__list_ar_transactions",
  660. "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  661. GRANT SELECT ON gl TO "lsmb_<?lsmb dbname ?>__list_transactions";
  662. INSERT INTO menu_acl (node_id, acl_type, role_name)
  663. values (73, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
  664. INSERT INTO menu_acl (node_id, acl_type, role_name)
  665. values (76, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
  666. CREATE ROLE "lsmb_<?lsmb dbname ?>__run_yearend"
  667. WITH INHERIT NOLOGIN;
  668. GRANT INSERT, SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__run_yearend";
  669. INSERT INTO menu_acl (node_id, acl_type, role_name)
  670. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
  671. INSERT INTO menu_acl (node_id, acl_type, role_name)
  672. values (132, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
  673. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_batches"
  674. WITH INHERIT NOLOGIN
  675. IN ROLE "lsmb_<?lsmb dbname ?>__list_transactions";
  676. GRANT SELECT ON batch TO "lsmb_<?lsmb dbname ?>__list_batches";
  677. GRANT SELECT ON batch_class TO "lsmb_<?lsmb dbname ?>__list_batches";
  678. GRANT SELECT ON voucher TO "lsmb_<?lsmb dbname ?>__list_batches";
  679. -- TODO: Add menu items
  680. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_gl"
  681. WITH INHERIT NOLOGIN
  682. IN ROLE "lsmb_<?lsmb dbname ?>__create_transaction",
  683. "lsmb_<?lsmb dbname ?>__create_transaction_voucher",
  684. "lsmb_<?lsmb dbname ?>__run_yearend",
  685. "lsmb_<?lsmb dbname ?>__list_transactions";
  686. -- PROJECTS
  687. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_project"
  688. WITH INHERIT NOLOGIN;
  689. GRANT INSERT ON project TO "lsmb_<?lsmb dbname ?>__create_project";
  690. GRANT ALL ON project_id_seq TO "lsmb_<?lsmb dbname ?>__create_project";
  691. INSERT INTO menu_acl (node_id, acl_type, role_name)
  692. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__create_project');
  693. INSERT INTO menu_acl (node_id, acl_type, role_name)
  694. values (99, 'allow', 'lsmb_<?lsmb dbname ?>__create_project');
  695. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_project"
  696. WITH INHERIT NOLOGIN;
  697. GRANT UPDATE ON project TO "lsmb_<?lsmb dbname ?>__edit_project";
  698. INSERT INTO menu_acl (node_id, acl_type, role_name)
  699. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  700. INSERT INTO menu_acl (node_id, acl_type, role_name)
  701. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  702. INSERT INTO menu_acl (node_id, acl_type, role_name)
  703. values (104, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  704. CREATE ROLE "lsmb_<?lsmb dbname ?>__add_project_timecard"
  705. WITH INHERIT NOLOGIN
  706. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  707. GRANT INSERT ON jcitems TO "lsmb_<?lsmb dbname ?>__add_project_timecard";
  708. GRANT ALL ON jcitems_id_seq TO "lsmb_<?lsmb dbname ?>__add_project_timecard";
  709. INSERT INTO menu_acl (node_id, acl_type, role_name)
  710. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  711. INSERT INTO menu_acl (node_id, acl_type, role_name)
  712. values (100, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  713. INSERT INTO menu_acl (node_id, acl_type, role_name)
  714. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  715. INSERT INTO menu_acl (node_id, acl_type, role_name)
  716. values (106, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  717. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_project_timecards"
  718. WITH INHERIT NOLOGIN
  719. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  720. GRANT UPDATE ON project TO "lsmb_<?lsmb dbname ?>__edit_project";
  721. INSERT INTO menu_acl (node_id, acl_type, role_name)
  722. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  723. INSERT INTO menu_acl (node_id, acl_type, role_name)
  724. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  725. INSERT INTO menu_acl (node_id, acl_type, role_name)
  726. values (106, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  727. -- ORDER GENERATION
  728. CREATE ROLE "lsmb_<?lsmb dbname ?>__generate_orders"
  729. WITH INHERIT NOLOGIN
  730. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  731. GRANT SELECT, INSERT, UPDATE ON oe TO "lsmb_<?lsmb dbname ?>__generate_orders";
  732. GRANT SELECT, INSERT, UPDATE ON orderitems TO "lsmb_<?lsmb dbname ?>__generate_orders";
  733. GRANT ALL ON oe_id_seq TO "lsmb_<?lsmb dbname ?>__generate_orders";
  734. GRANT ALL ON orderitems_id_seq TO "lsmb_<?lsmb dbname ?>__generate_orders";
  735. CREATE ROLE "lsmb_<?lsmb dbname ?>__project_generate_orders"
  736. WITH INHERIT NOLOGIN
  737. IN ROLE "lsmb_<?lsmb dbname ?>__generate_orders";
  738. INSERT INTO menu_acl (node_id, acl_type, role_name)
  739. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  740. INSERT INTO menu_acl (node_id, acl_type, role_name)
  741. values (101, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  742. INSERT INTO menu_acl (node_id, acl_type, role_name)
  743. values (102, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  744. CREATE ROLE "lsmb_<?lsmb dbname ?>__sales_to_purchase_orders"
  745. WITH INHERIT NOLOGIN
  746. IN ROLE "lsmb_<?lsmb dbname ?>__generate_orders";
  747. INSERT INTO menu_acl (node_id, acl_type, role_name)
  748. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  749. INSERT INTO menu_acl (node_id, acl_type, role_name)
  750. values (56, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  751. INSERT INTO menu_acl (node_id, acl_type, role_name)
  752. values (57, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  753. INSERT INTO menu_acl (node_id, acl_type, role_name)
  754. values (58, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  755. CREATE ROLE "lsmb_<?lsmb dbname ?>__consolidate_purchase_orders"
  756. WITH INHERIT NOLOGIN
  757. IN ROLE "lsmb_<?lsmb dbname ?>__generate_orders";
  758. INSERT INTO menu_acl (node_id, acl_type, role_name)
  759. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  760. INSERT INTO menu_acl (node_id, acl_type, role_name)
  761. values (60, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  762. INSERT INTO menu_acl (node_id, acl_type, role_name)
  763. values (62, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  764. CREATE ROLE "lsmb_<?lsmb dbname ?>__consolidate_sales_orders"
  765. WITH INHERIT NOLOGIN
  766. IN ROLE "lsmb_<?lsmb dbname ?>__generate_orders";
  767. INSERT INTO menu_acl (node_id, acl_type, role_name)
  768. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  769. INSERT INTO menu_acl (node_id, acl_type, role_name)
  770. values (60, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  771. INSERT INTO menu_acl (node_id, acl_type, role_name)
  772. values (61, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  773. CREATE ROLE "lsmb_<?lsmb dbname ?>__manage_orders"
  774. WITH INHERIT NOLOGIN
  775. IN ROLE "lsmb_<?lsmb dbname ?>__project_generate_orders",
  776. "lsmb_<?lsmb dbname ?>__sales_to_purchase_orders",
  777. "lsmb_<?lsmb dbname ?>__consolidate_purchase_orders",
  778. "lsmb_<?lsmb dbname ?>__consolidate_sales_orders";
  779. -- FINANCIAL REPORTS
  780. CREATE ROLE "lsmb_<?lsmb dbname ?>__run_financial_reports"
  781. WITH INHERIT NOLOGIN
  782. IN ROLE "lsmb_<?lsmb dbname ?>__list_transactions";
  783. INSERT INTO menu_acl (node_id, acl_type, role_name)
  784. values (109, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  785. INSERT INTO menu_acl (node_id, acl_type, role_name)
  786. values (110, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  787. INSERT INTO menu_acl (node_id, acl_type, role_name)
  788. values (111, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  789. INSERT INTO menu_acl (node_id, acl_type, role_name)
  790. values (112, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  791. INSERT INTO menu_acl (node_id, acl_type, role_name)
  792. values (113, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  793. -- RECURRING TRANSACTIONS
  794. -- TO ADD WHEN THIS IS REDESIGNED
  795. -- BATCH PRINTING
  796. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_print_jobs"
  797. WITH INHERIT NOLOGIN;
  798. INSERT INTO menu_acl (node_id, acl_type, role_name)
  799. values (116, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  800. INSERT INTO menu_acl (node_id, acl_type, role_name)
  801. values (117, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  802. INSERT INTO menu_acl (node_id, acl_type, role_name)
  803. values (118, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  804. INSERT INTO menu_acl (node_id, acl_type, role_name)
  805. values (119, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  806. INSERT INTO menu_acl (node_id, acl_type, role_name)
  807. values (120, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  808. INSERT INTO menu_acl (node_id, acl_type, role_name)
  809. values (121, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  810. INSERT INTO menu_acl (node_id, acl_type, role_name)
  811. values (122, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  812. INSERT INTO menu_acl (node_id, acl_type, role_name)
  813. values (123, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  814. INSERT INTO menu_acl (node_id, acl_type, role_name)
  815. values (124, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  816. INSERT INTO menu_acl (node_id, acl_type, role_name)
  817. values (125, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  818. INSERT INTO menu_acl (node_id, acl_type, role_name)
  819. values (126, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  820. INSERT INTO menu_acl (node_id, acl_type, role_name)
  821. values (127, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  822. CREATE ROLE "lsmb_<?lsmb dbname ?>__print_jobs"
  823. WITH INHERIT NOLOGIN
  824. IN ROLE "lsmb_<?lsmb dbname ?>__list_print_jobs";
  825. -- SYSTEM SETTINGS
  826. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_system_settings"
  827. WITH INHERIT NOLOGIN;
  828. INSERT INTO menu_acl (node_id, acl_type, role_name)
  829. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  830. INSERT INTO menu_acl (node_id, acl_type, role_name)
  831. values (129, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  832. INSERT INTO menu_acl (node_id, acl_type, role_name)
  833. values (131, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  834. CREATE ROLE "lsmb_<?lsmb dbname ?>__change_system_settings"
  835. WITH INHERIT NOLOGIN
  836. IN ROLE "lsmb_<?lsmb dbname ?>__list_system_settings";
  837. CREATE ROLE "lsmb_<?lsmb dbname ?>__set_taxes"
  838. WITH INHERIT NOLOGIN;
  839. GRANT INSERT, UPDATE ON tax TO "lsmb_<?lsmb dbname ?>__set_taxes";
  840. INSERT INTO menu_acl (node_id, acl_type, role_name)
  841. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__set_taxes');
  842. INSERT INTO menu_acl (node_id, acl_type, role_name)
  843. values (130, 'allow', 'lsmb_<?lsmb dbname ?>__set_taxes');
  844. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_account"
  845. WITH INHERIT NOLOGIN;
  846. GRANT INSERT ON chart TO "lsmb_<?lsmb dbname ?>__create_account";
  847. GRANT ALL ON chart_id_seq TO "lsmb_<?lsmb dbname ?>__create_account";
  848. INSERT INTO menu_acl (node_id, acl_type, role_name)
  849. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  850. INSERT INTO menu_acl (node_id, acl_type, role_name)
  851. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  852. INSERT INTO menu_acl (node_id, acl_type, role_name)
  853. values (137, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  854. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_account"
  855. WITH INHERIT NOLOGIN;
  856. GRANT UPDATE ON chart TO "lsmb_<?lsmb dbname ?>__edit_account";
  857. INSERT INTO menu_acl (node_id, acl_type, role_name)
  858. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  859. INSERT INTO menu_acl (node_id, acl_type, role_name)
  860. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  861. INSERT INTO menu_acl (node_id, acl_type, role_name)
  862. values (138, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  863. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_gifi"
  864. WITH INHERIT NOLOGIN;
  865. GRANT INSERT ON gifi TO "lsmb_<?lsmb dbname ?>__create_gifi";
  866. INSERT INTO menu_acl (node_id, acl_type, role_name)
  867. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  868. INSERT INTO menu_acl (node_id, acl_type, role_name)
  869. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  870. INSERT INTO menu_acl (node_id, acl_type, role_name)
  871. values (139, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  872. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_gifi"
  873. WITH INHERIT NOLOGIN;
  874. GRANT UPDATE ON gifi TO "lsmb_<?lsmb dbname ?>__edit_gifi";
  875. INSERT INTO menu_acl (node_id, acl_type, role_name)
  876. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  877. INSERT INTO menu_acl (node_id, acl_type, role_name)
  878. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  879. INSERT INTO menu_acl (node_id, acl_type, role_name)
  880. values (140, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  881. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_accounts"
  882. WITH INHERIT NOLOGIN
  883. IN ROLE "lsmb_<?lsmb dbname ?>__create_account",
  884. "lsmb_<?lsmb dbname ?>__set_taxes",
  885. "lsmb_<?lsmb dbname ?>__edit_account",
  886. "lsmb_<?lsmb dbname ?>__create_gifi",
  887. "lsmb_<?lsmb dbname ?>__edit_gifi";
  888. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_department"
  889. WITH INHERIT NOLOGIN;
  890. GRANT INSERT ON department TO "lsmb_<?lsmb dbname ?>__create_department";
  891. GRANT ALL ON department_id_seq TO "lsmb_<?lsmb dbname ?>__create_department";
  892. INSERT INTO menu_acl (node_id, acl_type, role_name)
  893. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  894. INSERT INTO menu_acl (node_id, acl_type, role_name)
  895. values (144, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  896. INSERT INTO menu_acl (node_id, acl_type, role_name)
  897. values (145, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  898. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_department"
  899. WITH INHERIT NOLOGIN;
  900. GRANT UPDATE ON department TO "lsmb_<?lsmb dbname ?>__edit_department";
  901. INSERT INTO menu_acl (node_id, acl_type, role_name)
  902. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  903. INSERT INTO menu_acl (node_id, acl_type, role_name)
  904. values (144, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  905. INSERT INTO menu_acl (node_id, acl_type, role_name)
  906. values (146, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  907. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_department"
  908. WITH INHERIT NOLOGIN
  909. IN ROLE "lsmb_<?lsmb dbname ?>__create_department",
  910. "lsmb_<?lsmb dbname ?>__edit_department";
  911. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_business_type"
  912. WITH INHERIT NOLOGIN;
  913. GRANT INSERT ON business TO "lsmb_<?lsmb dbname ?>__create_business_type";
  914. GRANT ALL ON business_id_seq TO "lsmb_<?lsmb dbname ?>__create_business_type";
  915. INSERT INTO menu_acl (node_id, acl_type, role_name)
  916. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  917. INSERT INTO menu_acl (node_id, acl_type, role_name)
  918. values (147, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  919. INSERT INTO menu_acl (node_id, acl_type, role_name)
  920. values (148, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  921. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_business_type"
  922. WITH INHERIT NOLOGIN;
  923. GRANT UPDATE, DELETE ON business TO "lsmb_<?lsmb dbname ?>__edit_business_type";
  924. INSERT INTO menu_acl (node_id, acl_type, role_name)
  925. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  926. INSERT INTO menu_acl (node_id, acl_type, role_name)
  927. values (147, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  928. INSERT INTO menu_acl (node_id, acl_type, role_name)
  929. values (149, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  930. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_business_type"
  931. WITH INHERIT NOLOGIN
  932. IN ROLE "lsmb_<?lsmb dbname ?>__create_business_type",
  933. "lsmb_<?lsmb dbname ?>__edit_business_type";
  934. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_sic"
  935. WITH INHERIT NOLOGIN;
  936. GRANT INSERT ON sic TO "lsmb_<?lsmb dbname ?>__create_sic";
  937. INSERT INTO menu_acl (node_id, acl_type, role_name)
  938. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  939. INSERT INTO menu_acl (node_id, acl_type, role_name)
  940. values (153, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  941. INSERT INTO menu_acl (node_id, acl_type, role_name)
  942. values (154, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  943. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_sic"
  944. WITH INHERIT NOLOGIN;
  945. GRANT UPDATE ON sic TO "lsmb_<?lsmb dbname ?>__edit_sic";
  946. INSERT INTO menu_acl (node_id, acl_type, role_name)
  947. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  948. INSERT INTO menu_acl (node_id, acl_type, role_name)
  949. values (153, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  950. INSERT INTO menu_acl (node_id, acl_type, role_name)
  951. values (155, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  952. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_sic"
  953. WITH INHERIT NOLOGIN
  954. IN ROLE "lsmb_<?lsmb dbname ?>__create_sic",
  955. "lsmb_<?lsmb dbname ?>__edit_sic";
  956. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_template"
  957. WITH INHERIT NOLOGIN;
  958. -- TODO Add db permissions as templates get moved into db.
  959. INSERT INTO menu_acl (node_id, acl_type, role_name)
  960. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  961. INSERT INTO menu_acl (node_id, acl_type, role_name)
  962. values (156, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  963. INSERT INTO menu_acl (node_id, acl_type, role_name)
  964. values (157, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  965. INSERT INTO menu_acl (node_id, acl_type, role_name)
  966. values (158, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  967. INSERT INTO menu_acl (node_id, acl_type, role_name)
  968. values (159, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  969. INSERT INTO menu_acl (node_id, acl_type, role_name)
  970. values (160, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  971. INSERT INTO menu_acl (node_id, acl_type, role_name)
  972. values (161, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  973. INSERT INTO menu_acl (node_id, acl_type, role_name)
  974. values (162, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  975. INSERT INTO menu_acl (node_id, acl_type, role_name)
  976. values (163, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  977. INSERT INTO menu_acl (node_id, acl_type, role_name)
  978. values (164, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  979. INSERT INTO menu_acl (node_id, acl_type, role_name)
  980. values (165, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  981. INSERT INTO menu_acl (node_id, acl_type, role_name)
  982. values (166, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  983. INSERT INTO menu_acl (node_id, acl_type, role_name)
  984. values (167, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  985. INSERT INTO menu_acl (node_id, acl_type, role_name)
  986. values (168, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  987. INSERT INTO menu_acl (node_id, acl_type, role_name)
  988. values (169, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  989. INSERT INTO menu_acl (node_id, acl_type, role_name)
  990. values (170, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  991. INSERT INTO menu_acl (node_id, acl_type, role_name)
  992. values (171, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  993. INSERT INTO menu_acl (node_id, acl_type, role_name)
  994. values (172, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  995. INSERT INTO menu_acl (node_id, acl_type, role_name)
  996. values (173, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  997. INSERT INTO menu_acl (node_id, acl_type, role_name)
  998. values (174, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  999. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1000. values (175, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1001. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1002. values (176, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1003. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1004. values (177, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1005. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1006. values (178, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1007. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1008. values (179, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1009. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1010. values (180, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1011. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1012. values (181, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1013. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1014. values (182, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1015. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1016. values (183, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1017. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1018. values (184, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1019. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1020. values (185, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1021. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1022. values (186, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1023. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1024. values (187, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1025. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1026. values (188, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1027. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1028. values (189, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1029. CREATE ROLE "lsmb_<?lsmb dbname ?>__manage_system"
  1030. WITH INHERIT NOLOGIN
  1031. IN ROLE "lsmb_<?lsmb dbname ?>__change_system_settings",
  1032. "lsmb_<?lsmb dbname ?>__all_accounts",
  1033. "lsmb_<?lsmb dbname ?>__all_department",
  1034. "lsmb_<?lsmb dbname ?>__all_business_type",
  1035. "lsmb_<?lsmb dbname ?>__all_sic",
  1036. "lsmb_<?lsmb dbname ?>__edit_template";
  1037. -- Manual Translation
  1038. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_language"
  1039. WITH INHERIT NOLOGIN;
  1040. GRANT INSERT ON language TO "lsmb_<?lsmb dbname ?>__create_language";
  1041. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1042. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1043. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1044. values (150, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1045. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1046. values (151, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1047. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_language"
  1048. WITH INHERIT NOLOGIN;
  1049. GRANT UPDATE ON language TO "lsmb_<?lsmb dbname ?>__edit_language";
  1050. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1051. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1052. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1053. values (150, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1054. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1055. values (152, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1056. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_part_translation"
  1057. WITH INHERIT NOLOGIN;
  1058. -- TODO add db permissions
  1059. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1060. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1061. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1062. values (95, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1063. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1064. values (96, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1065. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1066. values (97, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1067. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_project_translation"
  1068. WITH INHERIT NOLOGIN;
  1069. -- TODO add db permissions
  1070. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1071. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1072. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1073. values (107, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1074. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1075. values (108, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1076. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_manual_translation"
  1077. WITH INHERIT NOLOGIN
  1078. IN ROLE "lsmb_<?lsmb dbname ?>__create_language",
  1079. "lsmb_<?lsmb dbname ?>__create_part_translation",
  1080. "lsmb_<?lsmb dbname ?>__create_project_translation";
  1081. GRANT SELECT ON custom_field_catalog TO public;
  1082. GRANT SELECT ON custom_table_catalog TO public;
  1083. -- Grants to all users;
  1084. GRANT ALL ON defaults TO public;
  1085. GRANT ALL ON "session" TO public;
  1086. GRANT ALL ON session_session_id_seq TO PUBLIC;
  1087. GRANT SELECT ON users TO public;
  1088. GRANT ALL ON user_preference TO public;
  1089. GRANT SELECT ON custom_table_catalog TO PUBLIC;
  1090. GRANT SELECT ON custom_field_catalog TO PUBLIC;
  1091. grant select on menu_node, menu_attribute, menu_acl to public;
  1092. GRANT select on chart, gifi, country to public;
  1093. grant select on employee to public;
  1094. GRANT SELECT ON parts, partsgroup TO public;
  1095. GRANT SELECT ON language, project TO public;
  1096. GRANT SELECT ON business, exchangerate, department, shipto, tax TO public;
  1097. GRANT ALL ON recurring, recurringemail, recurringprint, status TO public;
  1098. GRANT ALL ON transactions, entity_employee, customer, vendor TO public;
  1099. GRANT ALL ON pending_job, payments_queue TO PUBLIC;
  1100. GRANT ALL ON pending_job_id_seq TO public;
  1101. --TODO, lock recurring, pending_job, payment_queue down more
  1102. -- Roles with no db permissions:
  1103. CREATE ROLE "lsmb_<?lsmb dbname ?>__draft_edit" WITH INHERIT NOLOGIN;
  1104. -- CT: The following grant is required for now, but will hopefully become less
  1105. -- important when we get to 1.4 and can more sensibly lock things down.
  1106. GRANT ALL ON dpt_trans TO public;
  1107. -- Roles dependant on FUNCTIONS
  1108. CREATE ROLE "lsmb_<?lsmb dbname ?>__voucher_delete"
  1109. WITH INHERIT NOLOGIN;
  1110. GRANT EXECUTE ON FUNCTION voucher__delete(int)
  1111. TO "lsmb_<?lsmb dbname ?>__voucher_delete";
  1112. GRANT EXECUTE ON FUNCTION batch_delete(int)
  1113. TO "lsmb_<?lsmb dbname ?>__voucher_delete";