GRANT ALL ON SCHEMA public TO public; -- required for Pg 8.2 -- Contacts CREATE ROLE "lsmb___read_contact" WITH INHERIT NOLOGIN; GRANT SELECT ON entity TO "lsmb___read_contact"; GRANT SELECT ON company TO "lsmb___read_contact"; GRANT SELECT ON location TO "lsmb___read_contact"; GRANT SELECT ON person TO "lsmb___read_contact"; GRANT SELECT ON entity_credit_account TO "lsmb___read_contact"; GRANT SELECT ON company_to_contact TO "lsmb___read_contact"; GRANT SELECT ON company_to_entity TO "lsmb___read_contact"; GRANT SELECT ON company_to_location TO "lsmb___read_contact"; GRANT SELECT ON customertax TO "lsmb___read_contact"; GRANT SELECT ON contact_class TO "lsmb___read_contact"; GRANT SELECT ON entity_class TO "lsmb___read_contact"; GRANT SELECT ON entity_bank_account TO "lsmb___read_contact"; GRANT SELECT ON entity_note TO "lsmb___read_contact"; GRANT SELECT ON entity_class_to_entity TO "lsmb___read_contact"; GRANT SELECT ON entity_other_name TO "lsmb___read_contact"; GRANT SELECT ON location_class TO "lsmb___read_contact"; GRANT SELECT ON person_to_company TO "lsmb___read_contact"; GRANT SELECT ON person_to_contact TO "lsmb___read_contact"; GRANT SELECT ON person_to_contact TO "lsmb___read_contact"; GRANT SELECT ON person_to_location TO "lsmb___read_contact"; GRANT SELECT ON person_to_location TO "lsmb___read_contact"; GRANT SELECT ON company_to_location TO "lsmb___read_contact"; GRANT SELECT ON vendortax TO "lsmb___read_contact"; GRANT SELECT ON eca_to_location TO "lsmb___read_contact"; GRANT SELECT ON eca_to_contact TO "lsmb___read_contact"; GRANT EXECUTE ON FUNCTION eca__list_notes(int) TO "lsmb___read_contact"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (1, 'allow', 'lsmb___read_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (11, 'allow', 'lsmb___read_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (14, 'allow', 'lsmb___read_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (21, 'allow', 'lsmb___read_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (30, 'allow', 'lsmb___read_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (33, 'allow', 'lsmb___read_contact'); CREATE ROLE "lsmb___create_contact" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT INSERT ON entity TO "lsmb___create_contact"; GRANT ALL ON entity_id_seq TO "lsmb___create_contact"; GRANT INSERT ON company TO "lsmb___create_contact"; GRANT ALL ON company_id_seq TO "lsmb___create_contact"; GRANT INSERT ON location TO "lsmb___create_contact"; GRANT ALL ON location_id_seq TO "lsmb___create_contact"; GRANT INSERT ON person TO "lsmb___create_contact"; GRANT ALL ON person_id_seq TO "lsmb___create_contact"; GRANT INSERT ON entity_credit_account TO "lsmb___create_contact"; GRANT ALL ON entity_credit_account_id_seq TO "lsmb___create_contact"; GRANT INSERT ON company_to_contact TO "lsmb___create_contact"; GRANT INSERT ON company_to_entity TO "lsmb___create_contact"; GRANT ALL ON SEQUENCE note_id_seq TO "lsmb___create_contact"; GRANT INSERT ON company_to_location TO "lsmb___create_contact"; GRANT INSERT ON customertax TO "lsmb___create_contact"; GRANT INSERT ON entity_bank_account TO "lsmb___create_contact"; GRANT ALL ON entity_bank_account_id_seq TO "lsmb___create_contact"; GRANT INSERT ON entity_note TO "lsmb___create_contact"; GRANT INSERT ON entity_class_to_entity TO "lsmb___create_contact"; GRANT INSERT ON entity_other_name TO "lsmb___create_contact"; GRANT INSERT ON person_to_company TO "lsmb___create_contact"; GRANT INSERT ON person_to_contact TO "lsmb___create_contact"; GRANT INSERT ON person_to_contact TO "lsmb___create_contact"; GRANT INSERT ON person_to_location TO "lsmb___create_contact"; GRANT INSERT ON person_to_location TO "lsmb___create_contact"; GRANT INSERT ON company_to_location TO "lsmb___create_contact"; GRANT DELETE ON company_to_location TO "lsmb___create_contact"; GRANT INSERT ON vendortax TO "lsmb___create_contact"; GRANT INSERT ON eca_to_location TO "lsmb___create_contact"; GRANT DELETE ON eca_to_location TO "lsmb___create_contact"; GRANT INSERT ON eca_to_contact TO "lsmb___create_contact"; GRANT DELETE ON eca_to_contact TO "lsmb___create_contact"; GRANT INSERT ON eca_note TO "lsmb___create_contact"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (1, 'allow', 'lsmb___create_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (11, 'allow', 'lsmb___create_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (12, 'allow', 'lsmb___create_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (21, 'allow', 'lsmb___create_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (30, 'allow', 'lsmb___create_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (31, 'allow', 'lsmb___create_contact'); CREATE ROLE "lsmb___edit_contact" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT UPDATE ON entity TO "lsmb___create_contact"; GRANT UPDATE ON company TO "lsmb___create_contact"; GRANT UPDATE ON location TO "lsmb___create_contact"; GRANT UPDATE ON person TO "lsmb___create_contact"; GRANT UPDATE ON entity_credit_account TO "lsmb___create_contact"; GRANT UPDATE ON company_to_contact TO "lsmb___create_contact"; GRANT UPDATE ON company_to_entity TO "lsmb___create_contact"; GRANT UPDATE ON company_to_location TO "lsmb___create_contact"; GRANT UPDATE ON customertax TO "lsmb___create_contact"; GRANT UPDATE ON entity_bank_account TO "lsmb___create_contact"; GRANT UPDATE ON entity_note TO "lsmb___create_contact"; GRANT UPDATE ON entity_class_to_entity TO "lsmb___create_contact"; GRANT UPDATE ON entity_other_name TO "lsmb___create_contact"; GRANT UPDATE ON person_to_company TO "lsmb___create_contact"; GRANT UPDATE ON person_to_contact TO "lsmb___create_contact"; GRANT UPDATE ON person_to_contact TO "lsmb___create_contact"; GRANT UPDATE ON person_to_location TO "lsmb___create_contact"; GRANT UPDATE ON person_to_location TO "lsmb___create_contact"; GRANT DELETE, INSERT ON vendortax TO "lsmb___create_contact"; CREATE ROLE "lsmb___contact_all_rights" WITH INHERIT NOLOGIN in role "lsmb___create_contact", "lsmb___edit_contact", "lsmb___read_contact"; -- Batches and VOuchers CREATE ROLE "lsmb___create_batch" WITH INHERIT NOLOGIN; GRANT INSERT ON batch TO "lsmb___create_batch"; GRANT ALL ON batch_id_seq TO "lsmb___create_batch"; GRANT SELECT ON batch_class TO "lsmb___create_batch"; GRANT INSERT ON voucher TO "lsmb___create_batch"; GRANT ALL ON voucher_id_seq TO "lsmb___create_contact"; -- TODO add Menu ACLs CREATE ROLE "lsmb___post_batches" WITH INHERIT NOLOGIN; GRANT UPDATE ON ar TO "lsmb___post_batches"; GRANT UPDATE ON ap TO "lsmb___post_batches"; GRANT UPDATE ON acc_trans TO "lsmb___post_batches"; GRANT UPDATE ON batch TO "lsmb___post_batches"; GRANT UPDATE ON gl TO "lsmb___post_batches"; -- TODO add Menu ACLs -- AR CREATE ROLE "lsmb___create_ar_transaction" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT INSERT ON ar TO "lsmb___create_ar_transaction"; GRANT ALL ON id TO "lsmb___create_ar_transaction"; GRANT INSERT ON acc_trans TO "lsmb___create_ar_transaction"; GRANT ALL ON acc_trans_entry_id_seq TO "lsmb___create_ar_transaction"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (1, 'allow', 'lsmb___create_ar_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (2, 'allow', 'lsmb___create_ar_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (194, 'allow', 'lsmb___create_ar_transaction'); CREATE ROLE "lsmb___create_ar_transaction_voucher" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact", "lsmb___create_batch"; GRANT INSERT ON ar TO "lsmb___create_ar_transaction_voucher"; GRANT ALL ON id TO "lsmb___create_ar_transaction_voucher"; GRANT INSERT ON acc_trans TO "lsmb___create_ar_transaction_voucher"; GRANT ALL ON acc_trans_entry_id_seq TO "lsmb___create_ar_transaction_voucher"; -- TODO add Menu ACLs CREATE ROLE "lsmb___create_ar_invoice" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact", "lsmb___create_ar_transaction"; GRANT INSERT ON invoice TO "lsmb___create_ar_invoice"; GRANT ALL ON invoice_id_seq TO "lsmb___create_ar_invoice"; GRANT INSERT ON inventory TO "lsmb___create_ar_invoice"; GRANT ALL ON inventory_entry_id_seq TO "lsmb___create_ar_invoice"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (3, 'allow', 'lsmb___create_ar_invoice'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (195, 'allow', 'lsmb___create_ar_transaction'); CREATE ROLE "lsmb___create_ar_invoice_voucher" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact", "lsmb___create_batch", "lsmb___create_ar_transaction_voucher"; GRANT INSERT ON invoice TO "lsmb___create_ar_invoice_voucher"; GRANT ALL ON invoice_id_seq TO "lsmb___create_ar_invoice_voucher"; GRANT INSERT ON inventory TO "lsmb___create_ar_invoice_voucher"; GRANT ALL ON inventory_entry_id_seq TO "lsmb___create_ar_invoice_voucher"; -- TODO add Menu ACLs CREATE ROLE "lsmb___list_ar_transactions" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT SELECT ON ar TO "lsmb___list_ar_transactions"; GRANT SELECT ON acc_trans TO "lsmb___list_ar_transactions"; GRANT SELECT ON invoice TO "lsmb___list_ar_transactions"; GRANT SELECT ON inventory TO "lsmb___list_ar_transactions"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (1, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (4, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (5, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (6, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (7, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (9, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (10, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (11, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (13, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (15, 'allow', 'lsmb___list_ar_transactions'); CREATE ROLE "lsmb___ar_all_vouchers" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_ar_transaction_voucher", "lsmb___create_ar_invoice_voucher"; CREATE ROLE "lsmb___ar_all_transactions" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_ar_transaction", "lsmb___create_ar_invoice", "lsmb___list_ar_transactions"; CREATE ROLE "lsmb___create_sales_order" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT INSERT ON oe TO "lsmb___create_sales_order"; GRANT ALL ON oe_id_seq TO "lsmb___create_sales_order"; GRANT INSERT ON orderitems TO "lsmb___create_sales_order"; GRANT ALL ON orderitems_id_seq TO "lsmb___create_sales_order"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___create_sales_order'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (51, 'allow', 'lsmb___create_sales_order'); CREATE ROLE "lsmb___create_sales_quotation" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT INSERT ON oe TO "lsmb___create_sales_quotation"; GRANT ALL ON oe_id_seq TO "lsmb___create_sales_quotation"; GRANT INSERT ON orderitems TO "lsmb___create_sales_quotation"; GRANT ALL ON orderitems_id_seq TO "lsmb___create_sales_quotation"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (67, 'allow', 'lsmb___create_sales_quotation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (68, 'allow', 'lsmb___create_sales_quotation'); CREATE ROLE "lsmb___list_sales_orders" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT SELECT ON oe TO "lsmb___list_sales_orders"; GRANT SELECT ON orderitems TO "lsmb___list_sales_orders"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___list_sales_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (53, 'allow', 'lsmb___list_sales_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (54, 'allow', 'lsmb___list_sales_orders'); CREATE ROLE "lsmb___list_sales_quotations" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT SELECT ON oe TO "lsmb___list_sales_quotations"; GRANT SELECT ON orderitems TO "lsmb___list_sales_quotations"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (67, 'allow', 'lsmb___list_sales_quotations'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (70, 'allow', 'lsmb___list_sales_quotations'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (71, 'allow', 'lsmb___list_sales_quotations'); CREATE ROLE "lsmb___all_ar" WITH INHERIT NOLOGIN IN ROLE "lsmb___ar_all_vouchers", "lsmb___ar_all_transactions", "lsmb___create_sales_order", "lsmb___create_sales_quotation", "lsmb___list_sales_orders", "lsmb___list_sales_quotations"; -- AP CREATE ROLE "lsmb___create_ap_transaction" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT INSERT ON ap TO "lsmb___create_ap_transaction"; GRANT ALL ON id TO "lsmb___create_ap_transaction"; GRANT INSERT ON acc_trans TO "lsmb___create_ap_transaction"; GRANT ALL ON acc_trans_entry_id_seq TO "lsmb___create_ap_transaction"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (21, 'allow', 'lsmb___create_ap_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (22, 'allow', 'lsmb___create_ap_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (196, 'allow', 'lsmb___create_ap_transaction'); CREATE ROLE "lsmb___create_ap_transaction_voucher" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact", "lsmb___create_batch"; GRANT INSERT ON ar TO "lsmb___create_ap_transaction_voucher"; GRANT ALL ON id TO "lsmb___create_ap_transaction_voucher"; GRANT INSERT ON acc_trans TO "lsmb___create_ap_transaction_voucher"; GRANT ALL ON acc_trans_entry_id_seq TO "lsmb___create_ap_transaction_voucher"; -- TODO add Menu ACLs CREATE ROLE "lsmb___create_ap_invoice" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact", "lsmb___create_ap_transaction"; GRANT INSERT ON invoice TO "lsmb___create_ap_invoice"; GRANT INSERT ON inventory TO "lsmb___create_ap_invoice"; GRANT ALL ON invoice_id_seq TO "lsmb___create_ap_invoice"; GRANT ALL ON inventory_entry_id_seq TO "lsmb___create_ap_invoice"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (23, 'allow', 'lsmb___create_ap_invoice'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (197, 'allow', 'lsmb___create_ap_transaction'); CREATE ROLE "lsmb___create_ap_invoice_voucher" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact", "lsmb___create_batch"; GRANT INSERT ON invoice TO "lsmb___create_ap_invoice_voucher"; GRANT INSERT ON inventory TO "lsmb___create_ap_invoice_voucher"; GRANT ALL ON invoice_id_seq TO "lsmb___create_ap_invoice_voucher"; GRANT ALL ON inventory_entry_id_seq TO "lsmb___create_ap_invoice_voucher"; -- TODO add Menu ACLs CREATE ROLE "lsmb___list_ap_transactions" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT SELECT ON ap TO "lsmb___list_ap_transactions"; GRANT SELECT ON acc_trans TO "lsmb___list_ap_transactions"; GRANT SELECT ON invoice TO "lsmb___list_ap_transactions"; GRANT SELECT ON inventory TO "lsmb___list_ap_transactions"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (21, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (24, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (25, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (26, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (27, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (28, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (29, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (30, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (32, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (34, 'allow', 'lsmb___list_ap_transactions'); CREATE ROLE "lsmb___ap_all_vouchers" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_ap_transaction_voucher", "lsmb___create_ap_invoice_voucher"; CREATE ROLE "lsmb___ap_all_transactions" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_ap_transaction", "lsmb___create_ap_invoice", "lsmb___list_ap_transactions"; CREATE ROLE "lsmb___create_purchase_order" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT INSERT ON oe TO "lsmb___create_purchase_order"; GRANT INSERT ON orderitems TO "lsmb___create_purchase_order"; GRANT ALL ON oe_id_seq TO "lsmb___create_purchase_order"; GRANT ALL ON orderitems_id_seq TO "lsmb___create_purchase_order"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___create_purchase_order'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (52, 'allow', 'lsmb___create_purchase_order'); CREATE ROLE "lsmb___create_purchase_rfq" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT INSERT ON oe TO "lsmb___create_purchase_rfq"; GRANT INSERT ON orderitems TO "lsmb___create_purchase_rfq"; GRANT ALL ON oe_id_seq TO "lsmb___create_purchase_rfq"; GRANT ALL ON orderitems_id_seq TO "lsmb___create_purchase_rfq"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (67, 'allow', 'lsmb___create_purchase_rfq'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (69, 'allow', 'lsmb___create_purchase_rfq'); CREATE ROLE "lsmb___list_purchase_orders" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT SELECT ON oe TO "lsmb___list_purchase_orders"; GRANT SELECT ON orderitems TO "lsmb___list_purchase_orders"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___list_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (53, 'allow', 'lsmb___list_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (55, 'allow', 'lsmb___list_purchase_orders'); CREATE ROLE "lsmb___list_purchase_rfqs" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT SELECT ON oe TO "lsmb___list_purchase_rfqs"; GRANT SELECT ON orderitems TO "lsmb___list_purchase_rfqs"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (67, 'allow', 'lsmb___list_purchase_rfqs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (70, 'allow', 'lsmb___list_purchase_rfqs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (72, 'allow', 'lsmb___list_purchase_rfqs'); CREATE ROLE "lsmb___all_ap" WITH INHERIT NOLOGIN IN ROLE "lsmb___ap_all_vouchers", "lsmb___ap_all_transactions", "lsmb___create_purchase_order", "lsmb___create_purchase_rfq", "lsmb___list_purchase_orders", "lsmb___list_purchase_rfqs"; -- POS CREATE ROLE "lsmb___create_pos_invoice" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT INSERT ON invoice TO "lsmb___create_pos_invoice"; GRANT INSERT ON inventory TO "lsmb___create_pos_invoice"; GRANT INSERT ON ar TO "lsmb___create_pos_invoice"; GRANT INSERT ON acc_trans TO "lsmb___create_pos_invoice"; GRANT ALL ON id TO "lsmb___create_pos_invoice"; GRANT ALL ON acc_trans_entry_id_seq TO "lsmb___create_pos_invoice"; GRANT ALL ON invoice_id_seq TO "lsmb___create_pos_invoice"; GRANT ALL ON inventory_entry_id_seq TO "lsmb___create_pos_invoice"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (16, 'allow', 'lsmb___create_pos_invoice'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (17, 'allow', 'lsmb___create_pos_invoice'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (18, 'allow', 'lsmb___create_pos_invoice'); CREATE ROLE "lsmb___close_till" WITH INHERIT NOLOGIN; GRANT INSERT ON gl TO "lsmb___close_till"; GRANT INSERT ON acc_trans TO "lsmb___close_till"; GRANT ALL ON id TO "lsmb___close_till"; GRANT ALL ON acc_trans_entry_id_seq TO "lsmb___close_till"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (16, 'allow', 'lsmb___close_till'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (19, 'allow', 'lsmb___close_till'); CREATE ROLE "lsmb___list_all_open" WITH INHERIT NOLOGIN; GRANT SELECT ON ar TO "lsmb___list_all_open"; GRANT SELECT ON acc_trans TO "lsmb___list_all_open"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (16, 'allow', 'lsmb___list_all_open'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (18, 'allow', 'lsmb___list_all_open'); CREATE ROLE "lsmb___pos_cashier" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_pos_invoice", "lsmb___close_till"; CREATE ROLE "lsmb___all_pos" WITH INHERIT NOLOGIN IN ROLE "lsmb___pos_cashier", "lsmb___list_all_open"; -- CASH CREATE ROLE "lsmb___reconcile" WITH INHERIT NOLOGIN; -- GRANT INSERT ON pending_reports TO "lsmb___reconcile"; -- GRANT INSERT on report_corrections TO "lsmb___reconcile"; GRANT SELECT ON acc_trans TO "lsmb___reconcile"; -- GRANT ALL ON pending_reports_id_seq TO "lsmb___reconcile"; -- GRANT ALL ON report_corrections_id_seq TO "lsmb___reconcile"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb__reconcile'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (45, 'allow', 'lsmb__reconcile'); CREATE ROLE "lsmb___approve_reconciliation" WITH INHERIT NOLOGIN; -- GRANT UPDATE ON pending_reports TO "lsmb___reconcile"; GRANT SELECT ON acc_trans TO "lsmb___reconcile"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb__reconcile'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (41, 'allow', 'lsmb__reconcile'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (44, 'allow', 'lsmb__reconcile'); CREATE ROLE "lsmb___all_reconcile" WITH INHERIT NOLOGIN IN ROLE "lsmb___reconcile", "lsmb___approve_reconciliation"; CREATE ROLE "lsmb___process_payment" WITH INHERIT NOLOGIN IN ROLE "lsmb___list_ap_transactions"; GRANT INSERT ON acc_trans TO "lsmb___process_payment"; GRANT ALL ON acc_trans_entry_id_seq TO "lsmb___process_payment"; GRANT UPDATE ON ap TO "lsmb___process_payment"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb___process_payment'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (38, 'allow', 'lsmb___process_payment'); CREATE ROLE "lsmb___process_receipt" WITH INHERIT NOLOGIN IN ROLE "lsmb___list_ar_transactions"; GRANT INSERT ON acc_trans TO "lsmb___process_receipt"; GRANT ALL ON acc_trans_entry_id_seq TO "lsmb___process_receipt"; GRANT UPDATE ON ar TO "lsmb___process_receipt"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb___process_receipt'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (36, 'allow', 'lsmb___process_receipt'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (47, 'allow', 'lsmb___process_receipt'); CREATE ROLE "lsmb___cash_all" WITH INHERIT NOLOGIN IN ROLE "lsmb___all_reconcile", "lsmb___process_payment", "lsmb___process_receipt"; -- Inventory Control CREATE ROLE "lsmb___create_part" WITH INHERIT NOLOGIN; GRANT INSERT ON parts TO "lsmb___create_part"; GRANT ALL ON parts_id_seq TO "lsmb___create_part"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___create_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (78, 'allow', 'lsmb___create_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (79, 'allow', 'lsmb___create_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (80, 'allow', 'lsmb___create_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (81, 'allow', 'lsmb___create_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (82, 'allow', 'lsmb___create_part'); CREATE ROLE "lsmb___edit_part" WITH INHERIT NOLOGIN; GRANT UPDATE ON parts TO "lsmb___edit_part"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (85, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (86, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (87, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (88, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (89, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (90, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (91, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (93, 'allow', 'lsmb___edit_part'); CREATE ROLE "lsmb___inventory_reports" WITH INHERIT NOLOGIN; GRANT SELECT ON ar TO "lsmb___inventory_reports"; GRANT SELECT ON ap TO "lsmb___inventory_reports"; GRANT SELECT ON inventory TO "lsmb___inventory_reports"; GRANT SELECT ON invoice TO "lsmb___inventory_reports"; GRANT SELECT ON acc_trans TO "lsmb___inventory_reports"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___inventory_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (85, 'allow', 'lsmb___inventory_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (88, 'allow', 'lsmb___inventory_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (94, 'allow', 'lsmb___inventory_reports'); CREATE ROLE "lsmb___create_pricegroup" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT INSERT ON pricegroup TO "lsmb___create_pricegroup"; GRANT ALL ON pricegroup_id_seq TO "lsmb___create_pricegroup"; GRANT UPDATE ON entity_credit_account TO "lsmb___create_pricegroup"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___create_pricegroup'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (83, 'allow', 'lsmb___create_pricegroup'); CREATE ROLE "lsmb___edit_pricegroup" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT UPDATE ON pricegroup TO "lsmb___edit_pricegroup"; GRANT UPDATE ON entity_credit_account TO "lsmb___edit_pricegroup"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___edit_pricegroup'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (85, 'allow', 'lsmb___edit_pricegroup'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (92, 'allow', 'lsmb___edit_pricegroup'); CREATE ROLE "lsmb___stock_assembly" WITH INHERIT NOLOGIN; GRANT UPDATE ON parts TO "lsmb___stock_assembly"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___stock_assembly'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (84, 'allow', 'lsmb___stock_assembly'); CREATE ROLE "lsmb___ship_inventory" WITH INHERIT NOLOGIN IN ROLE "lsmb___list_sales_orders"; GRANT INSERT ON inventory TO "lsmb___ship_inventory"; GRANT ALL ON inventory_entry_id_seq TO "lsmb___ship_inventory"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (63, 'allow', 'lsmb___ship_inventory'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (64, 'allow', 'lsmb___ship_inventory'); CREATE ROLE "lsmb___receive_inventory" WITH INHERIT NOLOGIN IN ROLE "lsmb___list_purchase_orders"; GRANT INSERT ON inventory TO "lsmb___receive_inventory"; GRANT ALL ON inventory_entry_id_seq TO "lsmb___receive_inventory"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (63, 'allow', 'lsmb___receive_inventory'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (65, 'allow', 'lsmb___receive_inventory'); CREATE ROLE "lsmb___transfer_inventory" WITH INHERIT NOLOGIN; GRANT INSERT ON inventory TO "lsmb___transfer_inventory"; GRANT ALL ON inventory_entry_id_seq TO "lsmb___transfer_inventory"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (63, 'allow', 'lsmb___transfer_inventory'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (66, 'allow', 'lsmb___transfer_inventory'); CREATE ROLE "lsmb___create_warehouse" WITH INHERIT NOLOGIN; GRANT INSERT ON warehouse TO "lsmb___create_warehouse"; GRANT ALL ON warehouse_id_seq TO "lsmb___create_warehouse"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_warehouse'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (141, 'allow', 'lsmb___create_warehouse'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (142, 'allow', 'lsmb___create_warehouse'); CREATE ROLE "lsmb___edit_warehouse" WITH INHERIT NOLOGIN; GRANT UPDATE ON warehouse TO "lsmb___edit_warehouse"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_warehouse'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (141, 'allow', 'lsmb___edit_warehouse'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (143, 'allow', 'lsmb___edit_warehouse'); CREATE ROLE "lsmb___all_inventory" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_part", "lsmb___inventory_reports", "lsmb___stock_assembly", "lsmb___ship_inventory", "lsmb___receive_inventory", "lsmb___transfer_inventory", "lsmb___edit_warehouse", "lsmb___create_warehouse"; -- GL CREATE ROLE "lsmb___create_transaction" WITH INHERIT NOLOGIN; GRANT INSERT ON gl TO "lsmb___create_transaction"; GRANT INSERT ON acc_trans TO "lsmb___create_transaction"; GRANT ALL ON id TO "lsmb___create_transaction"; GRANT ALL ON acc_trans_entry_id_seq TO "lsmb___create_transaction"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (73, 'allow', 'lsmb___create_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (74, 'allow', 'lsmb___create_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (75, 'allow', 'lsmb___create_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb___create_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (40, 'allow', 'lsmb___create_transaction'); CREATE ROLE "lsmb___create_transaction_voucher" WITH INHERIT NOLOGIN; GRANT INSERT ON gl TO "lsmb___create_transaction_voucher"; GRANT INSERT ON acc_trans TO "lsmb___create_transaction_voucher"; GRANT ALL ON id TO "lsmb___create_transaction_voucher"; GRANT ALL ON acc_trans_entry_id_seq TO "lsmb___create_transaction_voucher"; -- TODO Add menu permissions CREATE ROLE "lsmb___list_transactions" WITH INHERIT NOLOGIN IN ROLE "lsmb___list_ar_transactions", "lsmb___list_ap_transactions"; GRANT SELECT ON gl TO "lsmb___list_transactions"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (73, 'allow', 'lsmb___list_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (76, 'allow', 'lsmb___list_transactions'); CREATE ROLE "lsmb___run_yearend" WITH INHERIT NOLOGIN; GRANT INSERT, SELECT ON acc_trans TO "lsmb___run_yearend"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___run_yearend'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (132, 'allow', 'lsmb___run_yearend'); CREATE ROLE "lsmb___list_batches" WITH INHERIT NOLOGIN IN ROLE "lsmb___list_transactions"; GRANT SELECT ON batch TO "lsmb___list_batches"; GRANT SELECT ON batch_class TO "lsmb___list_batches"; GRANT SELECT ON voucher TO "lsmb___list_batches"; -- TODO: Add menu items CREATE ROLE "lsmb___all_gl" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_transaction", "lsmb___create_transaction_voucher", "lsmb___run_yearend", "lsmb___list_transactions"; -- PROJECTS CREATE ROLE "lsmb___create_project" WITH INHERIT NOLOGIN; GRANT INSERT ON project TO "lsmb___create_project"; GRANT ALL ON project_id_seq TO "lsmb___create_project"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___create_project'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (99, 'allow', 'lsmb___create_project'); CREATE ROLE "lsmb___edit_project" WITH INHERIT NOLOGIN; GRANT UPDATE ON project TO "lsmb___edit_project"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___edit_project'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (103, 'allow', 'lsmb___edit_project'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (104, 'allow', 'lsmb___edit_project'); CREATE ROLE "lsmb___add_project_timecard" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT INSERT ON jcitems TO "lsmb___add_project_timecard"; GRANT ALL ON jcitems_id_seq TO "lsmb___add_project_timecard"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___add_project_timecard'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (100, 'allow', 'lsmb___add_project_timecard'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (103, 'allow', 'lsmb___add_project_timecard'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (106, 'allow', 'lsmb___add_project_timecard'); CREATE ROLE "lsmb___list_project_timecards" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT UPDATE ON project TO "lsmb___edit_project"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___edit_project'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (103, 'allow', 'lsmb___edit_project'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (106, 'allow', 'lsmb___edit_project'); -- ORDER GENERATION CREATE ROLE "lsmb___generate_orders" WITH INHERIT NOLOGIN IN ROLE "lsmb___read_contact"; GRANT SELECT, INSERT, UPDATE ON oe TO "lsmb___generate_orders"; GRANT SELECT, INSERT, UPDATE ON orderitems TO "lsmb___generate_orders"; GRANT ALL ON oe_id_seq TO "lsmb___generate_orders"; GRANT ALL ON orderitems_id_seq TO "lsmb___generate_orders"; CREATE ROLE "lsmb___project_generate_orders" WITH INHERIT NOLOGIN IN ROLE "lsmb___generate_orders"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___project_generate_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (101, 'allow', 'lsmb___project_generate_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (102, 'allow', 'lsmb___project_generate_orders'); CREATE ROLE "lsmb___sales_to_purchase_orders" WITH INHERIT NOLOGIN IN ROLE "lsmb___generate_orders"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___sales_to_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (56, 'allow', 'lsmb___sales_to_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (57, 'allow', 'lsmb___sales_to_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (58, 'allow', 'lsmb___sales_to_purchase_orders'); CREATE ROLE "lsmb___consolidate_purchase_orders" WITH INHERIT NOLOGIN IN ROLE "lsmb___generate_orders"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___consolidate_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (60, 'allow', 'lsmb___consolidate_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (62, 'allow', 'lsmb___consolidate_purchase_orders'); CREATE ROLE "lsmb___consolidate_sales_orders" WITH INHERIT NOLOGIN IN ROLE "lsmb___generate_orders"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___consolidate_sales_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (60, 'allow', 'lsmb___consolidate_sales_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (61, 'allow', 'lsmb___consolidate_sales_orders'); CREATE ROLE "lsmb___manage_orders" WITH INHERIT NOLOGIN IN ROLE "lsmb___project_generate_orders", "lsmb___sales_to_purchase_orders", "lsmb___consolidate_purchase_orders", "lsmb___consolidate_sales_orders"; -- FINANCIAL REPORTS CREATE ROLE "lsmb___run_financial_reports" WITH INHERIT NOLOGIN IN ROLE "lsmb___list_transactions"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (109, 'allow', 'lsmb___run_financial_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (110, 'allow', 'lsmb___run_financial_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (111, 'allow', 'lsmb___run_financial_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (112, 'allow', 'lsmb___run_financial_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (113, 'allow', 'lsmb___run_financial_reports'); -- RECURRING TRANSACTIONS -- TO ADD WHEN THIS IS REDESIGNED -- BATCH PRINTING CREATE ROLE "lsmb___list_print_jobs" WITH INHERIT NOLOGIN; INSERT INTO menu_acl (node_id, acl_type, role_name) values (116, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (117, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (118, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (119, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (120, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (121, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (122, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (123, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (124, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (125, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (126, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (127, 'allow', 'lsmb___list_print_jobs'); CREATE ROLE "lsmb___print_jobs" WITH INHERIT NOLOGIN IN ROLE "lsmb___list_print_jobs"; -- SYSTEM SETTINGS CREATE ROLE "lsmb___list_system_settings" WITH INHERIT NOLOGIN; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___list_system_settings'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (129, 'allow', 'lsmb___list_system_settings'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (131, 'allow', 'lsmb___list_system_settings'); CREATE ROLE "lsmb___change_system_settings" WITH INHERIT NOLOGIN IN ROLE "lsmb___list_system_settings"; CREATE ROLE "lsmb___set_taxes" WITH INHERIT NOLOGIN; GRANT INSERT, UPDATE ON tax TO "lsmb___set_taxes"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___set_taxes'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (130, 'allow', 'lsmb___set_taxes'); CREATE ROLE "lsmb___create_account" WITH INHERIT NOLOGIN; GRANT INSERT ON chart TO "lsmb___create_account"; GRANT ALL ON chart_id_seq TO "lsmb___create_account"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (136, 'allow', 'lsmb___create_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (137, 'allow', 'lsmb___create_account'); CREATE ROLE "lsmb___edit_account" WITH INHERIT NOLOGIN; GRANT UPDATE ON chart TO "lsmb___edit_account"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (136, 'allow', 'lsmb___edit_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (138, 'allow', 'lsmb___edit_account'); CREATE ROLE "lsmb___create_gifi" WITH INHERIT NOLOGIN; GRANT INSERT ON gifi TO "lsmb___create_gifi"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_gifi'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (136, 'allow', 'lsmb___create_gifi'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (139, 'allow', 'lsmb___create_gifi'); CREATE ROLE "lsmb___edit_gifi" WITH INHERIT NOLOGIN; GRANT UPDATE ON gifi TO "lsmb___edit_gifi"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (136, 'allow', 'lsmb___edit_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (140, 'allow', 'lsmb___edit_account'); CREATE ROLE "lsmb___all_accounts" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_account", "lsmb___set_taxes", "lsmb___edit_account", "lsmb___create_gifi", "lsmb___edit_gifi"; CREATE ROLE "lsmb___create_department" WITH INHERIT NOLOGIN; GRANT INSERT ON department TO "lsmb___create_department"; GRANT ALL ON department_id_seq TO "lsmb___create_department"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_department'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (144, 'allow', 'lsmb___create_department'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (145, 'allow', 'lsmb___create_department'); CREATE ROLE "lsmb___edit_department" WITH INHERIT NOLOGIN; GRANT UPDATE ON department TO "lsmb___edit_department"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_department'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (144, 'allow', 'lsmb___edit_department'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (146, 'allow', 'lsmb___edit_department'); CREATE ROLE "lsmb___all_department" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_department", "lsmb___edit_department"; CREATE ROLE "lsmb___create_business_type" WITH INHERIT NOLOGIN; GRANT INSERT ON business TO "lsmb___create_business_type"; GRANT ALL ON business_id_seq TO "lsmb___create_business_type"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_business_type'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (147, 'allow', 'lsmb___create_business_type'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (148, 'allow', 'lsmb___create_business_type'); CREATE ROLE "lsmb___edit_business_type" WITH INHERIT NOLOGIN; GRANT UPDATE, DELETE ON business TO "lsmb___edit_business_type"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_business_type'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (147, 'allow', 'lsmb___edit_business_type'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (149, 'allow', 'lsmb___edit_business_type'); CREATE ROLE "lsmb___all_business_type" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_business_type", "lsmb___edit_business_type"; CREATE ROLE "lsmb___create_sic" WITH INHERIT NOLOGIN; GRANT INSERT ON sic TO "lsmb___create_sic"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_sic'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (153, 'allow', 'lsmb___create_sic'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (154, 'allow', 'lsmb___create_sic'); CREATE ROLE "lsmb___edit_sic" WITH INHERIT NOLOGIN; GRANT UPDATE ON sic TO "lsmb___edit_sic"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_sic'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (153, 'allow', 'lsmb___edit_sic'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (155, 'allow', 'lsmb___edit_sic'); CREATE ROLE "lsmb___all_sic" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_sic", "lsmb___edit_sic"; CREATE ROLE "lsmb___edit_template" WITH INHERIT NOLOGIN; -- TODO Add db permissions as templates get moved into db. INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (156, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (157, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (158, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (159, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (160, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (161, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (162, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (163, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (164, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (165, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (166, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (167, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (168, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (169, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (170, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (171, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (172, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (173, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (174, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (175, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (176, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (177, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (178, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (179, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (180, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (181, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (182, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (183, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (184, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (185, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (186, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (187, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (188, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (189, 'allow', 'lsmb___edit_template'); CREATE ROLE "lsmb___manage_system" WITH INHERIT NOLOGIN IN ROLE "lsmb___change_system_settings", "lsmb___all_accounts", "lsmb___all_department", "lsmb___all_business_type", "lsmb___all_sic", "lsmb___edit_template"; -- Manual Translation CREATE ROLE "lsmb___create_language" WITH INHERIT NOLOGIN; GRANT INSERT ON language TO "lsmb___create_language"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_language'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (150, 'allow', 'lsmb___create_language'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (151, 'allow', 'lsmb___create_language'); CREATE ROLE "lsmb___edit_language" WITH INHERIT NOLOGIN; GRANT UPDATE ON language TO "lsmb___edit_language"; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_language'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (150, 'allow', 'lsmb___edit_language'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (152, 'allow', 'lsmb___edit_language'); CREATE ROLE "lsmb___create_part_translation" WITH INHERIT NOLOGIN; -- TODO add db permissions INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___create_part_translation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (95, 'allow', 'lsmb___create_part_translation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (96, 'allow', 'lsmb___create_part_translation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (97, 'allow', 'lsmb___create_part_translation'); CREATE ROLE "lsmb___create_project_translation" WITH INHERIT NOLOGIN; -- TODO add db permissions INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___create_project_translation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (107, 'allow', 'lsmb___create_project_translation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (108, 'allow', 'lsmb___create_project_translation'); CREATE ROLE "lsmb___all_manual_translation" WITH INHERIT NOLOGIN IN ROLE "lsmb___create_language", "lsmb___create_part_translation", "lsmb___create_project_translation"; GRANT SELECT ON custom_field_catalog TO public; GRANT SELECT ON custom_table_catalog TO public; -- Grants to all users; GRANT ALL ON defaults TO public; GRANT ALL ON "session" TO public; GRANT ALL ON session_session_id_seq TO PUBLIC; GRANT SELECT ON users TO public; GRANT ALL ON user_preference TO public; GRANT SELECT ON custom_table_catalog TO PUBLIC; GRANT SELECT ON custom_field_catalog TO PUBLIC; grant select on menu_node, menu_attribute, menu_acl to public; GRANT select on chart, gifi, country to public; grant select on employee to public; GRANT SELECT ON parts, partsgroup TO public; GRANT SELECT ON language, project TO public; GRANT SELECT ON business, exchangerate, department, shipto, tax TO public; GRANT ALL ON recurring, recurringemail, recurringprint, status TO public; GRANT ALL ON transactions, entity_employee, customer, vendor TO public; GRANT ALL ON pending_job, payments_queue TO PUBLIC; GRANT ALL ON pending_job_id_seq TO public; --TODO, lock recurring, pending_job, payment_queue down more -- Roles with no db permissions: CREATE ROLE "lsmb___draft_edit" WITH INHERIT NOLOGIN; -- CT: The following grant is required for now, but will hopefully become less -- important when we get to 1.4 and can more sensibly lock things down. GRANT ALL ON dpt_trans TO public; -- Roles dependant on FUNCTIONS CREATE ROLE "lsmb___voucher_delete" WITH INHERIT NOLOGIN; GRANT EXECUTE ON FUNCTION voucher__delete(int) TO "lsmb___voucher_delete"; GRANT EXECUTE ON FUNCTION batch_delete(int) TO "lsmb___voucher_delete";