-- Contacts CREATE ROLE lsmb___read_contact WITH INHERIT NOLOGIN; GRANT SELECT ON entity TO lsmb___read_contact; GRANT SELECT ON company TO lsmb___read_contact; GRANT SELECT ON location TO lsmb___read_contact; GRANT SELECT ON person TO lsmb___read_contact; GRANT SELECT ON entity_credit_account TO lsmb___read_contact; GRANT SELECT ON company_to_contact TO lsmb___read_contact; GRANT SELECT ON company_to_entity TO lsmb___read_contact; GRANT SELECT ON company_to_location TO lsmb___read_contact; GRANT SELECT ON customertax TO lsmb___read_contact; GRANT SELECT ON contact_class TO lsmb___read_contact; GRANT SELECT ON entity_class TO lsmb___read_contact; GRANT SELECT ON entity_bank_account TO lsmb___read_contact; GRANT SELECT ON entity_note TO lsmb___read_contact; GRANT SELECT ON entity_class_to_entity TO lsmb___read_contact; GRANT SELECT ON entity_other_name TO lsmb___read_contact; GRANT SELECT ON location_class TO lsmb___read_contact; GRANT SELECT ON person_to_company TO lsmb___read_contact; GRANT SELECT ON person_to_contact TO lsmb___read_contact; GRANT SELECT ON person_to_contact TO lsmb___read_contact; GRANT SELECT ON person_to_location TO lsmb___read_contact; GRANT SELECT ON person_to_location TO lsmb___read_contact; GRANT SELECT ON vendortax TO lsmb___read_contact; INSERT INTO menu_acl (node_id, acl_type, role_name) values (1, 'allow', 'lsmb___read_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (11, 'allow', 'lsmb___read_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (14, 'allow', 'lsmb___read_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (21, 'allow', 'lsmb___read_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (30, 'allow', 'lsmb___read_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (33, 'allow', 'lsmb___read_contact'); CREATE ROLE lsmb___create_contact WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON entity TO lsmb___create_contact; GRANT ALL ON entity_id_seq TO lsmb___create_contact; GRANT INSERT ON company TO lsmb___create_contact; GRANT ALL ON company_id_seq TO lsmb___create_contact; GRANT INSERT ON location TO lsmb___create_contact; GRANT ALL ON location_id_seq TO lsmb___create_contact; GRANT INSERT ON person TO lsmb___create_contact; GRANT ALL ON person_id_seq TO lsmb___create_contact; GRANT INSERT ON entity_credit_account TO lsmb___create_contact; GRANT ALL ON entity_credit_account_id_seq TO lsmb___create_contact; GRANT INSERT ON company_to_contact TO lsmb___create_contact; GRANT INSERT ON company_to_entity TO lsmb___create_contact; GRANT INSERT ON company_to_location TO lsmb___create_contact; GRANT INSERT ON customertax TO lsmb___create_contact; GRANT INSERT ON entity_bank_account TO lsmb___create_contact; GRANT ALL ON entity_bank_account_id_seq TO lsmb___create_contact; GRANT INSERT ON entity_note TO lsmb___create_contact; GRANT INSERT ON entity_class_to_entity TO lsmb___create_contact; GRANT INSERT ON entity_other_name TO lsmb___create_contact; GRANT INSERT ON person_to_company TO lsmb___create_contact; GRANT INSERT ON person_to_contact TO lsmb___create_contact; GRANT INSERT ON person_to_contact TO lsmb___create_contact; GRANT INSERT ON person_to_location TO lsmb___create_contact; GRANT INSERT ON person_to_location TO lsmb___create_contact; GRANT INSERT ON vendortax TO lsmb___create_contact; INSERT INTO menu_acl (node_id, acl_type, role_name) values (1, 'allow', 'lsmb___create_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (11, 'allow', 'lsmb___create_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (12, 'allow', 'lsmb___create_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (21, 'allow', 'lsmb___create_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (30, 'allow', 'lsmb___create_contact'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (31, 'allow', 'lsmb___create_contact'); CREATE ROLE lsmb___edit_contact WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT UPDATE ON entity TO lsmb___create_contact; GRANT UPDATE ON company TO lsmb___create_contact; GRANT UPDATE ON location TO lsmb___create_contact; GRANT UPDATE ON person TO lsmb___create_contact; GRANT UPDATE ON entity_credit_account TO lsmb___create_contact; GRANT UPDATE ON company_to_contact TO lsmb___create_contact; GRANT UPDATE ON company_to_entity TO lsmb___create_contact; GRANT UPDATE ON company_to_location TO lsmb___create_contact; GRANT UPDATE ON customertax TO lsmb___create_contact; GRANT UPDATE ON entity_bank_account TO lsmb___create_contact; GRANT UPDATE ON entity_note TO lsmb___create_contact; GRANT UPDATE ON entity_class_to_entity TO lsmb___create_contact; GRANT UPDATE ON entity_other_name TO lsmb___create_contact; GRANT UPDATE ON person_to_company TO lsmb___create_contact; GRANT UPDATE ON person_to_contact TO lsmb___create_contact; GRANT UPDATE ON person_to_contact TO lsmb___create_contact; GRANT UPDATE ON person_to_location TO lsmb___create_contact; GRANT UPDATE ON person_to_location TO lsmb___create_contact; GRANT DELETE, INSERT ON vendortax TO lsmb___create_contact; CREATE ROLE lsmb___contact_all_rights WITH INHERIT NOLOGIN in role lsmb___create_contact, lsmb___edit_contact, lsmb___read_contact; -- Batches and VOuchers CREATE ROLE lsmb___create_batch WITH INHERIT NOLOGIN; GRANT INSERT ON batch TO lsmb___create_batch; GRANT ALL ON batch_id_seq TO lsmb___create_batch; GRANT SELECT ON batch_class TO lsmb___create_batch; GRANT INSERT ON voucher TO lsmb___create_batch; GRANT ALL ON voucher_id_seq TO lsmb___create_contact; -- TODO add Menu ACLs CREATE ROLE lsmb___post_batches WITH INHERIT NOLOGIN; GRANT UPDATE ON ar TO lsmb___post_batches; GRANT UPDATE ON ap TO lsmb___post_batches; GRANT UPDATE ON acc_trans TO lsmb___post_batches; GRANT UPDATE ON batch TO lsmb___post_batches; GRANT UPDATE ON gl TO lsmb___post_batches; -- TODO add Menu ACLs -- AR CREATE ROLE lsmb___create_ar_transaction WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON ar TO lsmb___create_ar_transaction; GRANT ALL ON id TO lsmb___create_ar_transaction; GRANT INSERT ON acc_trans TO lsmb___create_ar_transaction; GRANT ALL ON acc_trans_entry_id_seq TO lsmb___create_ar_transaction; INSERT INTO menu_acl (node_id, acl_type, role_name) values (1, 'allow', 'lsmb___create_ar_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (2, 'allow', 'lsmb___create_ar_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (194, 'allow', 'lsmb___create_ar_transaction'); CREATE ROLE lsmb___create_ar_transaction_voucher WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact, lsmb___create_batch; GRANT INSERT ON ar TO lsmb___create_ar_transaction_voucher; GRANT ALL ON id TO lsmb___create_ar_transaction_voucher; GRANT INSERT ON acc_trans TO lsmb___create_ar_transaction_voucher; GRANT ALL ON acc_trans_entry_id_seq TO lsmb___create_ar_transaction_voucher; -- TODO add Menu ACLs CREATE ROLE lsmb___create_ar_invoice WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact, lsmb___create_ar_transaction; GRANT INSERT ON invoice TO lsmb___create_ar_invoice; GRANT ALL ON invoice_id_seq TO lsmb___create_ar_invoice; GRANT INSERT ON inventory TO lsmb___create_ar_invoice; GRANT ALL ON inventory_entry_id_seq TO lsmb___create_ar_invoice; INSERT INTO menu_acl (node_id, acl_type, role_name) values (3, 'allow', 'lsmb___create_ar_invoice'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (195, 'allow', 'lsmb___create_ar_transaction'); CREATE ROLE lsmb___create_ar_invoice_voucher WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact, lsmb___create_batch, lsmb___create_ar_transaction_voucher; GRANT INSERT ON invoice TO lsmb___create_ar_invoice_voucher; GRANT ALL ON invoice_id_seq TO lsmb___create_ar_invoice_voucher; GRANT INSERT ON inventory TO lsmb___create_ar_invoice_voucher; GRANT ALL ON inventory_entry_id_seq TO lsmb___create_ar_invoice_voucher; -- TODO add Menu ACLs CREATE ROLE lsmb___list_ar_transactions WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT SELECT ON ar TO lsmb___list_ar_transactions; GRANT SELECT ON acc_trans TO lsmb___list_ar_transactions; GRANT SELECT ON invoice TO lsmb___list_ar_transactions; GRANT SELECT ON inventory TO lsmb___list_ar_transactions; INSERT INTO menu_acl (node_id, acl_type, role_name) values (1, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (4, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (5, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (6, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (7, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (9, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (10, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (11, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (13, 'allow', 'lsmb___list_ar_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (15, 'allow', 'lsmb___list_ar_transactions'); CREATE ROLE lsmb___ar_all_vouchers WITH INHERIT NOLOGIN IN ROLE lsmb___create_ar_transaction_voucher, lsmb___create_ar_invoice_voucher; CREATE ROLE lsmb___ar_all_transactions WITH INHERIT NOLOGIN IN ROLE lsmb___create_ar_transaction, lsmb___create_ar_invoice, lsmb___list_ar_transactions; CREATE ROLE lsmb___create_sales_order WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON oe TO lsmb___create_sales_order; GRANT ALL ON oe_id_seq TO lsmb___create_sales_order; GRANT INSERT ON orderitems TO lsmb___create_sales_order; GRANT ALL ON orderitems_id_seq TO lsmb___create_sales_order; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___create_sales_order'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (51, 'allow', 'lsmb___create_sales_order'); CREATE ROLE lsmb___create_sales_quotation WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON oe TO lsmb___create_sales_quotation; GRANT ALL ON oe_id_seq TO lsmb___create_sales_quotation; GRANT INSERT ON orderitems TO lsmb___create_sales_quotation; GRANT ALL ON orderitems_id_seq TO lsmb___create_sales_quotation; INSERT INTO menu_acl (node_id, acl_type, role_name) values (67, 'allow', 'lsmb___create_sales_quotation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (68, 'allow', 'lsmb___create_sales_quotation'); CREATE ROLE lsmb___list_sales_orders WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT SELECT ON oe TO lsmb___list_sales_orders; GRANT SELECT ON orderitems TO lsmb___list_sales_orders; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___list_sales_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (53, 'allow', 'lsmb___list_sales_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (54, 'allow', 'lsmb___list_sales_orders'); CREATE ROLE lsmb___list_sales_quotations WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT SELECT ON oe TO lsmb___list_sales_quotations; GRANT SELECT ON orderitems TO lsmb___list_sales_quotations; INSERT INTO menu_acl (node_id, acl_type, role_name) values (67, 'allow', 'lsmb___list_sales_quotations'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (70, 'allow', 'lsmb___list_sales_quotations'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (71, 'allow', 'lsmb___list_sales_quotations'); CREATE ROLE lsmb___all_ar WITH INHERIT NOLOGIN IN ROLE lsmb___ar_all_vouchers, lsmb___ar_all_transactions, lsmb___create_sales_order, lsmb___create_sales_quotation, lsmb___list_sales_orders, lsmb___list_sales_quotations; -- AP CREATE ROLE lsmb___create_ap_transaction WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON ap TO lsmb___create_ap_transaction; GRANT ALL ON id TO lsmb___create_ap_transaction; GRANT INSERT ON acc_trans TO lsmb___create_ap_transaction; GRANT ALL ON acc_trans_entry_id_seq TO lsmb___create_ap_transaction; INSERT INTO menu_acl (node_id, acl_type, role_name) values (21, 'allow', 'lsmb___create_ap_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (22, 'allow', 'lsmb___create_ap_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (196, 'allow', 'lsmb___create_ap_transaction'); CREATE ROLE lsmb___create_ap_transaction_voucher WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact, lsmb___create_batch; GRANT INSERT ON ar TO lsmb___create_ap_transaction_voucher; GRANT ALL ON id TO lsmb___create_ap_transaction_voucher; GRANT INSERT ON acc_trans TO lsmb___create_ap_transaction_voucher; GRANT ALL ON acc_trans_entry_id_seq TO lsmb___create_ap_transaction_voucher; -- TODO add Menu ACLs CREATE ROLE lsmb___create_ap_invoice WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact, lsmb___create_ap_transaction; GRANT INSERT ON invoice TO lsmb___create_ap_invoice; GRANT INSERT ON inventory TO lsmb___create_ap_invoice; GRANT ALL ON invoice_id_seq TO lsmb___create_ap_invoice; GRANT ALL ON inventory_entry_id_seq TO lsmb___create_ap_invoice; INSERT INTO menu_acl (node_id, acl_type, role_name) values (23, 'allow', 'lsmb___create_ap_invoice'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (197, 'allow', 'lsmb___create_ap_transaction'); CREATE ROLE lsmb___create_ap_invoice_voucher WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact, lsmb___create_batch; GRANT INSERT ON invoice TO lsmb___create_ap_invoice_voucher; GRANT INSERT ON inventory TO lsmb___create_ap_invoice_voucher; GRANT ALL ON invoice_id_seq TO lsmb___create_ap_invoice_voucher; GRANT ALL ON inventory_entry_id_seq TO lsmb___create_ap_invoice_voucher; -- TODO add Menu ACLs CREATE ROLE lsmb___list_ap_transactions WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT SELECT ON ap TO lsmb___list_ap_transactions; GRANT SELECT ON acc_trans TO lsmb___list_ap_transactions; GRANT SELECT ON invoice TO lsmb___list_ap_transactions; GRANT SELECT ON inventory TO lsmb___list_ap_transactions; INSERT INTO menu_acl (node_id, acl_type, role_name) values (21, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (24, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (25, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (26, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (27, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (28, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (29, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (30, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (32, 'allow', 'lsmb___list_ap_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (34, 'allow', 'lsmb___list_ap_transactions'); CREATE ROLE lsmb___ap_all_vouchers WITH INHERIT NOLOGIN IN ROLE lsmb___create_ap_transaction_voucher, lsmb___create_ap_invoice_voucher; CREATE ROLE lsmb___ap_all_transactions WITH INHERIT NOLOGIN IN ROLE lsmb___create_ap_transaction, lsmb___create_ap_invoice, lsmb___list_ap_transactions; CREATE ROLE lsmb___create_purchase_order WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON oe TO lsmb___create_purchase_order; GRANT INSERT ON orderitems TO lsmb___create_purchase_order; GRANT ALL ON oe_id_seq TO lsmb___create_purchase_order; GRANT ALL ON orderitems_id_seq TO lsmb___create_purchase_order; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___create_purchase_order'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (52, 'allow', 'lsmb___create_purchase_order'); CREATE ROLE lsmb___create_purchase_rfq WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON oe TO lsmb___create_purchase_rfq; GRANT INSERT ON orderitems TO lsmb___create_purchase_rfq; GRANT ALL ON oe_id_seq TO lsmb___create_purchase_rfq; GRANT ALL ON orderitems_id_seq TO lsmb___create_purchase_rfq; INSERT INTO menu_acl (node_id, acl_type, role_name) values (67, 'allow', 'lsmb___create_purchase_rfq'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (69, 'allow', 'lsmb___create_purchase_rfq'); CREATE ROLE lsmb___list_purchase_orders WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT SELECT ON oe TO lsmb___list_purchase_orders; GRANT SELECT ON orderitems TO lsmb___list_purchase_orders; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___list_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (53, 'allow', 'lsmb___list_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (55, 'allow', 'lsmb___list_purchase_orders'); CREATE ROLE lsmb___list_purchase_rfqs WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT SELECT ON oe TO lsmb___list_purchase_rfqs; GRANT SELECT ON orderitems TO lsmb___list_purchase_rfqs; INSERT INTO menu_acl (node_id, acl_type, role_name) values (67, 'allow', 'lsmb___list_purchase_rfqs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (70, 'allow', 'lsmb___list_purchase_rfqs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (72, 'allow', 'lsmb___list_purchase_rfqs'); CREATE ROLE lsmb___all_ap WITH INHERIT NOLOGIN IN ROLE lsmb___ap_all_vouchers, lsmb___ap_all_transactions, lsmb___create_purchase_order, lsmb___create_purchase_rfq, lsmb___list_purchase_orders, lsmb___list_purchase_rfqs; -- POS CREATE ROLE lsmb___create_pos_invoice WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON invoice TO lsmb___create_pos_invoice; GRANT INSERT ON inventory TO lsmb___create_pos_invoice; GRANT INSERT ON ar TO lsmb___create_pos_invoice; GRANT INSERT ON acc_trans TO lsmb___create_pos_invoice; GRANT ALL ON id TO lsmb___create_pos_invoice; GRANT ALL ON acc_trans_entry_id_seq TO lsmb___create_pos_invoice; GRANT ALL ON invoice_id_seq TO lsmb___create_pos_invoice; GRANT ALL ON inventory_entry_id_seq TO lsmb___create_pos_invoice; INSERT INTO menu_acl (node_id, acl_type, role_name) values (16, 'allow', 'lsmb___create_pos_invoice'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (17, 'allow', 'lsmb___create_pos_invoice'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (18, 'allow', 'lsmb___create_pos_invoice'); CREATE ROLE lsmb___close_till WITH INHERIT NOLOGIN; GRANT INSERT ON gl TO lsmb___close_till; GRANT INSERT ON acc_trans TO lsmb___close_till; GRANT ALL ON id TO lsmb___close_till; GRANT ALL ON acc_trans_entry_id_seq TO lsmb___close_till; INSERT INTO menu_acl (node_id, acl_type, role_name) values (16, 'allow', 'lsmb___close_till'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (19, 'allow', 'lsmb___close_till'); CREATE ROLE lsmb___list_all_open WITH INHERIT NOLOGIN; GRANT SELECT ON ar TO lsmb___list_all_open; GRANT SELECT ON acc_trans TO lsmb___list_all_open; INSERT INTO menu_acl (node_id, acl_type, role_name) values (16, 'allow', 'lsmb___list_all_open'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (18, 'allow', 'lsmb___list_all_open'); CREATE ROLE lsmb___pos_cashier WITH INHERIT NOLOGIN IN ROLE lsmb___create_pos_invoice, lsmb___close_till; CREATE ROLE lsmb___all_pos WITH INHERIT NOLOGIN IN ROLE lsmb___pos_cashier, lsmb___list_all_open; -- CASH CREATE ROLE lsmb___reconcile WITH INHERIT NOLOGIN; -- GRANT INSERT ON pending_reports TO lsmb___reconcile; -- GRANT INSERT on report_corrections TO lsmb___reconcile; GRANT SELECT ON acc_trans TO lsmb___reconcile; -- GRANT ALL ON pending_reports_id_seq TO lsmb___reconcile; -- GRANT ALL ON report_corrections_id_seq TO lsmb___reconcile; INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb__reconcile'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (45, 'allow', 'lsmb__reconcile'); CREATE ROLE lsmb___approve_reconciliation WITH INHERIT NOLOGIN; -- GRANT UPDATE ON pending_reports TO lsmb___reconcile; GRANT SELECT ON acc_trans TO lsmb___reconcile; INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb__reconcile'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (41, 'allow', 'lsmb__reconcile'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (44, 'allow', 'lsmb__reconcile'); CREATE ROLE lsmb___all_reconcile WITH INHERIT NOLOGIN IN ROLE lsmb___reconcile, lsmb___approve_reconciliation; CREATE ROLE lsmb___process_payment WITH INHERIT NOLOGIN IN ROLE lsmb___list_ap_transactions; GRANT INSERT ON acc_trans TO lsmb___process_payment; GRANT ALL ON acc_trans_entry_id_seq TO lsmb___process_payment; INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb___process_payment'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (38, 'allow', 'lsmb___process_payment'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (39, 'allow', 'lsmb___process_payment'); CREATE ROLE lsmb___process_receipt WITH INHERIT NOLOGIN IN ROLE lsmb___ar_list_transactions; GRANT INSERT ON acc_trans TO lsmb___process_receipt; GRANT ALL ON acc_trans_entry_id_seq TO lsmb___process_receipt; INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb___process_receipt'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (36, 'allow', 'lsmb___process_receipt'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (47, 'allow', 'lsmb___process_receipt'); CREATE ROLE lsmb___cash_all WITH INHERIT NOLOGIN IN ROLE lsmb___all_reconcile, lsmb___process_payment, lsmb___process_receipt; -- Inventory Control CREATE ROLE lsmb___create_part WITH INHERIT NOLOGIN; GRANT INSERT ON parts TO lsmb___create_part; GRANT ALL ON parts_id_seq TO lsmb___create_part; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___create_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (78, 'allow', 'lsmb___create_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (79, 'allow', 'lsmb___create_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (80, 'allow', 'lsmb___create_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (81, 'allow', 'lsmb___create_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (82, 'allow', 'lsmb___create_part'); CREATE ROLE lsmb___edit_part WITH INHERIT NOLOGIN; GRANT UPDATE ON parts TO lsmb___edit_part; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (85, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (86, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (87, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (88, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (89, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (90, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (91, 'allow', 'lsmb___edit_part'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (93, 'allow', 'lsmb___edit_part'); CREATE ROLE lsmb___inventory_reports WITH INHERIT NOLOGIN; GRANT SELECT ON ar TO lsmb___inventory_reports; GRANT SELECT ON ap TO lsmb___inventory_reports; GRANT SELECT ON inventory TO lsmb___inventory_reports; GRANT SELECT ON invoice TO lsmb___inventory_reports; GRANT SELECT ON acc_trans TO lsmb___inventory_reports; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___inventory_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (85, 'allow', 'lsmb___inventory_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (88, 'allow', 'lsmb___inventory_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (94, 'allow', 'lsmb___inventory_reports'); CREATE ROLE lsmb___create_pricegroup WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON pricegroup TO lsmb___create_pricegroup; GRANT ALL ON pricegroup_id_seq TO lsmb___create_pricegroup; GRANT UPDATE ON entity_credit_account TO lsmb___create_pricegroup; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___create_pricegroup'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (83, 'allow', 'lsmb___create_pricegroup'); CREATE ROLE lsmb___edit_pricegroup WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT UPDATE ON pricegroup TO lsmb___edit_pricegroup; GRANT UPDATE ON entity_credit_account TO lsmb___edit_pricegroup; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___edit_pricegroup'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (85, 'allow', 'lsmb___edit_pricegroup'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (92, 'allow', 'lsmb___edit_pricegroup'); CREATE ROLE lsmb___stock_assembly WITH INHERIT NOLOGIN; GRANT UPDATE ON parts TO lsmb___stock_assembly; INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___stock_assembly'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (84, 'allow', 'lsmb___stock_assembly'); CREATE ROLE lsmb___ship_inventory WITH INHERIT NOLOGIN IN ROLE lsmb___list_sales_orders; GRANT INSERT ON inventory TO lsmb___ship_inventory; GRANT ALL ON inventory_entry_id_seq TO lsmb___ship_inventory; INSERT INTO menu_acl (node_id, acl_type, role_name) values (63, 'allow', 'lsmb___ship_inventory'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (64, 'allow', 'lsmb___ship_inventory'); CREATE ROLE lsmb___receive_inventory WITH INHERIT NOLOGIN IN ROLE lsmb___list_purchase_orders; GRANT INSERT ON inventory TO lsmb___receive_inventory; GRANT ALL ON inventory_entry_id_seq TO lsmb___receive_inventory; INSERT INTO menu_acl (node_id, acl_type, role_name) values (63, 'allow', 'lsmb___receive_inventory'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (65, 'allow', 'lsmb___receive_inventory'); CREATE ROLE lsmb___transfer_inventory WITH INHERIT NOLOGIN; GRANT INSERT ON inventory TO lsmb___transfer_inventory; GRANT ALL ON inventory_entry_id_seq TO lsmb___transfer_inventory; INSERT INTO menu_acl (node_id, acl_type, role_name) values (63, 'allow', 'lsmb___transfer_inventory'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (66, 'allow', 'lsmb___transfer_inventory'); CREATE ROLE lsmb___create_warehouse WITH INHERIT NOLOGIN; GRANT INSERT ON warehouse TO lsmb___create_warehouse; GRANT ALL ON warehouse_id_seq TO lsmb___create_warehouse; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_warehouse'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (141, 'allow', 'lsmb___create_warehouse'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (142, 'allow', 'lsmb___create_warehouse'); CREATE ROLE lsmb___edit_warehouse WITH INHERIT NOLOGIN; GRANT UPDATE ON warehouse TO lsmb___edit_warehouse; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_warehouse'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (141, 'allow', 'lsmb___edit_warehouse'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (143, 'allow', 'lsmb___edit_warehouse'); CREATE ROLE lsmb___all_inventory WITH INHERIT NOLOGIN IN ROLE lsmb___create_part, lsmb___inventory_reports, lsmb___stock_assembly, lsmb___ship_inventory, lsmb___receive_inventory, lsmb___transfer_inventory, lsmb___edit_warehouse, lsmb___create_warehouse; -- GL CREATE ROLE lsmb___create_transaction WITH INHERIT NOLOGIN; GRANT INSERT ON gl TO lsmb___create_transaction; GRANT INSERT ON acc_trans TO lsmb___create_transaction; GRANT ALL ON id TO lsmb___create_transaction; GRANT ALL ON acc_trans_entry_id_seq TO lsmb___create_transaction; INSERT INTO menu_acl (node_id, acl_type, role_name) values (73, 'allow', 'lsmb___create_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (74, 'allow', 'lsmb___create_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (75, 'allow', 'lsmb___create_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (35, 'allow', 'lsmb___create_transaction'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (40, 'allow', 'lsmb___create_transaction'); CREATE ROLE lsmb___create_transaction_voucher WITH INHERIT NOLOGIN; GRANT INSERT ON gl TO lsmb___create_transaction_voucher; GRANT INSERT ON acc_trans TO lsmb___create_transaction_voucher; GRANT ALL ON id TO lsmb___create_transaction_voucher; GRANT ALL ON acc_trans_entry_id_seq TO lsmb___create_transaction_voucher; -- TODO Add menu permissions CREATE ROLE lsmb___list_transactions WITH INHERIT NOLOGIN IN ROLE lsmb___list_ar_transactions, lsmb___list_ap_transactions; GRANT SELECT ON gl TO lsmb___list_transactions; INSERT INTO menu_acl (node_id, acl_type, role_name) values (73, 'allow', 'lsmb___list_transactions'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (76, 'allow', 'lsmb___list_transactions'); CREATE ROLE lsmb___run_yearend WITH INHERIT NOLOGIN; GRANT INSERT, SELECT ON acc_trans TO lsmb___run_yearend; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___run_yearend'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (132, 'allow', 'lsmb___run_yearend'); CREATE ROLE lsmb___list_batches WITH INHERIT NOLOGIN IN ROLE lsmb___list_transactions; GRANT SELECT ON batch TO lsmb___list_batches; GRANT SELECT ON batch_class TO lsmb___list_batches; GRANT SELECT ON voucher TO lsmb___list_batches; -- TODO: Add menu items CREATE ROLE lsmb___all_gl WITH INHERIT NOLOGIN IN ROLE lsmb___create_transaction, lsmb___create_transaction_voucher, lsmb___run_yearend, lsmb___list_transactions; -- PROJECTS CREATE ROLE lsmb___create_project WITH INHERIT NOLOGIN; GRANT INSERT ON project TO lsmb___create_project; GRANT ALL ON project_id_seq TO lsmb___create_project; INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___create_project'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (99, 'allow', 'lsmb___create_project'); CREATE ROLE lsmb___edit_project WITH INHERIT NOLOGIN; GRANT UPDATE ON project TO lsmb___edit_project; INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___edit_project'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (103, 'allow', 'lsmb___edit_project'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (104, 'allow', 'lsmb___edit_project'); CREATE ROLE lsmb___add_project_timecard WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT INSERT ON jcitems TO lsmb___add_project_timecard; GRANT ALL ON jcitems_id_seq TO lsmb___add_project_timecard; INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___add_project_timecard'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (100, 'allow', 'lsmb___add_project_timecard'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (103, 'allow', 'lsmb___add_project_timecard'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (106, 'allow', 'lsmb___add_project_timecard'); CREATE ROLE lsmb___list_project_timecards WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT UPDATE ON project TO lsmb___edit_project; INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___edit_project'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (103, 'allow', 'lsmb___edit_project'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (106, 'allow', 'lsmb___edit_project'); -- ORDER GENERATION CREATE ROLE lsmb___generate_orders WITH INHERIT NOLOGIN IN ROLE lsmb___read_contact; GRANT SELECT, INSERT, UPDATE ON oe TO lsmb___generate_orders; GRANT SELECT, INSERT, UPDATE ON orderitems TO lsmb___generate_orders; GRANT ALL ON oe_id_seq TO lsmb___generate_orders; GRANT ALL ON orderitems_id_seq TO lsmb___generate_orders; CREATE ROLE lsmb___project_generate_orders WITH INHERIT NOLOGIN IN ROLE lsmb___generate_orders; INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___project_generate_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (101, 'allow', 'lsmb___project_generate_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (102, 'allow', 'lsmb___project_generate_orders'); CREATE ROLE lsmb___sales_to_purchase_orders WITH INHERIT NOLOGIN IN ROLE lsmb___generate_orders; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___sales_to_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (56, 'allow', 'lsmb___sales_to_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (57, 'allow', 'lsmb___sales_to_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (58, 'allow', 'lsmb___sales_to_purchase_orders'); CREATE ROLE lsmb___consolidate_purchase_orders WITH INHERIT NOLOGIN IN ROLE lsmb___generate_orders; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___consolidate_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (60, 'allow', 'lsmb___consolidate_purchase_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (62, 'allow', 'lsmb___consolidate_purchase_orders'); CREATE ROLE lsmb___consolidate_sales_orders WITH INHERIT NOLOGIN IN ROLE lsmb___generate_orders; INSERT INTO menu_acl (node_id, acl_type, role_name) values (50, 'allow', 'lsmb___consolidate_sales_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (60, 'allow', 'lsmb___consolidate_sales_orders'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (61, 'allow', 'lsmb___consolidate_sales_orders'); CREATE ROLE lsmb___manage_orders WITH INHERIT NOLOGIN IN ROLE lsmb___project_generate_orders, lsmb___sales_to_purchase_orders, lsmb___consolidate_purchase_orders, lsmb___consolidate_sales_orders; -- FINANCIAL REPORTS CREATE ROLE lsmb___run_financial_reports WITH INHERIT NOLOGIN IN ROLE lsmb___list_transactions; INSERT INTO menu_acl (node_id, acl_type, role_name) values (109, 'allow', 'lsmb___run_financial_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (110, 'allow', 'lsmb___run_financial_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (111, 'allow', 'lsmb___run_financial_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (112, 'allow', 'lsmb___run_financial_reports'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (113, 'allow', 'lsmb___run_financial_reports'); -- RECURRING TRANSACTIONS -- TO ADD WHEN THIS IS REDESIGNED -- BATCH PRINTING CREATE ROLE lsmb___list_print_jobs WITH INHERIT NOLOGIN; INSERT INTO menu_acl (node_id, acl_type, role_name) values (116, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (117, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (118, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (119, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (120, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (121, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (122, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (123, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (124, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (125, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (126, 'allow', 'lsmb___list_print_jobs'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (127, 'allow', 'lsmb___list_print_jobs'); CREATE ROLE lsmb___print_jobs WITH INHERIT NOLOGIN IN ROLE lsmb___list_print_jobs; -- SYSTEM SETTINGS CREATE ROLE lsmb___list_system_settings WITH INHERIT NOLOGIN; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___list_system_settings'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (129, 'allow', 'lsmb___list_system_settings'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (131, 'allow', 'lsmb___list_system_settings'); CREATE ROLE lsmb___change_system_settings WITH INHERIT NOLOGIN IN ROLE lsmb___list_system_settings; CREATE ROLE lsmb___set_taxes WITH INHERIT NOLOGIN; GRANT INSERT, UPDATE ON tax TO lsmb___set_taxes; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___set_taxes'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (130, 'allow', 'lsmb___set_taxes'); CREATE ROLE lsmb___create_account WITH INHERIT NOLOGIN; GRANT INSERT ON chart TO lsmb___create_account; GRANT ALL ON chart_id_seq TO lsmb___create_account; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (136, 'allow', 'lsmb___create_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (137, 'allow', 'lsmb___create_account'); CREATE ROLE lsmb___edit_account WITH INHERIT NOLOGIN; GRANT UPDATE ON chart TO lsmb___edit_account; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (136, 'allow', 'lsmb___edit_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (138, 'allow', 'lsmb___edit_account'); CREATE ROLE lsmb___create_gifi WITH INHERIT NOLOGIN; GRANT INSERT ON gifi TO lsmb___create_gifi; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_gifi'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (136, 'allow', 'lsmb___create_gifi'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (139, 'allow', 'lsmb___create_gifi'); CREATE ROLE lsmb___edit_gifi WITH INHERIT NOLOGIN; GRANT UPDATE ON gifi TO lsmb___edit_gifi; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (136, 'allow', 'lsmb___edit_account'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (140, 'allow', 'lsmb___edit_account'); CREATE ROLE lsmb___all_accounts WITH INHERIT NOLOGIN IN ROLE lsmb___create_account, lsmb___set_taxes, lsmb___edit_account, lsmb___create_gifi, lsmb___edit_gifi; CREATE ROLE lsmb___create_department WITH INHERIT NOLOGIN; GRANT INSERT ON department TO lsmb___create_department; GRANT ALL ON department_id_seq TO lsmb___create_department; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_department'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (144, 'allow', 'lsmb___create_department'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (145, 'allow', 'lsmb___create_department'); CREATE ROLE lsmb___edit_department WITH INHERIT NOLOGIN; GRANT UPDATE ON department TO lsmb___edit_department; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_department'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (144, 'allow', 'lsmb___edit_department'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (146, 'allow', 'lsmb___edit_department'); CREATE ROLE lsmb___all_department WITH INHERIT NOLOGIN IN ROLE lsmb___create_department, lsmb___edit_department; CREATE ROLE lsmb___create_business_type WITH INHERIT NOLOGIN; GRANT INSERT ON business TO lsmb___create_business_type; GRANT ALL ON business_id_seq TO lsmb___create_business_type; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_business_type'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (147, 'allow', 'lsmb___create_business_type'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (148, 'allow', 'lsmb___create_business_type'); CREATE ROLE lsmb___edit_business_type WITH INHERIT NOLOGIN; GRANT UPDATE ON business TO lsmb___edit_business_type; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_business_type'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (147, 'allow', 'lsmb___edit_business_type'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (149, 'allow', 'lsmb___edit_business_type'); CREATE ROLE lsmb___all_business_type WITH INHERIT NOLOGIN IN ROLE lsmb___create_business_type, lsmb___edit_business_type; CREATE ROLE lsmb___create_sic WITH INHERIT NOLOGIN; GRANT INSERT ON sic TO lsmb___create_sic; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_sic'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (153, 'allow', 'lsmb___create_sic'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (154, 'allow', 'lsmb___create_sic'); CREATE ROLE lsmb___edit_sic WITH INHERIT NOLOGIN; GRANT UPDATE ON sic TO lsmb___edit_sic; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_sic'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (153, 'allow', 'lsmb___edit_sic'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (155, 'allow', 'lsmb___edit_sic'); CREATE ROLE lsmb___all_sic WITH INHERIT NOLOGIN IN ROLE lsmb___create_sic, lsmb___edit_sic; CREATE ROLE lsmb___edit_template WITH INHERIT NOLOGIN; -- TODO Add db permissions as templates get moved into db. INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (156, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (157, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (158, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (159, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (160, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (161, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (162, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (163, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (164, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (165, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (166, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (167, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (168, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (169, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (170, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (171, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (172, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (173, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (174, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (175, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (176, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (177, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (178, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (179, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (180, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (181, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (182, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (183, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (184, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (185, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (186, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (187, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (188, 'allow', 'lsmb___edit_template'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (189, 'allow', 'lsmb___edit_template'); CREATE ROLE lsmb___manage_system WITH INHERIT NOLOGIN IN ROLE lsmb___change_system_settings, lsmb___all_accounts, lsmb___all_department, lsmb___all_business_type, lsmb___all_sic, lsmb___edit_template; -- Manual Translation CREATE ROLE lsmb___create_language WITH INHERIT NOLOGIN; GRANT INSERT ON language TO lsmb___create_language; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___create_language'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (150, 'allow', 'lsmb___create_language'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (151, 'allow', 'lsmb___create_language'); CREATE ROLE lsmb___edit_language WITH INHERIT NOLOGIN; GRANT UPDATE ON language TO lsmb___edit_language; INSERT INTO menu_acl (node_id, acl_type, role_name) values (128, 'allow', 'lsmb___edit_language'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (150, 'allow', 'lsmb___edit_language'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (152, 'allow', 'lsmb___edit_language'); CREATE ROLE lsmb___create_part_translation WITH INHERIT NOLOGIN; -- TODO add db permissions INSERT INTO menu_acl (node_id, acl_type, role_name) values (77, 'allow', 'lsmb___create_part_translation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (95, 'allow', 'lsmb___create_part_translation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (96, 'allow', 'lsmb___create_part_translation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (97, 'allow', 'lsmb___create_part_translation'); CREATE ROLE lsmb___create_project_translation WITH INHERIT NOLOGIN; -- TODO add db permissions INSERT INTO menu_acl (node_id, acl_type, role_name) values (98, 'allow', 'lsmb___create_project_translation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (107, 'allow', 'lsmb___create_project_translation'); INSERT INTO menu_acl (node_id, acl_type, role_name) values (108, 'allow', 'lsmb___create_project_translation'); CREATE ROLE lsmb___all_manual_translation WITH INHERIT NOLOGIN IN ROLE lsmb___create_language, lsmb___create_part_translation, lsmb___create_project_translation; GRANT SELECT ON custom_field_catalog TO public; GRANT SELECT ON custom_table_catalog TO public; -- Grants to all users; GRANT ALL ON defaults TO public; GRANT ALL ON "session" TO public; GRANT ALL ON session_session_id_seq TO PUBLIC; GRANT SELECT ON users TO public; GRANT SELECT ON user_preference TO public; GRANT SELECT ON custom_table_catalog TO PUBLIC; GRANT SELECT ON custom_field_catalog TO PUBLIC; grant select on menu_node, menu_attribute, menu_acl to public;