summaryrefslogtreecommitdiff
path: root/sql/modules/Roles.sql
blob: b91298f14aa52c8e48fdb74e71e8fa60739fb9d5 (plain)
  1. GRANT ALL ON SCHEMA public TO public; -- required for Pg 8.2
  2. -- Contacts
  3. CREATE ROLE "lsmb_<?lsmb dbname ?>__read_contact"
  4. WITH INHERIT NOLOGIN;
  5. GRANT SELECT ON entity TO "lsmb_<?lsmb dbname ?>__read_contact";
  6. GRANT SELECT ON company TO "lsmb_<?lsmb dbname ?>__read_contact";
  7. GRANT SELECT ON location TO "lsmb_<?lsmb dbname ?>__read_contact";
  8. GRANT SELECT ON person TO "lsmb_<?lsmb dbname ?>__read_contact";
  9. GRANT SELECT ON entity_credit_account TO "lsmb_<?lsmb dbname ?>__read_contact";
  10. GRANT SELECT ON company_to_contact TO "lsmb_<?lsmb dbname ?>__read_contact";
  11. GRANT SELECT ON company_to_entity TO "lsmb_<?lsmb dbname ?>__read_contact";
  12. GRANT SELECT ON company_to_location TO "lsmb_<?lsmb dbname ?>__read_contact";
  13. GRANT SELECT ON customertax TO "lsmb_<?lsmb dbname ?>__read_contact";
  14. GRANT SELECT ON contact_class TO "lsmb_<?lsmb dbname ?>__read_contact";
  15. GRANT SELECT ON entity_class TO "lsmb_<?lsmb dbname ?>__read_contact";
  16. GRANT SELECT ON entity_bank_account TO "lsmb_<?lsmb dbname ?>__read_contact";
  17. GRANT SELECT ON entity_note TO "lsmb_<?lsmb dbname ?>__read_contact";
  18. GRANT SELECT ON entity_class_to_entity TO "lsmb_<?lsmb dbname ?>__read_contact";
  19. GRANT SELECT ON entity_other_name TO "lsmb_<?lsmb dbname ?>__read_contact";
  20. GRANT SELECT ON location_class TO "lsmb_<?lsmb dbname ?>__read_contact";
  21. GRANT SELECT ON person_to_company TO "lsmb_<?lsmb dbname ?>__read_contact";
  22. GRANT SELECT ON person_to_contact TO "lsmb_<?lsmb dbname ?>__read_contact";
  23. GRANT SELECT ON person_to_contact TO "lsmb_<?lsmb dbname ?>__read_contact";
  24. GRANT SELECT ON person_to_location TO "lsmb_<?lsmb dbname ?>__read_contact";
  25. GRANT SELECT ON person_to_location TO "lsmb_<?lsmb dbname ?>__read_contact";
  26. GRANT SELECT ON company_to_location TO "lsmb_<?lsmb dbname ?>__read_contact";
  27. GRANT SELECT ON vendortax TO "lsmb_<?lsmb dbname ?>__read_contact";
  28. INSERT INTO menu_acl (node_id, acl_type, role_name)
  29. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  30. INSERT INTO menu_acl (node_id, acl_type, role_name)
  31. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  32. INSERT INTO menu_acl (node_id, acl_type, role_name)
  33. values (14, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  34. INSERT INTO menu_acl (node_id, acl_type, role_name)
  35. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  36. INSERT INTO menu_acl (node_id, acl_type, role_name)
  37. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  38. INSERT INTO menu_acl (node_id, acl_type, role_name)
  39. values (33, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  40. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_contact"
  41. WITH INHERIT NOLOGIN
  42. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  43. GRANT INSERT ON entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  44. GRANT ALL ON entity_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  45. GRANT INSERT ON company TO "lsmb_<?lsmb dbname ?>__create_contact";
  46. GRANT ALL ON company_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  47. GRANT INSERT ON location TO "lsmb_<?lsmb dbname ?>__create_contact";
  48. GRANT ALL ON location_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  49. GRANT INSERT ON person TO "lsmb_<?lsmb dbname ?>__create_contact";
  50. GRANT ALL ON person_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  51. GRANT INSERT ON entity_credit_account TO "lsmb_<?lsmb dbname ?>__create_contact";
  52. GRANT ALL ON entity_credit_account_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  53. GRANT INSERT ON company_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  54. GRANT INSERT ON company_to_entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  55. GRANT ALL ON SEQUENCE note_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  56. GRANT INSERT ON company_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  57. GRANT INSERT ON customertax TO "lsmb_<?lsmb dbname ?>__create_contact";
  58. GRANT INSERT ON entity_bank_account TO "lsmb_<?lsmb dbname ?>__create_contact";
  59. GRANT ALL ON entity_bank_account_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  60. GRANT INSERT ON entity_note TO "lsmb_<?lsmb dbname ?>__create_contact";
  61. GRANT INSERT ON entity_class_to_entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  62. GRANT INSERT ON entity_other_name TO "lsmb_<?lsmb dbname ?>__create_contact";
  63. GRANT INSERT ON person_to_company TO "lsmb_<?lsmb dbname ?>__create_contact";
  64. GRANT INSERT ON person_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  65. GRANT INSERT ON person_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  66. GRANT INSERT ON person_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  67. GRANT INSERT ON person_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  68. GRANT INSERT ON company_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  69. GRANT DELETE ON company_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  70. GRANT INSERT ON vendortax TO "lsmb_<?lsmb dbname ?>__create_contact";
  71. INSERT INTO menu_acl (node_id, acl_type, role_name)
  72. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  73. INSERT INTO menu_acl (node_id, acl_type, role_name)
  74. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  75. INSERT INTO menu_acl (node_id, acl_type, role_name)
  76. values (12, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  77. INSERT INTO menu_acl (node_id, acl_type, role_name)
  78. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  79. INSERT INTO menu_acl (node_id, acl_type, role_name)
  80. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  81. INSERT INTO menu_acl (node_id, acl_type, role_name)
  82. values (31, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  83. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_contact"
  84. WITH INHERIT NOLOGIN
  85. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  86. GRANT UPDATE ON entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  87. GRANT UPDATE ON company TO "lsmb_<?lsmb dbname ?>__create_contact";
  88. GRANT UPDATE ON location TO "lsmb_<?lsmb dbname ?>__create_contact";
  89. GRANT UPDATE ON person TO "lsmb_<?lsmb dbname ?>__create_contact";
  90. GRANT UPDATE ON entity_credit_account TO "lsmb_<?lsmb dbname ?>__create_contact";
  91. GRANT UPDATE ON company_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  92. GRANT UPDATE ON company_to_entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  93. GRANT UPDATE ON company_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  94. GRANT UPDATE ON customertax TO "lsmb_<?lsmb dbname ?>__create_contact";
  95. GRANT UPDATE ON entity_bank_account TO "lsmb_<?lsmb dbname ?>__create_contact";
  96. GRANT UPDATE ON entity_note TO "lsmb_<?lsmb dbname ?>__create_contact";
  97. GRANT UPDATE ON entity_class_to_entity TO "lsmb_<?lsmb dbname ?>__create_contact";
  98. GRANT UPDATE ON entity_other_name TO "lsmb_<?lsmb dbname ?>__create_contact";
  99. GRANT UPDATE ON person_to_company TO "lsmb_<?lsmb dbname ?>__create_contact";
  100. GRANT UPDATE ON person_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  101. GRANT UPDATE ON person_to_contact TO "lsmb_<?lsmb dbname ?>__create_contact";
  102. GRANT UPDATE ON person_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  103. GRANT UPDATE ON person_to_location TO "lsmb_<?lsmb dbname ?>__create_contact";
  104. GRANT DELETE, INSERT ON vendortax TO "lsmb_<?lsmb dbname ?>__create_contact";
  105. CREATE ROLE "lsmb_<?lsmb dbname ?>__contact_all_rights"
  106. WITH INHERIT NOLOGIN
  107. in role "lsmb_<?lsmb dbname ?>__create_contact",
  108. "lsmb_<?lsmb dbname ?>__edit_contact",
  109. "lsmb_<?lsmb dbname ?>__read_contact";
  110. -- Batches and VOuchers
  111. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_batch"
  112. WITH INHERIT NOLOGIN;
  113. GRANT INSERT ON batch TO "lsmb_<?lsmb dbname ?>__create_batch";
  114. GRANT ALL ON batch_id_seq TO "lsmb_<?lsmb dbname ?>__create_batch";
  115. GRANT SELECT ON batch_class TO "lsmb_<?lsmb dbname ?>__create_batch";
  116. GRANT INSERT ON voucher TO "lsmb_<?lsmb dbname ?>__create_batch";
  117. GRANT ALL ON voucher_id_seq TO "lsmb_<?lsmb dbname ?>__create_contact";
  118. -- TODO add Menu ACLs
  119. CREATE ROLE "lsmb_<?lsmb dbname ?>__post_batches"
  120. WITH INHERIT NOLOGIN;
  121. GRANT UPDATE ON ar TO "lsmb_<?lsmb dbname ?>__post_batches";
  122. GRANT UPDATE ON ap TO "lsmb_<?lsmb dbname ?>__post_batches";
  123. GRANT UPDATE ON acc_trans TO "lsmb_<?lsmb dbname ?>__post_batches";
  124. GRANT UPDATE ON batch TO "lsmb_<?lsmb dbname ?>__post_batches";
  125. GRANT UPDATE ON gl TO "lsmb_<?lsmb dbname ?>__post_batches";
  126. -- TODO add Menu ACLs
  127. -- AR
  128. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ar_transaction"
  129. WITH INHERIT NOLOGIN
  130. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  131. GRANT INSERT ON ar TO "lsmb_<?lsmb dbname ?>__create_ar_transaction";
  132. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_ar_transaction";
  133. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_ar_transaction";
  134. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_transaction";
  135. INSERT INTO menu_acl (node_id, acl_type, role_name)
  136. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  137. INSERT INTO menu_acl (node_id, acl_type, role_name)
  138. values (2, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  139. INSERT INTO menu_acl (node_id, acl_type, role_name)
  140. values (194, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  141. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher"
  142. WITH INHERIT NOLOGIN
  143. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  144. "lsmb_<?lsmb dbname ?>__create_batch";
  145. GRANT INSERT ON ar TO "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher";
  146. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher";
  147. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher";
  148. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher";
  149. -- TODO add Menu ACLs
  150. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ar_invoice"
  151. WITH INHERIT NOLOGIN
  152. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  153. "lsmb_<?lsmb dbname ?>__create_ar_transaction";
  154. GRANT INSERT ON invoice TO "lsmb_<?lsmb dbname ?>__create_ar_invoice";
  155. GRANT ALL ON invoice_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_invoice";
  156. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__create_ar_invoice";
  157. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_invoice";
  158. INSERT INTO menu_acl (node_id, acl_type, role_name)
  159. values (3, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_invoice');
  160. INSERT INTO menu_acl (node_id, acl_type, role_name)
  161. values (195, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  162. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher"
  163. WITH INHERIT NOLOGIN
  164. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  165. "lsmb_<?lsmb dbname ?>__create_batch",
  166. "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher";
  167. GRANT INSERT ON invoice TO "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher";
  168. GRANT ALL ON invoice_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher";
  169. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher";
  170. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher";
  171. -- TODO add Menu ACLs
  172. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_ar_transactions"
  173. WITH INHERIT NOLOGIN
  174. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  175. GRANT SELECT ON ar TO "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  176. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  177. GRANT SELECT ON invoice TO "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  178. GRANT SELECT ON inventory TO "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  179. INSERT INTO menu_acl (node_id, acl_type, role_name)
  180. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  181. INSERT INTO menu_acl (node_id, acl_type, role_name)
  182. values (4, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  183. INSERT INTO menu_acl (node_id, acl_type, role_name)
  184. values (5, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  185. INSERT INTO menu_acl (node_id, acl_type, role_name)
  186. values (6, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  187. INSERT INTO menu_acl (node_id, acl_type, role_name)
  188. values (7, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  189. INSERT INTO menu_acl (node_id, acl_type, role_name)
  190. values (9, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  191. INSERT INTO menu_acl (node_id, acl_type, role_name)
  192. values (10, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  193. INSERT INTO menu_acl (node_id, acl_type, role_name)
  194. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  195. INSERT INTO menu_acl (node_id, acl_type, role_name)
  196. values (13, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  197. INSERT INTO menu_acl (node_id, acl_type, role_name)
  198. values (15, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  199. CREATE ROLE "lsmb_<?lsmb dbname ?>__ar_all_vouchers"
  200. WITH INHERIT NOLOGIN
  201. IN ROLE "lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher",
  202. "lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher";
  203. CREATE ROLE "lsmb_<?lsmb dbname ?>__ar_all_transactions"
  204. WITH INHERIT NOLOGIN
  205. IN ROLE "lsmb_<?lsmb dbname ?>__create_ar_transaction",
  206. "lsmb_<?lsmb dbname ?>__create_ar_invoice",
  207. "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  208. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_sales_order"
  209. WITH INHERIT NOLOGIN
  210. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  211. GRANT INSERT ON oe TO "lsmb_<?lsmb dbname ?>__create_sales_order";
  212. GRANT ALL ON oe_id_seq TO "lsmb_<?lsmb dbname ?>__create_sales_order";
  213. GRANT INSERT ON orderitems TO "lsmb_<?lsmb dbname ?>__create_sales_order";
  214. GRANT ALL ON orderitems_id_seq TO "lsmb_<?lsmb dbname ?>__create_sales_order";
  215. INSERT INTO menu_acl (node_id, acl_type, role_name)
  216. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_order');
  217. INSERT INTO menu_acl (node_id, acl_type, role_name)
  218. values (51, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_order');
  219. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_sales_quotation"
  220. WITH INHERIT NOLOGIN
  221. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  222. GRANT INSERT ON oe TO "lsmb_<?lsmb dbname ?>__create_sales_quotation";
  223. GRANT ALL ON oe_id_seq TO "lsmb_<?lsmb dbname ?>__create_sales_quotation";
  224. GRANT INSERT ON orderitems TO "lsmb_<?lsmb dbname ?>__create_sales_quotation";
  225. GRANT ALL ON orderitems_id_seq TO "lsmb_<?lsmb dbname ?>__create_sales_quotation";
  226. INSERT INTO menu_acl (node_id, acl_type, role_name)
  227. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_quotation');
  228. INSERT INTO menu_acl (node_id, acl_type, role_name)
  229. values (68, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_quotation');
  230. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_sales_orders"
  231. WITH INHERIT NOLOGIN
  232. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  233. GRANT SELECT ON oe TO "lsmb_<?lsmb dbname ?>__list_sales_orders";
  234. GRANT SELECT ON orderitems TO "lsmb_<?lsmb dbname ?>__list_sales_orders";
  235. INSERT INTO menu_acl (node_id, acl_type, role_name)
  236. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  237. INSERT INTO menu_acl (node_id, acl_type, role_name)
  238. values (53, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  239. INSERT INTO menu_acl (node_id, acl_type, role_name)
  240. values (54, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  241. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_sales_quotations"
  242. WITH INHERIT NOLOGIN
  243. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  244. GRANT SELECT ON oe TO "lsmb_<?lsmb dbname ?>__list_sales_quotations";
  245. GRANT SELECT ON orderitems TO "lsmb_<?lsmb dbname ?>__list_sales_quotations";
  246. INSERT INTO menu_acl (node_id, acl_type, role_name)
  247. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  248. INSERT INTO menu_acl (node_id, acl_type, role_name)
  249. values (70, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  250. INSERT INTO menu_acl (node_id, acl_type, role_name)
  251. values (71, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  252. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_ar"
  253. WITH INHERIT NOLOGIN
  254. IN ROLE "lsmb_<?lsmb dbname ?>__ar_all_vouchers",
  255. "lsmb_<?lsmb dbname ?>__ar_all_transactions",
  256. "lsmb_<?lsmb dbname ?>__create_sales_order",
  257. "lsmb_<?lsmb dbname ?>__create_sales_quotation",
  258. "lsmb_<?lsmb dbname ?>__list_sales_orders",
  259. "lsmb_<?lsmb dbname ?>__list_sales_quotations";
  260. -- AP
  261. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ap_transaction"
  262. WITH INHERIT NOLOGIN
  263. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  264. GRANT INSERT ON ap TO "lsmb_<?lsmb dbname ?>__create_ap_transaction";
  265. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_ap_transaction";
  266. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_ap_transaction";
  267. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_transaction";
  268. INSERT INTO menu_acl (node_id, acl_type, role_name)
  269. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  270. INSERT INTO menu_acl (node_id, acl_type, role_name)
  271. values (22, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  272. INSERT INTO menu_acl (node_id, acl_type, role_name)
  273. values (196, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  274. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher"
  275. WITH INHERIT NOLOGIN
  276. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  277. "lsmb_<?lsmb dbname ?>__create_batch";
  278. GRANT INSERT ON ar TO "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher";
  279. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher";
  280. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher";
  281. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher";
  282. -- TODO add Menu ACLs
  283. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ap_invoice"
  284. WITH INHERIT NOLOGIN
  285. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  286. "lsmb_<?lsmb dbname ?>__create_ap_transaction";
  287. GRANT INSERT ON invoice TO "lsmb_<?lsmb dbname ?>__create_ap_invoice";
  288. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__create_ap_invoice";
  289. GRANT ALL ON invoice_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_invoice";
  290. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_invoice";
  291. INSERT INTO menu_acl (node_id, acl_type, role_name)
  292. values (23, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_invoice');
  293. INSERT INTO menu_acl (node_id, acl_type, role_name)
  294. values (197, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  295. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher"
  296. WITH INHERIT NOLOGIN
  297. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact",
  298. "lsmb_<?lsmb dbname ?>__create_batch";
  299. GRANT INSERT ON invoice TO "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher";
  300. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher";
  301. GRANT ALL ON invoice_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher";
  302. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher";
  303. -- TODO add Menu ACLs
  304. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_ap_transactions"
  305. WITH INHERIT NOLOGIN
  306. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  307. GRANT SELECT ON ap TO "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  308. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  309. GRANT SELECT ON invoice TO "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  310. GRANT SELECT ON inventory TO "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  311. INSERT INTO menu_acl (node_id, acl_type, role_name)
  312. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  313. INSERT INTO menu_acl (node_id, acl_type, role_name)
  314. values (24, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  315. INSERT INTO menu_acl (node_id, acl_type, role_name)
  316. values (25, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  317. INSERT INTO menu_acl (node_id, acl_type, role_name)
  318. values (26, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  319. INSERT INTO menu_acl (node_id, acl_type, role_name)
  320. values (27, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  321. INSERT INTO menu_acl (node_id, acl_type, role_name)
  322. values (28, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  323. INSERT INTO menu_acl (node_id, acl_type, role_name)
  324. values (29, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  325. INSERT INTO menu_acl (node_id, acl_type, role_name)
  326. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  327. INSERT INTO menu_acl (node_id, acl_type, role_name)
  328. values (32, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  329. INSERT INTO menu_acl (node_id, acl_type, role_name)
  330. values (34, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  331. CREATE ROLE "lsmb_<?lsmb dbname ?>__ap_all_vouchers"
  332. WITH INHERIT NOLOGIN
  333. IN ROLE "lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher",
  334. "lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher";
  335. CREATE ROLE "lsmb_<?lsmb dbname ?>__ap_all_transactions"
  336. WITH INHERIT NOLOGIN
  337. IN ROLE "lsmb_<?lsmb dbname ?>__create_ap_transaction",
  338. "lsmb_<?lsmb dbname ?>__create_ap_invoice",
  339. "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  340. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_purchase_order"
  341. WITH INHERIT NOLOGIN
  342. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  343. GRANT INSERT ON oe TO "lsmb_<?lsmb dbname ?>__create_purchase_order";
  344. GRANT INSERT ON orderitems TO "lsmb_<?lsmb dbname ?>__create_purchase_order";
  345. GRANT ALL ON oe_id_seq TO "lsmb_<?lsmb dbname ?>__create_purchase_order";
  346. GRANT ALL ON orderitems_id_seq TO "lsmb_<?lsmb dbname ?>__create_purchase_order";
  347. INSERT INTO menu_acl (node_id, acl_type, role_name)
  348. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_order');
  349. INSERT INTO menu_acl (node_id, acl_type, role_name)
  350. values (52, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_order');
  351. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_purchase_rfq"
  352. WITH INHERIT NOLOGIN
  353. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  354. GRANT INSERT ON oe TO "lsmb_<?lsmb dbname ?>__create_purchase_rfq";
  355. GRANT INSERT ON orderitems TO "lsmb_<?lsmb dbname ?>__create_purchase_rfq";
  356. GRANT ALL ON oe_id_seq TO "lsmb_<?lsmb dbname ?>__create_purchase_rfq";
  357. GRANT ALL ON orderitems_id_seq TO "lsmb_<?lsmb dbname ?>__create_purchase_rfq";
  358. INSERT INTO menu_acl (node_id, acl_type, role_name)
  359. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_rfq');
  360. INSERT INTO menu_acl (node_id, acl_type, role_name)
  361. values (69, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_rfq');
  362. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_purchase_orders"
  363. WITH INHERIT NOLOGIN
  364. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  365. GRANT SELECT ON oe TO "lsmb_<?lsmb dbname ?>__list_purchase_orders";
  366. GRANT SELECT ON orderitems TO "lsmb_<?lsmb dbname ?>__list_purchase_orders";
  367. INSERT INTO menu_acl (node_id, acl_type, role_name)
  368. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  369. INSERT INTO menu_acl (node_id, acl_type, role_name)
  370. values (53, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  371. INSERT INTO menu_acl (node_id, acl_type, role_name)
  372. values (55, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  373. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_purchase_rfqs"
  374. WITH INHERIT NOLOGIN
  375. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  376. GRANT SELECT ON oe TO "lsmb_<?lsmb dbname ?>__list_purchase_rfqs";
  377. GRANT SELECT ON orderitems TO "lsmb_<?lsmb dbname ?>__list_purchase_rfqs";
  378. INSERT INTO menu_acl (node_id, acl_type, role_name)
  379. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  380. INSERT INTO menu_acl (node_id, acl_type, role_name)
  381. values (70, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  382. INSERT INTO menu_acl (node_id, acl_type, role_name)
  383. values (72, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  384. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_ap"
  385. WITH INHERIT NOLOGIN
  386. IN ROLE "lsmb_<?lsmb dbname ?>__ap_all_vouchers",
  387. "lsmb_<?lsmb dbname ?>__ap_all_transactions",
  388. "lsmb_<?lsmb dbname ?>__create_purchase_order",
  389. "lsmb_<?lsmb dbname ?>__create_purchase_rfq",
  390. "lsmb_<?lsmb dbname ?>__list_purchase_orders",
  391. "lsmb_<?lsmb dbname ?>__list_purchase_rfqs";
  392. -- POS
  393. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_pos_invoice"
  394. WITH INHERIT NOLOGIN
  395. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  396. GRANT INSERT ON invoice TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  397. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  398. GRANT INSERT ON ar TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  399. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  400. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  401. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  402. GRANT ALL ON invoice_id_seq TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  403. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_pos_invoice";
  404. INSERT INTO menu_acl (node_id, acl_type, role_name)
  405. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  406. INSERT INTO menu_acl (node_id, acl_type, role_name)
  407. values (17, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  408. INSERT INTO menu_acl (node_id, acl_type, role_name)
  409. values (18, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  410. CREATE ROLE "lsmb_<?lsmb dbname ?>__close_till"
  411. WITH INHERIT NOLOGIN;
  412. GRANT INSERT ON gl TO "lsmb_<?lsmb dbname ?>__close_till";
  413. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__close_till";
  414. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__close_till";
  415. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__close_till";
  416. INSERT INTO menu_acl (node_id, acl_type, role_name)
  417. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__close_till');
  418. INSERT INTO menu_acl (node_id, acl_type, role_name)
  419. values (19, 'allow', 'lsmb_<?lsmb dbname ?>__close_till');
  420. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_all_open"
  421. WITH INHERIT NOLOGIN;
  422. GRANT SELECT ON ar TO "lsmb_<?lsmb dbname ?>__list_all_open";
  423. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__list_all_open";
  424. INSERT INTO menu_acl (node_id, acl_type, role_name)
  425. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__list_all_open');
  426. INSERT INTO menu_acl (node_id, acl_type, role_name)
  427. values (18, 'allow', 'lsmb_<?lsmb dbname ?>__list_all_open');
  428. CREATE ROLE "lsmb_<?lsmb dbname ?>__pos_cashier"
  429. WITH INHERIT NOLOGIN
  430. IN ROLE "lsmb_<?lsmb dbname ?>__create_pos_invoice",
  431. "lsmb_<?lsmb dbname ?>__close_till";
  432. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_pos"
  433. WITH INHERIT NOLOGIN
  434. IN ROLE "lsmb_<?lsmb dbname ?>__pos_cashier",
  435. "lsmb_<?lsmb dbname ?>__list_all_open";
  436. -- CASH
  437. CREATE ROLE "lsmb_<?lsmb dbname ?>__reconcile"
  438. WITH INHERIT NOLOGIN;
  439. -- GRANT INSERT ON pending_reports TO "lsmb_<?lsmb dbname ?>__reconcile";
  440. -- GRANT INSERT on report_corrections TO "lsmb_<?lsmb dbname ?>__reconcile";
  441. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__reconcile";
  442. -- GRANT ALL ON pending_reports_id_seq TO "lsmb_<?lsmb dbname ?>__reconcile";
  443. -- GRANT ALL ON report_corrections_id_seq TO "lsmb_<?lsmb dbname ?>__reconcile";
  444. INSERT INTO menu_acl (node_id, acl_type, role_name)
  445. values (35, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  446. INSERT INTO menu_acl (node_id, acl_type, role_name)
  447. values (45, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  448. CREATE ROLE "lsmb_<?lsmb dbname ?>__approve_reconciliation"
  449. WITH INHERIT NOLOGIN;
  450. -- GRANT UPDATE ON pending_reports TO "lsmb_<?lsmb dbname ?>__reconcile";
  451. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__reconcile";
  452. INSERT INTO menu_acl (node_id, acl_type, role_name)
  453. values (35, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  454. INSERT INTO menu_acl (node_id, acl_type, role_name)
  455. values (41, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  456. INSERT INTO menu_acl (node_id, acl_type, role_name)
  457. values (44, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  458. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_reconcile"
  459. WITH INHERIT NOLOGIN
  460. IN ROLE "lsmb_<?lsmb dbname ?>__reconcile",
  461. "lsmb_<?lsmb dbname ?>__approve_reconciliation";
  462. CREATE ROLE "lsmb_<?lsmb dbname ?>__process_payment"
  463. WITH INHERIT NOLOGIN
  464. IN ROLE "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  465. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__process_payment";
  466. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__process_payment";
  467. GRANT UPDATE ON ap TO "lsmb_<?lsmb dbname ?>__process_payment";
  468. INSERT INTO menu_acl (node_id, acl_type, role_name)
  469. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  470. INSERT INTO menu_acl (node_id, acl_type, role_name)
  471. values (38, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  472. CREATE ROLE "lsmb_<?lsmb dbname ?>__process_receipt"
  473. WITH INHERIT NOLOGIN
  474. IN ROLE "lsmb_<?lsmb dbname ?>__list_ar_transactions";
  475. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__process_receipt";
  476. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__process_receipt";
  477. GRANT UPDATE ON ar TO "lsmb_<?lsmb dbname ?>__process_receipt";
  478. INSERT INTO menu_acl (node_id, acl_type, role_name)
  479. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  480. INSERT INTO menu_acl (node_id, acl_type, role_name)
  481. values (36, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  482. INSERT INTO menu_acl (node_id, acl_type, role_name)
  483. values (47, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  484. CREATE ROLE "lsmb_<?lsmb dbname ?>__cash_all"
  485. WITH INHERIT NOLOGIN
  486. IN ROLE "lsmb_<?lsmb dbname ?>__all_reconcile",
  487. "lsmb_<?lsmb dbname ?>__process_payment",
  488. "lsmb_<?lsmb dbname ?>__process_receipt";
  489. -- Inventory Control
  490. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_part"
  491. WITH INHERIT NOLOGIN;
  492. GRANT INSERT ON parts TO "lsmb_<?lsmb dbname ?>__create_part";
  493. GRANT ALL ON parts_id_seq TO "lsmb_<?lsmb dbname ?>__create_part";
  494. INSERT INTO menu_acl (node_id, acl_type, role_name)
  495. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  496. INSERT INTO menu_acl (node_id, acl_type, role_name)
  497. values (78, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  498. INSERT INTO menu_acl (node_id, acl_type, role_name)
  499. values (79, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  500. INSERT INTO menu_acl (node_id, acl_type, role_name)
  501. values (80, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  502. INSERT INTO menu_acl (node_id, acl_type, role_name)
  503. values (81, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  504. INSERT INTO menu_acl (node_id, acl_type, role_name)
  505. values (82, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  506. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_part"
  507. WITH INHERIT NOLOGIN;
  508. GRANT UPDATE ON parts TO "lsmb_<?lsmb dbname ?>__edit_part";
  509. INSERT INTO menu_acl (node_id, acl_type, role_name)
  510. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  511. INSERT INTO menu_acl (node_id, acl_type, role_name)
  512. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  513. INSERT INTO menu_acl (node_id, acl_type, role_name)
  514. values (86, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  515. INSERT INTO menu_acl (node_id, acl_type, role_name)
  516. values (87, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  517. INSERT INTO menu_acl (node_id, acl_type, role_name)
  518. values (88, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  519. INSERT INTO menu_acl (node_id, acl_type, role_name)
  520. values (89, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  521. INSERT INTO menu_acl (node_id, acl_type, role_name)
  522. values (90, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  523. INSERT INTO menu_acl (node_id, acl_type, role_name)
  524. values (91, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  525. INSERT INTO menu_acl (node_id, acl_type, role_name)
  526. values (93, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  527. CREATE ROLE "lsmb_<?lsmb dbname ?>__inventory_reports"
  528. WITH INHERIT NOLOGIN;
  529. GRANT SELECT ON ar TO "lsmb_<?lsmb dbname ?>__inventory_reports";
  530. GRANT SELECT ON ap TO "lsmb_<?lsmb dbname ?>__inventory_reports";
  531. GRANT SELECT ON inventory TO "lsmb_<?lsmb dbname ?>__inventory_reports";
  532. GRANT SELECT ON invoice TO "lsmb_<?lsmb dbname ?>__inventory_reports";
  533. GRANT SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__inventory_reports";
  534. INSERT INTO menu_acl (node_id, acl_type, role_name)
  535. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  536. INSERT INTO menu_acl (node_id, acl_type, role_name)
  537. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  538. INSERT INTO menu_acl (node_id, acl_type, role_name)
  539. values (88, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  540. INSERT INTO menu_acl (node_id, acl_type, role_name)
  541. values (94, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  542. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_pricegroup"
  543. WITH INHERIT NOLOGIN
  544. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  545. GRANT INSERT ON pricegroup TO "lsmb_<?lsmb dbname ?>__create_pricegroup";
  546. GRANT ALL ON pricegroup_id_seq TO "lsmb_<?lsmb dbname ?>__create_pricegroup";
  547. GRANT UPDATE ON entity_credit_account TO "lsmb_<?lsmb dbname ?>__create_pricegroup";
  548. INSERT INTO menu_acl (node_id, acl_type, role_name)
  549. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_pricegroup');
  550. INSERT INTO menu_acl (node_id, acl_type, role_name)
  551. values (83, 'allow', 'lsmb_<?lsmb dbname ?>__create_pricegroup');
  552. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_pricegroup"
  553. WITH INHERIT NOLOGIN
  554. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  555. GRANT UPDATE ON pricegroup TO "lsmb_<?lsmb dbname ?>__edit_pricegroup";
  556. GRANT UPDATE ON entity_credit_account TO "lsmb_<?lsmb dbname ?>__edit_pricegroup";
  557. INSERT INTO menu_acl (node_id, acl_type, role_name)
  558. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  559. INSERT INTO menu_acl (node_id, acl_type, role_name)
  560. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  561. INSERT INTO menu_acl (node_id, acl_type, role_name)
  562. values (92, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  563. CREATE ROLE "lsmb_<?lsmb dbname ?>__stock_assembly"
  564. WITH INHERIT NOLOGIN;
  565. GRANT UPDATE ON parts TO "lsmb_<?lsmb dbname ?>__stock_assembly";
  566. INSERT INTO menu_acl (node_id, acl_type, role_name)
  567. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__stock_assembly');
  568. INSERT INTO menu_acl (node_id, acl_type, role_name)
  569. values (84, 'allow', 'lsmb_<?lsmb dbname ?>__stock_assembly');
  570. CREATE ROLE "lsmb_<?lsmb dbname ?>__ship_inventory"
  571. WITH INHERIT NOLOGIN
  572. IN ROLE "lsmb_<?lsmb dbname ?>__list_sales_orders";
  573. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__ship_inventory";
  574. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__ship_inventory";
  575. INSERT INTO menu_acl (node_id, acl_type, role_name)
  576. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__ship_inventory');
  577. INSERT INTO menu_acl (node_id, acl_type, role_name)
  578. values (64, 'allow', 'lsmb_<?lsmb dbname ?>__ship_inventory');
  579. CREATE ROLE "lsmb_<?lsmb dbname ?>__receive_inventory"
  580. WITH INHERIT NOLOGIN
  581. IN ROLE "lsmb_<?lsmb dbname ?>__list_purchase_orders";
  582. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__receive_inventory";
  583. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__receive_inventory";
  584. INSERT INTO menu_acl (node_id, acl_type, role_name)
  585. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__receive_inventory');
  586. INSERT INTO menu_acl (node_id, acl_type, role_name)
  587. values (65, 'allow', 'lsmb_<?lsmb dbname ?>__receive_inventory');
  588. CREATE ROLE "lsmb_<?lsmb dbname ?>__transfer_inventory"
  589. WITH INHERIT NOLOGIN;
  590. GRANT INSERT ON inventory TO "lsmb_<?lsmb dbname ?>__transfer_inventory";
  591. GRANT ALL ON inventory_entry_id_seq TO "lsmb_<?lsmb dbname ?>__transfer_inventory";
  592. INSERT INTO menu_acl (node_id, acl_type, role_name)
  593. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__transfer_inventory');
  594. INSERT INTO menu_acl (node_id, acl_type, role_name)
  595. values (66, 'allow', 'lsmb_<?lsmb dbname ?>__transfer_inventory');
  596. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_warehouse"
  597. WITH INHERIT NOLOGIN;
  598. GRANT INSERT ON warehouse TO "lsmb_<?lsmb dbname ?>__create_warehouse";
  599. GRANT ALL ON warehouse_id_seq TO "lsmb_<?lsmb dbname ?>__create_warehouse";
  600. INSERT INTO menu_acl (node_id, acl_type, role_name)
  601. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  602. INSERT INTO menu_acl (node_id, acl_type, role_name)
  603. values (141, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  604. INSERT INTO menu_acl (node_id, acl_type, role_name)
  605. values (142, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  606. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_warehouse"
  607. WITH INHERIT NOLOGIN;
  608. GRANT UPDATE ON warehouse TO "lsmb_<?lsmb dbname ?>__edit_warehouse";
  609. INSERT INTO menu_acl (node_id, acl_type, role_name)
  610. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  611. INSERT INTO menu_acl (node_id, acl_type, role_name)
  612. values (141, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  613. INSERT INTO menu_acl (node_id, acl_type, role_name)
  614. values (143, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  615. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_inventory"
  616. WITH INHERIT NOLOGIN
  617. IN ROLE "lsmb_<?lsmb dbname ?>__create_part",
  618. "lsmb_<?lsmb dbname ?>__inventory_reports",
  619. "lsmb_<?lsmb dbname ?>__stock_assembly",
  620. "lsmb_<?lsmb dbname ?>__ship_inventory",
  621. "lsmb_<?lsmb dbname ?>__receive_inventory",
  622. "lsmb_<?lsmb dbname ?>__transfer_inventory",
  623. "lsmb_<?lsmb dbname ?>__edit_warehouse",
  624. "lsmb_<?lsmb dbname ?>__create_warehouse";
  625. -- GL
  626. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_transaction"
  627. WITH INHERIT NOLOGIN;
  628. GRANT INSERT ON gl TO "lsmb_<?lsmb dbname ?>__create_transaction";
  629. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_transaction";
  630. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_transaction";
  631. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_transaction";
  632. INSERT INTO menu_acl (node_id, acl_type, role_name)
  633. values (73, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  634. INSERT INTO menu_acl (node_id, acl_type, role_name)
  635. values (74, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  636. INSERT INTO menu_acl (node_id, acl_type, role_name)
  637. values (75, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  638. INSERT INTO menu_acl (node_id, acl_type, role_name)
  639. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  640. INSERT INTO menu_acl (node_id, acl_type, role_name)
  641. values (40, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  642. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_transaction_voucher"
  643. WITH INHERIT NOLOGIN;
  644. GRANT INSERT ON gl TO "lsmb_<?lsmb dbname ?>__create_transaction_voucher";
  645. GRANT INSERT ON acc_trans TO "lsmb_<?lsmb dbname ?>__create_transaction_voucher";
  646. GRANT ALL ON id TO "lsmb_<?lsmb dbname ?>__create_transaction_voucher";
  647. GRANT ALL ON acc_trans_entry_id_seq TO "lsmb_<?lsmb dbname ?>__create_transaction_voucher";
  648. -- TODO Add menu permissions
  649. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_transactions"
  650. WITH INHERIT NOLOGIN
  651. IN ROLE "lsmb_<?lsmb dbname ?>__list_ar_transactions",
  652. "lsmb_<?lsmb dbname ?>__list_ap_transactions";
  653. GRANT SELECT ON gl TO "lsmb_<?lsmb dbname ?>__list_transactions";
  654. INSERT INTO menu_acl (node_id, acl_type, role_name)
  655. values (73, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
  656. INSERT INTO menu_acl (node_id, acl_type, role_name)
  657. values (76, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
  658. CREATE ROLE "lsmb_<?lsmb dbname ?>__run_yearend"
  659. WITH INHERIT NOLOGIN;
  660. GRANT INSERT, SELECT ON acc_trans TO "lsmb_<?lsmb dbname ?>__run_yearend";
  661. INSERT INTO menu_acl (node_id, acl_type, role_name)
  662. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
  663. INSERT INTO menu_acl (node_id, acl_type, role_name)
  664. values (132, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
  665. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_batches"
  666. WITH INHERIT NOLOGIN
  667. IN ROLE "lsmb_<?lsmb dbname ?>__list_transactions";
  668. GRANT SELECT ON batch TO "lsmb_<?lsmb dbname ?>__list_batches";
  669. GRANT SELECT ON batch_class TO "lsmb_<?lsmb dbname ?>__list_batches";
  670. GRANT SELECT ON voucher TO "lsmb_<?lsmb dbname ?>__list_batches";
  671. -- TODO: Add menu items
  672. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_gl"
  673. WITH INHERIT NOLOGIN
  674. IN ROLE "lsmb_<?lsmb dbname ?>__create_transaction",
  675. "lsmb_<?lsmb dbname ?>__create_transaction_voucher",
  676. "lsmb_<?lsmb dbname ?>__run_yearend",
  677. "lsmb_<?lsmb dbname ?>__list_transactions";
  678. -- PROJECTS
  679. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_project"
  680. WITH INHERIT NOLOGIN;
  681. GRANT INSERT ON project TO "lsmb_<?lsmb dbname ?>__create_project";
  682. GRANT ALL ON project_id_seq TO "lsmb_<?lsmb dbname ?>__create_project";
  683. INSERT INTO menu_acl (node_id, acl_type, role_name)
  684. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__create_project');
  685. INSERT INTO menu_acl (node_id, acl_type, role_name)
  686. values (99, 'allow', 'lsmb_<?lsmb dbname ?>__create_project');
  687. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_project"
  688. WITH INHERIT NOLOGIN;
  689. GRANT UPDATE ON project TO "lsmb_<?lsmb dbname ?>__edit_project";
  690. INSERT INTO menu_acl (node_id, acl_type, role_name)
  691. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  692. INSERT INTO menu_acl (node_id, acl_type, role_name)
  693. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  694. INSERT INTO menu_acl (node_id, acl_type, role_name)
  695. values (104, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  696. CREATE ROLE "lsmb_<?lsmb dbname ?>__add_project_timecard"
  697. WITH INHERIT NOLOGIN
  698. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  699. GRANT INSERT ON jcitems TO "lsmb_<?lsmb dbname ?>__add_project_timecard";
  700. GRANT ALL ON jcitems_id_seq TO "lsmb_<?lsmb dbname ?>__add_project_timecard";
  701. INSERT INTO menu_acl (node_id, acl_type, role_name)
  702. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  703. INSERT INTO menu_acl (node_id, acl_type, role_name)
  704. values (100, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  705. INSERT INTO menu_acl (node_id, acl_type, role_name)
  706. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  707. INSERT INTO menu_acl (node_id, acl_type, role_name)
  708. values (106, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  709. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_project_timecards"
  710. WITH INHERIT NOLOGIN
  711. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  712. GRANT UPDATE ON project TO "lsmb_<?lsmb dbname ?>__edit_project";
  713. INSERT INTO menu_acl (node_id, acl_type, role_name)
  714. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  715. INSERT INTO menu_acl (node_id, acl_type, role_name)
  716. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  717. INSERT INTO menu_acl (node_id, acl_type, role_name)
  718. values (106, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  719. -- ORDER GENERATION
  720. CREATE ROLE "lsmb_<?lsmb dbname ?>__generate_orders"
  721. WITH INHERIT NOLOGIN
  722. IN ROLE "lsmb_<?lsmb dbname ?>__read_contact";
  723. GRANT SELECT, INSERT, UPDATE ON oe TO "lsmb_<?lsmb dbname ?>__generate_orders";
  724. GRANT SELECT, INSERT, UPDATE ON orderitems TO "lsmb_<?lsmb dbname ?>__generate_orders";
  725. GRANT ALL ON oe_id_seq TO "lsmb_<?lsmb dbname ?>__generate_orders";
  726. GRANT ALL ON orderitems_id_seq TO "lsmb_<?lsmb dbname ?>__generate_orders";
  727. CREATE ROLE "lsmb_<?lsmb dbname ?>__project_generate_orders"
  728. WITH INHERIT NOLOGIN
  729. IN ROLE "lsmb_<?lsmb dbname ?>__generate_orders";
  730. INSERT INTO menu_acl (node_id, acl_type, role_name)
  731. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  732. INSERT INTO menu_acl (node_id, acl_type, role_name)
  733. values (101, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  734. INSERT INTO menu_acl (node_id, acl_type, role_name)
  735. values (102, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  736. CREATE ROLE "lsmb_<?lsmb dbname ?>__sales_to_purchase_orders"
  737. WITH INHERIT NOLOGIN
  738. IN ROLE "lsmb_<?lsmb dbname ?>__generate_orders";
  739. INSERT INTO menu_acl (node_id, acl_type, role_name)
  740. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  741. INSERT INTO menu_acl (node_id, acl_type, role_name)
  742. values (56, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  743. INSERT INTO menu_acl (node_id, acl_type, role_name)
  744. values (57, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  745. INSERT INTO menu_acl (node_id, acl_type, role_name)
  746. values (58, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  747. CREATE ROLE "lsmb_<?lsmb dbname ?>__consolidate_purchase_orders"
  748. WITH INHERIT NOLOGIN
  749. IN ROLE "lsmb_<?lsmb dbname ?>__generate_orders";
  750. INSERT INTO menu_acl (node_id, acl_type, role_name)
  751. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  752. INSERT INTO menu_acl (node_id, acl_type, role_name)
  753. values (60, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  754. INSERT INTO menu_acl (node_id, acl_type, role_name)
  755. values (62, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  756. CREATE ROLE "lsmb_<?lsmb dbname ?>__consolidate_sales_orders"
  757. WITH INHERIT NOLOGIN
  758. IN ROLE "lsmb_<?lsmb dbname ?>__generate_orders";
  759. INSERT INTO menu_acl (node_id, acl_type, role_name)
  760. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  761. INSERT INTO menu_acl (node_id, acl_type, role_name)
  762. values (60, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  763. INSERT INTO menu_acl (node_id, acl_type, role_name)
  764. values (61, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  765. CREATE ROLE "lsmb_<?lsmb dbname ?>__manage_orders"
  766. WITH INHERIT NOLOGIN
  767. IN ROLE "lsmb_<?lsmb dbname ?>__project_generate_orders",
  768. "lsmb_<?lsmb dbname ?>__sales_to_purchase_orders",
  769. "lsmb_<?lsmb dbname ?>__consolidate_purchase_orders",
  770. "lsmb_<?lsmb dbname ?>__consolidate_sales_orders";
  771. -- FINANCIAL REPORTS
  772. CREATE ROLE "lsmb_<?lsmb dbname ?>__run_financial_reports"
  773. WITH INHERIT NOLOGIN
  774. IN ROLE "lsmb_<?lsmb dbname ?>__list_transactions";
  775. INSERT INTO menu_acl (node_id, acl_type, role_name)
  776. values (109, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  777. INSERT INTO menu_acl (node_id, acl_type, role_name)
  778. values (110, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  779. INSERT INTO menu_acl (node_id, acl_type, role_name)
  780. values (111, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  781. INSERT INTO menu_acl (node_id, acl_type, role_name)
  782. values (112, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  783. INSERT INTO menu_acl (node_id, acl_type, role_name)
  784. values (113, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  785. -- RECURRING TRANSACTIONS
  786. -- TO ADD WHEN THIS IS REDESIGNED
  787. -- BATCH PRINTING
  788. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_print_jobs"
  789. WITH INHERIT NOLOGIN;
  790. INSERT INTO menu_acl (node_id, acl_type, role_name)
  791. values (116, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  792. INSERT INTO menu_acl (node_id, acl_type, role_name)
  793. values (117, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  794. INSERT INTO menu_acl (node_id, acl_type, role_name)
  795. values (118, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  796. INSERT INTO menu_acl (node_id, acl_type, role_name)
  797. values (119, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  798. INSERT INTO menu_acl (node_id, acl_type, role_name)
  799. values (120, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  800. INSERT INTO menu_acl (node_id, acl_type, role_name)
  801. values (121, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  802. INSERT INTO menu_acl (node_id, acl_type, role_name)
  803. values (122, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  804. INSERT INTO menu_acl (node_id, acl_type, role_name)
  805. values (123, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  806. INSERT INTO menu_acl (node_id, acl_type, role_name)
  807. values (124, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  808. INSERT INTO menu_acl (node_id, acl_type, role_name)
  809. values (125, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  810. INSERT INTO menu_acl (node_id, acl_type, role_name)
  811. values (126, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  812. INSERT INTO menu_acl (node_id, acl_type, role_name)
  813. values (127, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  814. CREATE ROLE "lsmb_<?lsmb dbname ?>__print_jobs"
  815. WITH INHERIT NOLOGIN
  816. IN ROLE "lsmb_<?lsmb dbname ?>__list_print_jobs";
  817. -- SYSTEM SETTINGS
  818. CREATE ROLE "lsmb_<?lsmb dbname ?>__list_system_settings"
  819. WITH INHERIT NOLOGIN;
  820. INSERT INTO menu_acl (node_id, acl_type, role_name)
  821. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  822. INSERT INTO menu_acl (node_id, acl_type, role_name)
  823. values (129, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  824. INSERT INTO menu_acl (node_id, acl_type, role_name)
  825. values (131, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  826. CREATE ROLE "lsmb_<?lsmb dbname ?>__change_system_settings"
  827. WITH INHERIT NOLOGIN
  828. IN ROLE "lsmb_<?lsmb dbname ?>__list_system_settings";
  829. CREATE ROLE "lsmb_<?lsmb dbname ?>__set_taxes"
  830. WITH INHERIT NOLOGIN;
  831. GRANT INSERT, UPDATE ON tax TO "lsmb_<?lsmb dbname ?>__set_taxes";
  832. INSERT INTO menu_acl (node_id, acl_type, role_name)
  833. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__set_taxes');
  834. INSERT INTO menu_acl (node_id, acl_type, role_name)
  835. values (130, 'allow', 'lsmb_<?lsmb dbname ?>__set_taxes');
  836. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_account"
  837. WITH INHERIT NOLOGIN;
  838. GRANT INSERT ON chart TO "lsmb_<?lsmb dbname ?>__create_account";
  839. GRANT ALL ON chart_id_seq TO "lsmb_<?lsmb dbname ?>__create_account";
  840. INSERT INTO menu_acl (node_id, acl_type, role_name)
  841. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  842. INSERT INTO menu_acl (node_id, acl_type, role_name)
  843. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  844. INSERT INTO menu_acl (node_id, acl_type, role_name)
  845. values (137, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  846. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_account"
  847. WITH INHERIT NOLOGIN;
  848. GRANT UPDATE ON chart TO "lsmb_<?lsmb dbname ?>__edit_account";
  849. INSERT INTO menu_acl (node_id, acl_type, role_name)
  850. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  851. INSERT INTO menu_acl (node_id, acl_type, role_name)
  852. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  853. INSERT INTO menu_acl (node_id, acl_type, role_name)
  854. values (138, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  855. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_gifi"
  856. WITH INHERIT NOLOGIN;
  857. GRANT INSERT ON gifi TO "lsmb_<?lsmb dbname ?>__create_gifi";
  858. INSERT INTO menu_acl (node_id, acl_type, role_name)
  859. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  860. INSERT INTO menu_acl (node_id, acl_type, role_name)
  861. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  862. INSERT INTO menu_acl (node_id, acl_type, role_name)
  863. values (139, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  864. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_gifi"
  865. WITH INHERIT NOLOGIN;
  866. GRANT UPDATE ON gifi TO "lsmb_<?lsmb dbname ?>__edit_gifi";
  867. INSERT INTO menu_acl (node_id, acl_type, role_name)
  868. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  869. INSERT INTO menu_acl (node_id, acl_type, role_name)
  870. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  871. INSERT INTO menu_acl (node_id, acl_type, role_name)
  872. values (140, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  873. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_accounts"
  874. WITH INHERIT NOLOGIN
  875. IN ROLE "lsmb_<?lsmb dbname ?>__create_account",
  876. "lsmb_<?lsmb dbname ?>__set_taxes",
  877. "lsmb_<?lsmb dbname ?>__edit_account",
  878. "lsmb_<?lsmb dbname ?>__create_gifi",
  879. "lsmb_<?lsmb dbname ?>__edit_gifi";
  880. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_department"
  881. WITH INHERIT NOLOGIN;
  882. GRANT INSERT ON department TO "lsmb_<?lsmb dbname ?>__create_department";
  883. GRANT ALL ON department_id_seq TO "lsmb_<?lsmb dbname ?>__create_department";
  884. INSERT INTO menu_acl (node_id, acl_type, role_name)
  885. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  886. INSERT INTO menu_acl (node_id, acl_type, role_name)
  887. values (144, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  888. INSERT INTO menu_acl (node_id, acl_type, role_name)
  889. values (145, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  890. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_department"
  891. WITH INHERIT NOLOGIN;
  892. GRANT UPDATE ON department TO "lsmb_<?lsmb dbname ?>__edit_department";
  893. INSERT INTO menu_acl (node_id, acl_type, role_name)
  894. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  895. INSERT INTO menu_acl (node_id, acl_type, role_name)
  896. values (144, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  897. INSERT INTO menu_acl (node_id, acl_type, role_name)
  898. values (146, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  899. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_department"
  900. WITH INHERIT NOLOGIN
  901. IN ROLE "lsmb_<?lsmb dbname ?>__create_department",
  902. "lsmb_<?lsmb dbname ?>__edit_department";
  903. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_business_type"
  904. WITH INHERIT NOLOGIN;
  905. GRANT INSERT ON business TO "lsmb_<?lsmb dbname ?>__create_business_type";
  906. GRANT ALL ON business_id_seq TO "lsmb_<?lsmb dbname ?>__create_business_type";
  907. INSERT INTO menu_acl (node_id, acl_type, role_name)
  908. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  909. INSERT INTO menu_acl (node_id, acl_type, role_name)
  910. values (147, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  911. INSERT INTO menu_acl (node_id, acl_type, role_name)
  912. values (148, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  913. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_business_type"
  914. WITH INHERIT NOLOGIN;
  915. GRANT UPDATE ON business TO "lsmb_<?lsmb dbname ?>__edit_business_type";
  916. INSERT INTO menu_acl (node_id, acl_type, role_name)
  917. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  918. INSERT INTO menu_acl (node_id, acl_type, role_name)
  919. values (147, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  920. INSERT INTO menu_acl (node_id, acl_type, role_name)
  921. values (149, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  922. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_business_type"
  923. WITH INHERIT NOLOGIN
  924. IN ROLE "lsmb_<?lsmb dbname ?>__create_business_type",
  925. "lsmb_<?lsmb dbname ?>__edit_business_type";
  926. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_sic"
  927. WITH INHERIT NOLOGIN;
  928. GRANT INSERT ON sic TO "lsmb_<?lsmb dbname ?>__create_sic";
  929. INSERT INTO menu_acl (node_id, acl_type, role_name)
  930. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  931. INSERT INTO menu_acl (node_id, acl_type, role_name)
  932. values (153, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  933. INSERT INTO menu_acl (node_id, acl_type, role_name)
  934. values (154, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  935. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_sic"
  936. WITH INHERIT NOLOGIN;
  937. GRANT UPDATE ON sic TO "lsmb_<?lsmb dbname ?>__edit_sic";
  938. INSERT INTO menu_acl (node_id, acl_type, role_name)
  939. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  940. INSERT INTO menu_acl (node_id, acl_type, role_name)
  941. values (153, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  942. INSERT INTO menu_acl (node_id, acl_type, role_name)
  943. values (155, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  944. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_sic"
  945. WITH INHERIT NOLOGIN
  946. IN ROLE "lsmb_<?lsmb dbname ?>__create_sic",
  947. "lsmb_<?lsmb dbname ?>__edit_sic";
  948. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_template"
  949. WITH INHERIT NOLOGIN;
  950. -- TODO Add db permissions as templates get moved into db.
  951. INSERT INTO menu_acl (node_id, acl_type, role_name)
  952. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  953. INSERT INTO menu_acl (node_id, acl_type, role_name)
  954. values (156, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  955. INSERT INTO menu_acl (node_id, acl_type, role_name)
  956. values (157, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  957. INSERT INTO menu_acl (node_id, acl_type, role_name)
  958. values (158, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  959. INSERT INTO menu_acl (node_id, acl_type, role_name)
  960. values (159, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  961. INSERT INTO menu_acl (node_id, acl_type, role_name)
  962. values (160, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  963. INSERT INTO menu_acl (node_id, acl_type, role_name)
  964. values (161, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  965. INSERT INTO menu_acl (node_id, acl_type, role_name)
  966. values (162, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  967. INSERT INTO menu_acl (node_id, acl_type, role_name)
  968. values (163, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  969. INSERT INTO menu_acl (node_id, acl_type, role_name)
  970. values (164, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  971. INSERT INTO menu_acl (node_id, acl_type, role_name)
  972. values (165, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  973. INSERT INTO menu_acl (node_id, acl_type, role_name)
  974. values (166, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  975. INSERT INTO menu_acl (node_id, acl_type, role_name)
  976. values (167, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  977. INSERT INTO menu_acl (node_id, acl_type, role_name)
  978. values (168, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  979. INSERT INTO menu_acl (node_id, acl_type, role_name)
  980. values (169, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  981. INSERT INTO menu_acl (node_id, acl_type, role_name)
  982. values (170, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  983. INSERT INTO menu_acl (node_id, acl_type, role_name)
  984. values (171, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  985. INSERT INTO menu_acl (node_id, acl_type, role_name)
  986. values (172, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  987. INSERT INTO menu_acl (node_id, acl_type, role_name)
  988. values (173, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  989. INSERT INTO menu_acl (node_id, acl_type, role_name)
  990. values (174, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  991. INSERT INTO menu_acl (node_id, acl_type, role_name)
  992. values (175, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  993. INSERT INTO menu_acl (node_id, acl_type, role_name)
  994. values (176, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  995. INSERT INTO menu_acl (node_id, acl_type, role_name)
  996. values (177, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  997. INSERT INTO menu_acl (node_id, acl_type, role_name)
  998. values (178, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  999. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1000. values (179, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1001. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1002. values (180, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1003. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1004. values (181, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1005. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1006. values (182, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1007. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1008. values (183, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1009. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1010. values (184, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1011. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1012. values (185, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1013. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1014. values (186, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1015. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1016. values (187, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1017. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1018. values (188, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1019. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1020. values (189, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1021. CREATE ROLE "lsmb_<?lsmb dbname ?>__manage_system"
  1022. WITH INHERIT NOLOGIN
  1023. IN ROLE "lsmb_<?lsmb dbname ?>__change_system_settings",
  1024. "lsmb_<?lsmb dbname ?>__all_accounts",
  1025. "lsmb_<?lsmb dbname ?>__all_department",
  1026. "lsmb_<?lsmb dbname ?>__all_business_type",
  1027. "lsmb_<?lsmb dbname ?>__all_sic",
  1028. "lsmb_<?lsmb dbname ?>__edit_template";
  1029. -- Manual Translation
  1030. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_language"
  1031. WITH INHERIT NOLOGIN;
  1032. GRANT INSERT ON language TO "lsmb_<?lsmb dbname ?>__create_language";
  1033. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1034. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1035. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1036. values (150, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1037. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1038. values (151, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1039. CREATE ROLE "lsmb_<?lsmb dbname ?>__edit_language"
  1040. WITH INHERIT NOLOGIN;
  1041. GRANT UPDATE ON language TO "lsmb_<?lsmb dbname ?>__edit_language";
  1042. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1043. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1044. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1045. values (150, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1046. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1047. values (152, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1048. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_part_translation"
  1049. WITH INHERIT NOLOGIN;
  1050. -- TODO add db permissions
  1051. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1052. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1053. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1054. values (95, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1055. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1056. values (96, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1057. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1058. values (97, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1059. CREATE ROLE "lsmb_<?lsmb dbname ?>__create_project_translation"
  1060. WITH INHERIT NOLOGIN;
  1061. -- TODO add db permissions
  1062. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1063. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1064. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1065. values (107, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1066. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1067. values (108, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1068. CREATE ROLE "lsmb_<?lsmb dbname ?>__all_manual_translation"
  1069. WITH INHERIT NOLOGIN
  1070. IN ROLE "lsmb_<?lsmb dbname ?>__create_language",
  1071. "lsmb_<?lsmb dbname ?>__create_part_translation",
  1072. "lsmb_<?lsmb dbname ?>__create_project_translation";
  1073. GRANT SELECT ON custom_field_catalog TO public;
  1074. GRANT SELECT ON custom_table_catalog TO public;
  1075. -- Grants to all users;
  1076. GRANT ALL ON defaults TO public;
  1077. GRANT ALL ON "session" TO public;
  1078. GRANT ALL ON session_session_id_seq TO PUBLIC;
  1079. GRANT SELECT ON users TO public;
  1080. GRANT ALL ON user_preference TO public;
  1081. GRANT SELECT ON custom_table_catalog TO PUBLIC;
  1082. GRANT SELECT ON custom_field_catalog TO PUBLIC;
  1083. grant select on menu_node, menu_attribute, menu_acl to public;
  1084. GRANT select on chart, gifi, country to public;
  1085. grant select on employee to public;
  1086. GRANT SELECT ON parts, partsgroup TO public;
  1087. GRANT SELECT ON language, project TO public;
  1088. GRANT SELECT ON business, exchangerate, department, shipto, tax TO public;
  1089. GRANT ALL ON recurring, recurringemail, recurringprint, status TO public;
  1090. GRANT ALL ON transactions, entity_employee, customer, vendor TO public;
  1091. GRANT ALL ON pending_job, payments_queue TO PUBLIC;
  1092. GRANT ALL ON pending_job_id_seq TO public;
  1093. --TODO, lock recurring, pending_job, payment_queue down more
  1094. -- CT: The following grant is required for now, but will hopefully become less
  1095. -- important when we get to 1.4 and can more sensibly lock things down.
  1096. GRANT ALL ON dpt_trans TO public;
  1097. -- Roles dependant on FUNCTIONS
  1098. CREATE ROLE "lsmb_<?lsmb dbname ?>__voucher_delete"
  1099. WITH INHERIT NOLOGIN;
  1100. GRANT EXECUTE ON FUNCTION voucher__delete(int)
  1101. TO "lsmb_<?lsmb dbname ?>__voucher_delete";
  1102. GRANT EXECUTE ON FUNCTION batch__delete(int)
  1103. TO "lsmb_<?lsmb dbname ?>__voucher_delete";