summaryrefslogtreecommitdiff
path: root/sql/modules/Roles.sql
blob: aace8a8c4354aac12d34b8ea2bd5009af89df8c5 (plain)
  1. -- Contacts
  2. CREATE ROLE lsmb_<?lsmb dbname ?>__read_contact
  3. WITH INHERIT NOLOGIN;
  4. GRANT SELECT ON entity TO lsmb_<?lsmb dbname ?>__read_contact;
  5. GRANT SELECT ON company TO lsmb_<?lsmb dbname ?>__read_contact;
  6. GRANT SELECT ON location TO lsmb_<?lsmb dbname ?>__read_contact;
  7. GRANT SELECT ON person TO lsmb_<?lsmb dbname ?>__read_contact;
  8. GRANT SELECT ON entity_credit_account TO lsmb_<?lsmb dbname ?>__read_contact;
  9. GRANT SELECT ON company_to_contact TO lsmb_<?lsmb dbname ?>__read_contact;
  10. GRANT SELECT ON company_to_entity TO lsmb_<?lsmb dbname ?>__read_contact;
  11. GRANT SELECT ON company_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  12. GRANT SELECT ON customertax TO lsmb_<?lsmb dbname ?>__read_contact;
  13. GRANT SELECT ON contact_class TO lsmb_<?lsmb dbname ?>__read_contact;
  14. GRANT SELECT ON entity_class TO lsmb_<?lsmb dbname ?>__read_contact;
  15. GRANT SELECT ON entity_bank_account TO lsmb_<?lsmb dbname ?>__read_contact;
  16. GRANT SELECT ON entity_note TO lsmb_<?lsmb dbname ?>__read_contact;
  17. GRANT SELECT ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__read_contact;
  18. GRANT SELECT ON entity_other_name TO lsmb_<?lsmb dbname ?>__read_contact;
  19. GRANT SELECT ON location_class TO lsmb_<?lsmb dbname ?>__read_contact;
  20. GRANT SELECT ON person_to_company TO lsmb_<?lsmb dbname ?>__read_contact;
  21. GRANT SELECT ON person_to_contact TO lsmb_<?lsmb dbname ?>__read_contact;
  22. GRANT SELECT ON person_to_contact TO lsmb_<?lsmb dbname ?>__read_contact;
  23. GRANT SELECT ON person_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  24. GRANT SELECT ON person_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  25. GRANT SELECT ON company_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  26. GRANT SELECT ON vendortax TO lsmb_<?lsmb dbname ?>__read_contact;
  27. INSERT INTO menu_acl (node_id, acl_type, role_name)
  28. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  29. INSERT INTO menu_acl (node_id, acl_type, role_name)
  30. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  31. INSERT INTO menu_acl (node_id, acl_type, role_name)
  32. values (14, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  33. INSERT INTO menu_acl (node_id, acl_type, role_name)
  34. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  35. INSERT INTO menu_acl (node_id, acl_type, role_name)
  36. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  37. INSERT INTO menu_acl (node_id, acl_type, role_name)
  38. values (33, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  39. CREATE ROLE lsmb_<?lsmb dbname ?>__create_contact
  40. WITH INHERIT NOLOGIN
  41. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  42. GRANT INSERT ON entity TO lsmb_<?lsmb dbname ?>__create_contact;
  43. GRANT ALL ON entity_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  44. GRANT INSERT ON company TO lsmb_<?lsmb dbname ?>__create_contact;
  45. GRANT ALL ON company_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  46. GRANT INSERT ON location TO lsmb_<?lsmb dbname ?>__create_contact;
  47. GRANT ALL ON location_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  48. GRANT INSERT ON person TO lsmb_<?lsmb dbname ?>__create_contact;
  49. GRANT ALL ON person_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  50. GRANT INSERT ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_contact;
  51. GRANT ALL ON entity_credit_account_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  52. GRANT INSERT ON company_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  53. GRANT INSERT ON company_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  54. GRANT INSERT ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  55. GRANT INSERT ON customertax TO lsmb_<?lsmb dbname ?>__create_contact;
  56. GRANT INSERT ON entity_bank_account TO lsmb_<?lsmb dbname ?>__create_contact;
  57. GRANT ALL ON entity_bank_account_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  58. GRANT INSERT ON entity_note TO lsmb_<?lsmb dbname ?>__create_contact;
  59. GRANT INSERT ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  60. GRANT INSERT ON entity_other_name TO lsmb_<?lsmb dbname ?>__create_contact;
  61. GRANT INSERT ON person_to_company TO lsmb_<?lsmb dbname ?>__create_contact;
  62. GRANT INSERT ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  63. GRANT INSERT ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  64. GRANT INSERT ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  65. GRANT INSERT ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  66. GRANT INSERT ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  67. GRANT DELETE ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  68. GRANT INSERT ON vendortax TO lsmb_<?lsmb dbname ?>__create_contact;
  69. INSERT INTO menu_acl (node_id, acl_type, role_name)
  70. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  71. INSERT INTO menu_acl (node_id, acl_type, role_name)
  72. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  73. INSERT INTO menu_acl (node_id, acl_type, role_name)
  74. values (12, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  75. INSERT INTO menu_acl (node_id, acl_type, role_name)
  76. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  77. INSERT INTO menu_acl (node_id, acl_type, role_name)
  78. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  79. INSERT INTO menu_acl (node_id, acl_type, role_name)
  80. values (31, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  81. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_contact
  82. WITH INHERIT NOLOGIN
  83. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  84. GRANT UPDATE ON entity TO lsmb_<?lsmb dbname ?>__create_contact;
  85. GRANT UPDATE ON company TO lsmb_<?lsmb dbname ?>__create_contact;
  86. GRANT UPDATE ON location TO lsmb_<?lsmb dbname ?>__create_contact;
  87. GRANT UPDATE ON person TO lsmb_<?lsmb dbname ?>__create_contact;
  88. GRANT UPDATE ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_contact;
  89. GRANT UPDATE ON company_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  90. GRANT UPDATE ON company_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  91. GRANT UPDATE ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  92. GRANT UPDATE ON customertax TO lsmb_<?lsmb dbname ?>__create_contact;
  93. GRANT UPDATE ON entity_bank_account TO lsmb_<?lsmb dbname ?>__create_contact;
  94. GRANT UPDATE ON entity_note TO lsmb_<?lsmb dbname ?>__create_contact;
  95. GRANT UPDATE ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  96. GRANT UPDATE ON entity_other_name TO lsmb_<?lsmb dbname ?>__create_contact;
  97. GRANT UPDATE ON person_to_company TO lsmb_<?lsmb dbname ?>__create_contact;
  98. GRANT UPDATE ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  99. GRANT UPDATE ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  100. GRANT UPDATE ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  101. GRANT UPDATE ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  102. GRANT DELETE, INSERT ON vendortax TO lsmb_<?lsmb dbname ?>__create_contact;
  103. CREATE ROLE lsmb_<?lsmb dbname ?>__contact_all_rights
  104. WITH INHERIT NOLOGIN
  105. in role lsmb_<?lsmb dbname ?>__create_contact,
  106. lsmb_<?lsmb dbname ?>__edit_contact,
  107. lsmb_<?lsmb dbname ?>__read_contact;
  108. -- Batches and VOuchers
  109. CREATE ROLE lsmb_<?lsmb dbname ?>__create_batch
  110. WITH INHERIT NOLOGIN;
  111. GRANT INSERT ON batch TO lsmb_<?lsmb dbname ?>__create_batch;
  112. GRANT ALL ON batch_id_seq TO lsmb_<?lsmb dbname ?>__create_batch;
  113. GRANT SELECT ON batch_class TO lsmb_<?lsmb dbname ?>__create_batch;
  114. GRANT INSERT ON voucher TO lsmb_<?lsmb dbname ?>__create_batch;
  115. GRANT ALL ON voucher_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  116. -- TODO add Menu ACLs
  117. CREATE ROLE lsmb_<?lsmb dbname ?>__post_batches
  118. WITH INHERIT NOLOGIN;
  119. GRANT UPDATE ON ar TO lsmb_<?lsmb dbname ?>__post_batches;
  120. GRANT UPDATE ON ap TO lsmb_<?lsmb dbname ?>__post_batches;
  121. GRANT UPDATE ON acc_trans TO lsmb_<?lsmb dbname ?>__post_batches;
  122. GRANT UPDATE ON batch TO lsmb_<?lsmb dbname ?>__post_batches;
  123. GRANT UPDATE ON gl TO lsmb_<?lsmb dbname ?>__post_batches;
  124. -- TODO add Menu ACLs
  125. -- AR
  126. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction
  127. WITH INHERIT NOLOGIN
  128. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  129. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  130. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  131. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  132. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  133. INSERT INTO menu_acl (node_id, acl_type, role_name)
  134. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  135. INSERT INTO menu_acl (node_id, acl_type, role_name)
  136. values (2, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  137. INSERT INTO menu_acl (node_id, acl_type, role_name)
  138. values (194, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  139. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher
  140. WITH INHERIT NOLOGIN
  141. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  142. lsmb_<?lsmb dbname ?>__create_batch;
  143. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  144. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  145. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  146. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  147. -- TODO add Menu ACLs
  148. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_invoice
  149. WITH INHERIT NOLOGIN
  150. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  151. lsmb_<?lsmb dbname ?>__create_ar_transaction;
  152. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  153. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  154. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  155. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  156. INSERT INTO menu_acl (node_id, acl_type, role_name)
  157. values (3, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_invoice');
  158. INSERT INTO menu_acl (node_id, acl_type, role_name)
  159. values (195, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  160. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher
  161. WITH INHERIT NOLOGIN
  162. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  163. lsmb_<?lsmb dbname ?>__create_batch,
  164. lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  165. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  166. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  167. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  168. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  169. -- TODO add Menu ACLs
  170. CREATE ROLE lsmb_<?lsmb dbname ?>__list_ar_transactions
  171. WITH INHERIT NOLOGIN
  172. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  173. GRANT SELECT ON ar TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  174. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  175. GRANT SELECT ON invoice TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  176. GRANT SELECT ON inventory TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  177. INSERT INTO menu_acl (node_id, acl_type, role_name)
  178. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  179. INSERT INTO menu_acl (node_id, acl_type, role_name)
  180. values (4, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  181. INSERT INTO menu_acl (node_id, acl_type, role_name)
  182. values (5, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  183. INSERT INTO menu_acl (node_id, acl_type, role_name)
  184. values (6, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  185. INSERT INTO menu_acl (node_id, acl_type, role_name)
  186. values (7, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  187. INSERT INTO menu_acl (node_id, acl_type, role_name)
  188. values (9, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  189. INSERT INTO menu_acl (node_id, acl_type, role_name)
  190. values (10, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  191. INSERT INTO menu_acl (node_id, acl_type, role_name)
  192. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  193. INSERT INTO menu_acl (node_id, acl_type, role_name)
  194. values (13, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  195. INSERT INTO menu_acl (node_id, acl_type, role_name)
  196. values (15, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  197. CREATE ROLE lsmb_<?lsmb dbname ?>__ar_all_vouchers
  198. WITH INHERIT NOLOGIN
  199. IN ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher,
  200. lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  201. CREATE ROLE lsmb_<?lsmb dbname ?>__ar_all_transactions
  202. WITH INHERIT NOLOGIN
  203. IN ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction,
  204. lsmb_<?lsmb dbname ?>__create_ar_invoice,
  205. lsmb_<?lsmb dbname ?>__list_ar_transactions;
  206. CREATE ROLE lsmb_<?lsmb dbname ?>__create_sales_order
  207. WITH INHERIT NOLOGIN
  208. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  209. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_sales_order;
  210. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_order;
  211. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_sales_order;
  212. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_order;
  213. INSERT INTO menu_acl (node_id, acl_type, role_name)
  214. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_order');
  215. INSERT INTO menu_acl (node_id, acl_type, role_name)
  216. values (51, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_order');
  217. CREATE ROLE lsmb_<?lsmb dbname ?>__create_sales_quotation
  218. WITH INHERIT NOLOGIN
  219. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  220. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  221. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  222. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  223. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  224. INSERT INTO menu_acl (node_id, acl_type, role_name)
  225. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_quotation');
  226. INSERT INTO menu_acl (node_id, acl_type, role_name)
  227. values (68, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_quotation');
  228. CREATE ROLE lsmb_<?lsmb dbname ?>__list_sales_orders
  229. WITH INHERIT NOLOGIN
  230. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  231. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_sales_orders;
  232. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_sales_orders;
  233. INSERT INTO menu_acl (node_id, acl_type, role_name)
  234. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  235. INSERT INTO menu_acl (node_id, acl_type, role_name)
  236. values (53, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  237. INSERT INTO menu_acl (node_id, acl_type, role_name)
  238. values (54, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  239. CREATE ROLE lsmb_<?lsmb dbname ?>__list_sales_quotations
  240. WITH INHERIT NOLOGIN
  241. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  242. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_sales_quotations;
  243. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_sales_quotations;
  244. INSERT INTO menu_acl (node_id, acl_type, role_name)
  245. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  246. INSERT INTO menu_acl (node_id, acl_type, role_name)
  247. values (70, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  248. INSERT INTO menu_acl (node_id, acl_type, role_name)
  249. values (71, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  250. CREATE ROLE lsmb_<?lsmb dbname ?>__all_ar
  251. WITH INHERIT NOLOGIN
  252. IN ROLE lsmb_<?lsmb dbname ?>__ar_all_vouchers,
  253. lsmb_<?lsmb dbname ?>__ar_all_transactions,
  254. lsmb_<?lsmb dbname ?>__create_sales_order,
  255. lsmb_<?lsmb dbname ?>__create_sales_quotation,
  256. lsmb_<?lsmb dbname ?>__list_sales_orders,
  257. lsmb_<?lsmb dbname ?>__list_sales_quotations;
  258. -- AP
  259. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction
  260. WITH INHERIT NOLOGIN
  261. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  262. GRANT INSERT ON ap TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  263. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  264. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  265. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  266. INSERT INTO menu_acl (node_id, acl_type, role_name)
  267. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  268. INSERT INTO menu_acl (node_id, acl_type, role_name)
  269. values (22, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  270. INSERT INTO menu_acl (node_id, acl_type, role_name)
  271. values (196, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  272. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher
  273. WITH INHERIT NOLOGIN
  274. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  275. lsmb_<?lsmb dbname ?>__create_batch;
  276. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  277. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  278. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  279. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  280. -- TODO add Menu ACLs
  281. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_invoice
  282. WITH INHERIT NOLOGIN
  283. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  284. lsmb_<?lsmb dbname ?>__create_ap_transaction;
  285. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  286. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  287. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  288. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  289. INSERT INTO menu_acl (node_id, acl_type, role_name)
  290. values (23, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_invoice');
  291. INSERT INTO menu_acl (node_id, acl_type, role_name)
  292. values (197, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  293. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher
  294. WITH INHERIT NOLOGIN
  295. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  296. lsmb_<?lsmb dbname ?>__create_batch;
  297. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  298. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  299. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  300. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  301. -- TODO add Menu ACLs
  302. CREATE ROLE lsmb_<?lsmb dbname ?>__list_ap_transactions
  303. WITH INHERIT NOLOGIN
  304. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  305. GRANT SELECT ON ap TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  306. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  307. GRANT SELECT ON invoice TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  308. GRANT SELECT ON inventory TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  309. INSERT INTO menu_acl (node_id, acl_type, role_name)
  310. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  311. INSERT INTO menu_acl (node_id, acl_type, role_name)
  312. values (24, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  313. INSERT INTO menu_acl (node_id, acl_type, role_name)
  314. values (25, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  315. INSERT INTO menu_acl (node_id, acl_type, role_name)
  316. values (26, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  317. INSERT INTO menu_acl (node_id, acl_type, role_name)
  318. values (27, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  319. INSERT INTO menu_acl (node_id, acl_type, role_name)
  320. values (28, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  321. INSERT INTO menu_acl (node_id, acl_type, role_name)
  322. values (29, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  323. INSERT INTO menu_acl (node_id, acl_type, role_name)
  324. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  325. INSERT INTO menu_acl (node_id, acl_type, role_name)
  326. values (32, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  327. INSERT INTO menu_acl (node_id, acl_type, role_name)
  328. values (34, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  329. CREATE ROLE lsmb_<?lsmb dbname ?>__ap_all_vouchers
  330. WITH INHERIT NOLOGIN
  331. IN ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher,
  332. lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  333. CREATE ROLE lsmb_<?lsmb dbname ?>__ap_all_transactions
  334. WITH INHERIT NOLOGIN
  335. IN ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction,
  336. lsmb_<?lsmb dbname ?>__create_ap_invoice,
  337. lsmb_<?lsmb dbname ?>__list_ap_transactions;
  338. CREATE ROLE lsmb_<?lsmb dbname ?>__create_purchase_order
  339. WITH INHERIT NOLOGIN
  340. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  341. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  342. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  343. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  344. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  345. INSERT INTO menu_acl (node_id, acl_type, role_name)
  346. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_order');
  347. INSERT INTO menu_acl (node_id, acl_type, role_name)
  348. values (52, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_order');
  349. CREATE ROLE lsmb_<?lsmb dbname ?>__create_purchase_rfq
  350. WITH INHERIT NOLOGIN
  351. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  352. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  353. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  354. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  355. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  356. INSERT INTO menu_acl (node_id, acl_type, role_name)
  357. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_rfq');
  358. INSERT INTO menu_acl (node_id, acl_type, role_name)
  359. values (69, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_rfq');
  360. CREATE ROLE lsmb_<?lsmb dbname ?>__list_purchase_orders
  361. WITH INHERIT NOLOGIN
  362. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  363. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_purchase_orders;
  364. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_purchase_orders;
  365. INSERT INTO menu_acl (node_id, acl_type, role_name)
  366. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  367. INSERT INTO menu_acl (node_id, acl_type, role_name)
  368. values (53, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  369. INSERT INTO menu_acl (node_id, acl_type, role_name)
  370. values (55, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  371. CREATE ROLE lsmb_<?lsmb dbname ?>__list_purchase_rfqs
  372. WITH INHERIT NOLOGIN
  373. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  374. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_purchase_rfqs;
  375. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_purchase_rfqs;
  376. INSERT INTO menu_acl (node_id, acl_type, role_name)
  377. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  378. INSERT INTO menu_acl (node_id, acl_type, role_name)
  379. values (70, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  380. INSERT INTO menu_acl (node_id, acl_type, role_name)
  381. values (72, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  382. CREATE ROLE lsmb_<?lsmb dbname ?>__all_ap
  383. WITH INHERIT NOLOGIN
  384. IN ROLE lsmb_<?lsmb dbname ?>__ap_all_vouchers,
  385. lsmb_<?lsmb dbname ?>__ap_all_transactions,
  386. lsmb_<?lsmb dbname ?>__create_purchase_order,
  387. lsmb_<?lsmb dbname ?>__create_purchase_rfq,
  388. lsmb_<?lsmb dbname ?>__list_purchase_orders,
  389. lsmb_<?lsmb dbname ?>__list_purchase_rfqs;
  390. -- POS
  391. CREATE ROLE lsmb_<?lsmb dbname ?>__create_pos_invoice
  392. WITH INHERIT NOLOGIN
  393. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  394. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  395. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  396. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  397. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  398. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  399. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  400. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  401. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  402. INSERT INTO menu_acl (node_id, acl_type, role_name)
  403. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  404. INSERT INTO menu_acl (node_id, acl_type, role_name)
  405. values (17, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  406. INSERT INTO menu_acl (node_id, acl_type, role_name)
  407. values (18, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  408. CREATE ROLE lsmb_<?lsmb dbname ?>__close_till
  409. WITH INHERIT NOLOGIN;
  410. GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__close_till;
  411. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__close_till;
  412. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__close_till;
  413. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__close_till;
  414. INSERT INTO menu_acl (node_id, acl_type, role_name)
  415. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__close_till');
  416. INSERT INTO menu_acl (node_id, acl_type, role_name)
  417. values (19, 'allow', 'lsmb_<?lsmb dbname ?>__close_till');
  418. CREATE ROLE lsmb_<?lsmb dbname ?>__list_all_open
  419. WITH INHERIT NOLOGIN;
  420. GRANT SELECT ON ar TO lsmb_<?lsmb dbname ?>__list_all_open;
  421. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__list_all_open;
  422. INSERT INTO menu_acl (node_id, acl_type, role_name)
  423. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__list_all_open');
  424. INSERT INTO menu_acl (node_id, acl_type, role_name)
  425. values (18, 'allow', 'lsmb_<?lsmb dbname ?>__list_all_open');
  426. CREATE ROLE lsmb_<?lsmb dbname ?>__pos_cashier
  427. WITH INHERIT NOLOGIN
  428. IN ROLE lsmb_<?lsmb dbname ?>__create_pos_invoice,
  429. lsmb_<?lsmb dbname ?>__close_till;
  430. CREATE ROLE lsmb_<?lsmb dbname ?>__all_pos
  431. WITH INHERIT NOLOGIN
  432. IN ROLE lsmb_<?lsmb dbname ?>__pos_cashier,
  433. lsmb_<?lsmb dbname ?>__list_all_open;
  434. -- CASH
  435. CREATE ROLE lsmb_<?lsmb dbname ?>__reconcile
  436. WITH INHERIT NOLOGIN;
  437. -- GRANT INSERT ON pending_reports TO lsmb_<?lsmb dbname ?>__reconcile;
  438. -- GRANT INSERT on report_corrections TO lsmb_<?lsmb dbname ?>__reconcile;
  439. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__reconcile;
  440. -- GRANT ALL ON pending_reports_id_seq TO lsmb_<?lsmb dbname ?>__reconcile;
  441. -- GRANT ALL ON report_corrections_id_seq TO lsmb_<?lsmb dbname ?>__reconcile;
  442. INSERT INTO menu_acl (node_id, acl_type, role_name)
  443. values (35, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  444. INSERT INTO menu_acl (node_id, acl_type, role_name)
  445. values (45, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  446. CREATE ROLE lsmb_<?lsmb dbname ?>__approve_reconciliation
  447. WITH INHERIT NOLOGIN;
  448. -- GRANT UPDATE ON pending_reports TO lsmb_<?lsmb dbname ?>__reconcile;
  449. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__reconcile;
  450. INSERT INTO menu_acl (node_id, acl_type, role_name)
  451. values (35, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  452. INSERT INTO menu_acl (node_id, acl_type, role_name)
  453. values (41, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  454. INSERT INTO menu_acl (node_id, acl_type, role_name)
  455. values (44, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  456. CREATE ROLE lsmb_<?lsmb dbname ?>__all_reconcile
  457. WITH INHERIT NOLOGIN
  458. IN ROLE lsmb_<?lsmb dbname ?>__reconcile,
  459. lsmb_<?lsmb dbname ?>__approve_reconciliation;
  460. CREATE ROLE lsmb_<?lsmb dbname ?>__process_payment
  461. WITH INHERIT NOLOGIN
  462. IN ROLE lsmb_<?lsmb dbname ?>__list_ap_transactions;
  463. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__process_payment;
  464. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__process_payment;
  465. INSERT INTO menu_acl (node_id, acl_type, role_name)
  466. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  467. INSERT INTO menu_acl (node_id, acl_type, role_name)
  468. values (38, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  469. INSERT INTO menu_acl (node_id, acl_type, role_name)
  470. values (39, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  471. CREATE ROLE lsmb_<?lsmb dbname ?>__process_receipt
  472. WITH INHERIT NOLOGIN
  473. IN ROLE lsmb_<?lsmb dbname ?>__ar_list_transactions;
  474. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__process_receipt;
  475. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__process_receipt;
  476. INSERT INTO menu_acl (node_id, acl_type, role_name)
  477. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  478. INSERT INTO menu_acl (node_id, acl_type, role_name)
  479. values (36, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  480. INSERT INTO menu_acl (node_id, acl_type, role_name)
  481. values (47, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  482. CREATE ROLE lsmb_<?lsmb dbname ?>__cash_all
  483. WITH INHERIT NOLOGIN
  484. IN ROLE lsmb_<?lsmb dbname ?>__all_reconcile,
  485. lsmb_<?lsmb dbname ?>__process_payment,
  486. lsmb_<?lsmb dbname ?>__process_receipt;
  487. -- Inventory Control
  488. CREATE ROLE lsmb_<?lsmb dbname ?>__create_part
  489. WITH INHERIT NOLOGIN;
  490. GRANT INSERT ON parts TO lsmb_<?lsmb dbname ?>__create_part;
  491. GRANT ALL ON parts_id_seq TO lsmb_<?lsmb dbname ?>__create_part;
  492. INSERT INTO menu_acl (node_id, acl_type, role_name)
  493. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  494. INSERT INTO menu_acl (node_id, acl_type, role_name)
  495. values (78, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  496. INSERT INTO menu_acl (node_id, acl_type, role_name)
  497. values (79, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  498. INSERT INTO menu_acl (node_id, acl_type, role_name)
  499. values (80, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  500. INSERT INTO menu_acl (node_id, acl_type, role_name)
  501. values (81, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  502. INSERT INTO menu_acl (node_id, acl_type, role_name)
  503. values (82, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  504. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_part
  505. WITH INHERIT NOLOGIN;
  506. GRANT UPDATE ON parts TO lsmb_<?lsmb dbname ?>__edit_part;
  507. INSERT INTO menu_acl (node_id, acl_type, role_name)
  508. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  509. INSERT INTO menu_acl (node_id, acl_type, role_name)
  510. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  511. INSERT INTO menu_acl (node_id, acl_type, role_name)
  512. values (86, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  513. INSERT INTO menu_acl (node_id, acl_type, role_name)
  514. values (87, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  515. INSERT INTO menu_acl (node_id, acl_type, role_name)
  516. values (88, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  517. INSERT INTO menu_acl (node_id, acl_type, role_name)
  518. values (89, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  519. INSERT INTO menu_acl (node_id, acl_type, role_name)
  520. values (90, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  521. INSERT INTO menu_acl (node_id, acl_type, role_name)
  522. values (91, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  523. INSERT INTO menu_acl (node_id, acl_type, role_name)
  524. values (93, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  525. CREATE ROLE lsmb_<?lsmb dbname ?>__inventory_reports
  526. WITH INHERIT NOLOGIN;
  527. GRANT SELECT ON ar TO lsmb_<?lsmb dbname ?>__inventory_reports;
  528. GRANT SELECT ON ap TO lsmb_<?lsmb dbname ?>__inventory_reports;
  529. GRANT SELECT ON inventory TO lsmb_<?lsmb dbname ?>__inventory_reports;
  530. GRANT SELECT ON invoice TO lsmb_<?lsmb dbname ?>__inventory_reports;
  531. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__inventory_reports;
  532. INSERT INTO menu_acl (node_id, acl_type, role_name)
  533. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  534. INSERT INTO menu_acl (node_id, acl_type, role_name)
  535. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  536. INSERT INTO menu_acl (node_id, acl_type, role_name)
  537. values (88, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  538. INSERT INTO menu_acl (node_id, acl_type, role_name)
  539. values (94, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  540. CREATE ROLE lsmb_<?lsmb dbname ?>__create_pricegroup
  541. WITH INHERIT NOLOGIN
  542. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  543. GRANT INSERT ON pricegroup TO lsmb_<?lsmb dbname ?>__create_pricegroup;
  544. GRANT ALL ON pricegroup_id_seq TO lsmb_<?lsmb dbname ?>__create_pricegroup;
  545. GRANT UPDATE ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_pricegroup;
  546. INSERT INTO menu_acl (node_id, acl_type, role_name)
  547. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_pricegroup');
  548. INSERT INTO menu_acl (node_id, acl_type, role_name)
  549. values (83, 'allow', 'lsmb_<?lsmb dbname ?>__create_pricegroup');
  550. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_pricegroup
  551. WITH INHERIT NOLOGIN
  552. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  553. GRANT UPDATE ON pricegroup TO lsmb_<?lsmb dbname ?>__edit_pricegroup;
  554. GRANT UPDATE ON entity_credit_account TO lsmb_<?lsmb dbname ?>__edit_pricegroup;
  555. INSERT INTO menu_acl (node_id, acl_type, role_name)
  556. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  557. INSERT INTO menu_acl (node_id, acl_type, role_name)
  558. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  559. INSERT INTO menu_acl (node_id, acl_type, role_name)
  560. values (92, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  561. CREATE ROLE lsmb_<?lsmb dbname ?>__stock_assembly
  562. WITH INHERIT NOLOGIN;
  563. GRANT UPDATE ON parts TO lsmb_<?lsmb dbname ?>__stock_assembly;
  564. INSERT INTO menu_acl (node_id, acl_type, role_name)
  565. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__stock_assembly');
  566. INSERT INTO menu_acl (node_id, acl_type, role_name)
  567. values (84, 'allow', 'lsmb_<?lsmb dbname ?>__stock_assembly');
  568. CREATE ROLE lsmb_<?lsmb dbname ?>__ship_inventory
  569. WITH INHERIT NOLOGIN
  570. IN ROLE lsmb_<?lsmb dbname ?>__list_sales_orders;
  571. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__ship_inventory;
  572. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__ship_inventory;
  573. INSERT INTO menu_acl (node_id, acl_type, role_name)
  574. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__ship_inventory');
  575. INSERT INTO menu_acl (node_id, acl_type, role_name)
  576. values (64, 'allow', 'lsmb_<?lsmb dbname ?>__ship_inventory');
  577. CREATE ROLE lsmb_<?lsmb dbname ?>__receive_inventory
  578. WITH INHERIT NOLOGIN
  579. IN ROLE lsmb_<?lsmb dbname ?>__list_purchase_orders;
  580. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__receive_inventory;
  581. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__receive_inventory;
  582. INSERT INTO menu_acl (node_id, acl_type, role_name)
  583. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__receive_inventory');
  584. INSERT INTO menu_acl (node_id, acl_type, role_name)
  585. values (65, 'allow', 'lsmb_<?lsmb dbname ?>__receive_inventory');
  586. CREATE ROLE lsmb_<?lsmb dbname ?>__transfer_inventory
  587. WITH INHERIT NOLOGIN;
  588. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__transfer_inventory;
  589. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__transfer_inventory;
  590. INSERT INTO menu_acl (node_id, acl_type, role_name)
  591. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__transfer_inventory');
  592. INSERT INTO menu_acl (node_id, acl_type, role_name)
  593. values (66, 'allow', 'lsmb_<?lsmb dbname ?>__transfer_inventory');
  594. CREATE ROLE lsmb_<?lsmb dbname ?>__create_warehouse
  595. WITH INHERIT NOLOGIN;
  596. GRANT INSERT ON warehouse TO lsmb_<?lsmb dbname ?>__create_warehouse;
  597. GRANT ALL ON warehouse_id_seq TO lsmb_<?lsmb dbname ?>__create_warehouse;
  598. INSERT INTO menu_acl (node_id, acl_type, role_name)
  599. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  600. INSERT INTO menu_acl (node_id, acl_type, role_name)
  601. values (141, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  602. INSERT INTO menu_acl (node_id, acl_type, role_name)
  603. values (142, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  604. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_warehouse
  605. WITH INHERIT NOLOGIN;
  606. GRANT UPDATE ON warehouse TO lsmb_<?lsmb dbname ?>__edit_warehouse;
  607. INSERT INTO menu_acl (node_id, acl_type, role_name)
  608. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  609. INSERT INTO menu_acl (node_id, acl_type, role_name)
  610. values (141, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  611. INSERT INTO menu_acl (node_id, acl_type, role_name)
  612. values (143, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  613. CREATE ROLE lsmb_<?lsmb dbname ?>__all_inventory
  614. WITH INHERIT NOLOGIN
  615. IN ROLE lsmb_<?lsmb dbname ?>__create_part,
  616. lsmb_<?lsmb dbname ?>__inventory_reports,
  617. lsmb_<?lsmb dbname ?>__stock_assembly,
  618. lsmb_<?lsmb dbname ?>__ship_inventory,
  619. lsmb_<?lsmb dbname ?>__receive_inventory,
  620. lsmb_<?lsmb dbname ?>__transfer_inventory,
  621. lsmb_<?lsmb dbname ?>__edit_warehouse,
  622. lsmb_<?lsmb dbname ?>__create_warehouse;
  623. -- GL
  624. CREATE ROLE lsmb_<?lsmb dbname ?>__create_transaction
  625. WITH INHERIT NOLOGIN;
  626. GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__create_transaction;
  627. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_transaction;
  628. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_transaction;
  629. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_transaction;
  630. INSERT INTO menu_acl (node_id, acl_type, role_name)
  631. values (73, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  632. INSERT INTO menu_acl (node_id, acl_type, role_name)
  633. values (74, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  634. INSERT INTO menu_acl (node_id, acl_type, role_name)
  635. values (75, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  636. INSERT INTO menu_acl (node_id, acl_type, role_name)
  637. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  638. INSERT INTO menu_acl (node_id, acl_type, role_name)
  639. values (40, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  640. CREATE ROLE lsmb_<?lsmb dbname ?>__create_transaction_voucher
  641. WITH INHERIT NOLOGIN;
  642. GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  643. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  644. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  645. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  646. -- TODO Add menu permissions
  647. CREATE ROLE lsmb_<?lsmb dbname ?>__list_transactions
  648. WITH INHERIT NOLOGIN
  649. IN ROLE lsmb_<?lsmb dbname ?>__list_ar_transactions,
  650. lsmb_<?lsmb dbname ?>__list_ap_transactions;
  651. GRANT SELECT ON gl TO lsmb_<?lsmb dbname ?>__list_transactions;
  652. INSERT INTO menu_acl (node_id, acl_type, role_name)
  653. values (73, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
  654. INSERT INTO menu_acl (node_id, acl_type, role_name)
  655. values (76, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
  656. CREATE ROLE lsmb_<?lsmb dbname ?>__run_yearend
  657. WITH INHERIT NOLOGIN;
  658. GRANT INSERT, SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__run_yearend;
  659. INSERT INTO menu_acl (node_id, acl_type, role_name)
  660. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
  661. INSERT INTO menu_acl (node_id, acl_type, role_name)
  662. values (132, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
  663. CREATE ROLE lsmb_<?lsmb dbname ?>__list_batches
  664. WITH INHERIT NOLOGIN
  665. IN ROLE lsmb_<?lsmb dbname ?>__list_transactions;
  666. GRANT SELECT ON batch TO lsmb_<?lsmb dbname ?>__list_batches;
  667. GRANT SELECT ON batch_class TO lsmb_<?lsmb dbname ?>__list_batches;
  668. GRANT SELECT ON voucher TO lsmb_<?lsmb dbname ?>__list_batches;
  669. -- TODO: Add menu items
  670. CREATE ROLE lsmb_<?lsmb dbname ?>__all_gl
  671. WITH INHERIT NOLOGIN
  672. IN ROLE lsmb_<?lsmb dbname ?>__create_transaction,
  673. lsmb_<?lsmb dbname ?>__create_transaction_voucher,
  674. lsmb_<?lsmb dbname ?>__run_yearend,
  675. lsmb_<?lsmb dbname ?>__list_transactions;
  676. -- PROJECTS
  677. CREATE ROLE lsmb_<?lsmb dbname ?>__create_project
  678. WITH INHERIT NOLOGIN;
  679. GRANT INSERT ON project TO lsmb_<?lsmb dbname ?>__create_project;
  680. GRANT ALL ON project_id_seq TO lsmb_<?lsmb dbname ?>__create_project;
  681. INSERT INTO menu_acl (node_id, acl_type, role_name)
  682. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__create_project');
  683. INSERT INTO menu_acl (node_id, acl_type, role_name)
  684. values (99, 'allow', 'lsmb_<?lsmb dbname ?>__create_project');
  685. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_project
  686. WITH INHERIT NOLOGIN;
  687. GRANT UPDATE ON project TO lsmb_<?lsmb dbname ?>__edit_project;
  688. INSERT INTO menu_acl (node_id, acl_type, role_name)
  689. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  690. INSERT INTO menu_acl (node_id, acl_type, role_name)
  691. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  692. INSERT INTO menu_acl (node_id, acl_type, role_name)
  693. values (104, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  694. CREATE ROLE lsmb_<?lsmb dbname ?>__add_project_timecard
  695. WITH INHERIT NOLOGIN
  696. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  697. GRANT INSERT ON jcitems TO lsmb_<?lsmb dbname ?>__add_project_timecard;
  698. GRANT ALL ON jcitems_id_seq TO lsmb_<?lsmb dbname ?>__add_project_timecard;
  699. INSERT INTO menu_acl (node_id, acl_type, role_name)
  700. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  701. INSERT INTO menu_acl (node_id, acl_type, role_name)
  702. values (100, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  703. INSERT INTO menu_acl (node_id, acl_type, role_name)
  704. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  705. INSERT INTO menu_acl (node_id, acl_type, role_name)
  706. values (106, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  707. CREATE ROLE lsmb_<?lsmb dbname ?>__list_project_timecards
  708. WITH INHERIT NOLOGIN
  709. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  710. GRANT UPDATE ON project TO lsmb_<?lsmb dbname ?>__edit_project;
  711. INSERT INTO menu_acl (node_id, acl_type, role_name)
  712. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  713. INSERT INTO menu_acl (node_id, acl_type, role_name)
  714. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  715. INSERT INTO menu_acl (node_id, acl_type, role_name)
  716. values (106, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  717. -- ORDER GENERATION
  718. CREATE ROLE lsmb_<?lsmb dbname ?>__generate_orders
  719. WITH INHERIT NOLOGIN
  720. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  721. GRANT SELECT, INSERT, UPDATE ON oe TO lsmb_<?lsmb dbname ?>__generate_orders;
  722. GRANT SELECT, INSERT, UPDATE ON orderitems TO lsmb_<?lsmb dbname ?>__generate_orders;
  723. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__generate_orders;
  724. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__generate_orders;
  725. CREATE ROLE lsmb_<?lsmb dbname ?>__project_generate_orders
  726. WITH INHERIT NOLOGIN
  727. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  728. INSERT INTO menu_acl (node_id, acl_type, role_name)
  729. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  730. INSERT INTO menu_acl (node_id, acl_type, role_name)
  731. values (101, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  732. INSERT INTO menu_acl (node_id, acl_type, role_name)
  733. values (102, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  734. CREATE ROLE lsmb_<?lsmb dbname ?>__sales_to_purchase_orders
  735. WITH INHERIT NOLOGIN
  736. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  737. INSERT INTO menu_acl (node_id, acl_type, role_name)
  738. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  739. INSERT INTO menu_acl (node_id, acl_type, role_name)
  740. values (56, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  741. INSERT INTO menu_acl (node_id, acl_type, role_name)
  742. values (57, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  743. INSERT INTO menu_acl (node_id, acl_type, role_name)
  744. values (58, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  745. CREATE ROLE lsmb_<?lsmb dbname ?>__consolidate_purchase_orders
  746. WITH INHERIT NOLOGIN
  747. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  748. INSERT INTO menu_acl (node_id, acl_type, role_name)
  749. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  750. INSERT INTO menu_acl (node_id, acl_type, role_name)
  751. values (60, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  752. INSERT INTO menu_acl (node_id, acl_type, role_name)
  753. values (62, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  754. CREATE ROLE lsmb_<?lsmb dbname ?>__consolidate_sales_orders
  755. WITH INHERIT NOLOGIN
  756. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  757. INSERT INTO menu_acl (node_id, acl_type, role_name)
  758. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  759. INSERT INTO menu_acl (node_id, acl_type, role_name)
  760. values (60, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  761. INSERT INTO menu_acl (node_id, acl_type, role_name)
  762. values (61, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  763. CREATE ROLE lsmb_<?lsmb dbname ?>__manage_orders
  764. WITH INHERIT NOLOGIN
  765. IN ROLE lsmb_<?lsmb dbname ?>__project_generate_orders,
  766. lsmb_<?lsmb dbname ?>__sales_to_purchase_orders,
  767. lsmb_<?lsmb dbname ?>__consolidate_purchase_orders,
  768. lsmb_<?lsmb dbname ?>__consolidate_sales_orders;
  769. -- FINANCIAL REPORTS
  770. CREATE ROLE lsmb_<?lsmb dbname ?>__run_financial_reports
  771. WITH INHERIT NOLOGIN
  772. IN ROLE lsmb_<?lsmb dbname ?>__list_transactions;
  773. INSERT INTO menu_acl (node_id, acl_type, role_name)
  774. values (109, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  775. INSERT INTO menu_acl (node_id, acl_type, role_name)
  776. values (110, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  777. INSERT INTO menu_acl (node_id, acl_type, role_name)
  778. values (111, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  779. INSERT INTO menu_acl (node_id, acl_type, role_name)
  780. values (112, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  781. INSERT INTO menu_acl (node_id, acl_type, role_name)
  782. values (113, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  783. -- RECURRING TRANSACTIONS
  784. -- TO ADD WHEN THIS IS REDESIGNED
  785. -- BATCH PRINTING
  786. CREATE ROLE lsmb_<?lsmb dbname ?>__list_print_jobs
  787. WITH INHERIT NOLOGIN;
  788. INSERT INTO menu_acl (node_id, acl_type, role_name)
  789. values (116, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  790. INSERT INTO menu_acl (node_id, acl_type, role_name)
  791. values (117, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  792. INSERT INTO menu_acl (node_id, acl_type, role_name)
  793. values (118, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  794. INSERT INTO menu_acl (node_id, acl_type, role_name)
  795. values (119, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  796. INSERT INTO menu_acl (node_id, acl_type, role_name)
  797. values (120, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  798. INSERT INTO menu_acl (node_id, acl_type, role_name)
  799. values (121, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  800. INSERT INTO menu_acl (node_id, acl_type, role_name)
  801. values (122, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  802. INSERT INTO menu_acl (node_id, acl_type, role_name)
  803. values (123, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  804. INSERT INTO menu_acl (node_id, acl_type, role_name)
  805. values (124, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  806. INSERT INTO menu_acl (node_id, acl_type, role_name)
  807. values (125, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  808. INSERT INTO menu_acl (node_id, acl_type, role_name)
  809. values (126, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  810. INSERT INTO menu_acl (node_id, acl_type, role_name)
  811. values (127, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  812. CREATE ROLE lsmb_<?lsmb dbname ?>__print_jobs
  813. WITH INHERIT NOLOGIN
  814. IN ROLE lsmb_<?lsmb dbname ?>__list_print_jobs;
  815. -- SYSTEM SETTINGS
  816. CREATE ROLE lsmb_<?lsmb dbname ?>__list_system_settings
  817. WITH INHERIT NOLOGIN;
  818. INSERT INTO menu_acl (node_id, acl_type, role_name)
  819. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  820. INSERT INTO menu_acl (node_id, acl_type, role_name)
  821. values (129, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  822. INSERT INTO menu_acl (node_id, acl_type, role_name)
  823. values (131, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  824. CREATE ROLE lsmb_<?lsmb dbname ?>__change_system_settings
  825. WITH INHERIT NOLOGIN
  826. IN ROLE lsmb_<?lsmb dbname ?>__list_system_settings;
  827. CREATE ROLE lsmb_<?lsmb dbname ?>__set_taxes
  828. WITH INHERIT NOLOGIN;
  829. GRANT INSERT, UPDATE ON tax TO lsmb_<?lsmb dbname ?>__set_taxes;
  830. INSERT INTO menu_acl (node_id, acl_type, role_name)
  831. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__set_taxes');
  832. INSERT INTO menu_acl (node_id, acl_type, role_name)
  833. values (130, 'allow', 'lsmb_<?lsmb dbname ?>__set_taxes');
  834. CREATE ROLE lsmb_<?lsmb dbname ?>__create_account
  835. WITH INHERIT NOLOGIN;
  836. GRANT INSERT ON chart TO lsmb_<?lsmb dbname ?>__create_account;
  837. GRANT ALL ON chart_id_seq TO lsmb_<?lsmb dbname ?>__create_account;
  838. INSERT INTO menu_acl (node_id, acl_type, role_name)
  839. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  840. INSERT INTO menu_acl (node_id, acl_type, role_name)
  841. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  842. INSERT INTO menu_acl (node_id, acl_type, role_name)
  843. values (137, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  844. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_account
  845. WITH INHERIT NOLOGIN;
  846. GRANT UPDATE ON chart TO lsmb_<?lsmb dbname ?>__edit_account;
  847. INSERT INTO menu_acl (node_id, acl_type, role_name)
  848. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  849. INSERT INTO menu_acl (node_id, acl_type, role_name)
  850. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  851. INSERT INTO menu_acl (node_id, acl_type, role_name)
  852. values (138, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  853. CREATE ROLE lsmb_<?lsmb dbname ?>__create_gifi
  854. WITH INHERIT NOLOGIN;
  855. GRANT INSERT ON gifi TO lsmb_<?lsmb dbname ?>__create_gifi;
  856. INSERT INTO menu_acl (node_id, acl_type, role_name)
  857. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  858. INSERT INTO menu_acl (node_id, acl_type, role_name)
  859. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  860. INSERT INTO menu_acl (node_id, acl_type, role_name)
  861. values (139, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  862. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_gifi
  863. WITH INHERIT NOLOGIN;
  864. GRANT UPDATE ON gifi TO lsmb_<?lsmb dbname ?>__edit_gifi;
  865. INSERT INTO menu_acl (node_id, acl_type, role_name)
  866. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  867. INSERT INTO menu_acl (node_id, acl_type, role_name)
  868. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  869. INSERT INTO menu_acl (node_id, acl_type, role_name)
  870. values (140, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  871. CREATE ROLE lsmb_<?lsmb dbname ?>__all_accounts
  872. WITH INHERIT NOLOGIN
  873. IN ROLE lsmb_<?lsmb dbname ?>__create_account,
  874. lsmb_<?lsmb dbname ?>__set_taxes,
  875. lsmb_<?lsmb dbname ?>__edit_account,
  876. lsmb_<?lsmb dbname ?>__create_gifi,
  877. lsmb_<?lsmb dbname ?>__edit_gifi;
  878. CREATE ROLE lsmb_<?lsmb dbname ?>__create_department
  879. WITH INHERIT NOLOGIN;
  880. GRANT INSERT ON department TO lsmb_<?lsmb dbname ?>__create_department;
  881. GRANT ALL ON department_id_seq TO lsmb_<?lsmb dbname ?>__create_department;
  882. INSERT INTO menu_acl (node_id, acl_type, role_name)
  883. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  884. INSERT INTO menu_acl (node_id, acl_type, role_name)
  885. values (144, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  886. INSERT INTO menu_acl (node_id, acl_type, role_name)
  887. values (145, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  888. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_department
  889. WITH INHERIT NOLOGIN;
  890. GRANT UPDATE ON department TO lsmb_<?lsmb dbname ?>__edit_department;
  891. INSERT INTO menu_acl (node_id, acl_type, role_name)
  892. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  893. INSERT INTO menu_acl (node_id, acl_type, role_name)
  894. values (144, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  895. INSERT INTO menu_acl (node_id, acl_type, role_name)
  896. values (146, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  897. CREATE ROLE lsmb_<?lsmb dbname ?>__all_department
  898. WITH INHERIT NOLOGIN
  899. IN ROLE lsmb_<?lsmb dbname ?>__create_department,
  900. lsmb_<?lsmb dbname ?>__edit_department;
  901. CREATE ROLE lsmb_<?lsmb dbname ?>__create_business_type
  902. WITH INHERIT NOLOGIN;
  903. GRANT INSERT ON business TO lsmb_<?lsmb dbname ?>__create_business_type;
  904. GRANT ALL ON business_id_seq TO lsmb_<?lsmb dbname ?>__create_business_type;
  905. INSERT INTO menu_acl (node_id, acl_type, role_name)
  906. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  907. INSERT INTO menu_acl (node_id, acl_type, role_name)
  908. values (147, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  909. INSERT INTO menu_acl (node_id, acl_type, role_name)
  910. values (148, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  911. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_business_type
  912. WITH INHERIT NOLOGIN;
  913. GRANT UPDATE ON business TO lsmb_<?lsmb dbname ?>__edit_business_type;
  914. INSERT INTO menu_acl (node_id, acl_type, role_name)
  915. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  916. INSERT INTO menu_acl (node_id, acl_type, role_name)
  917. values (147, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  918. INSERT INTO menu_acl (node_id, acl_type, role_name)
  919. values (149, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  920. CREATE ROLE lsmb_<?lsmb dbname ?>__all_business_type
  921. WITH INHERIT NOLOGIN
  922. IN ROLE lsmb_<?lsmb dbname ?>__create_business_type,
  923. lsmb_<?lsmb dbname ?>__edit_business_type;
  924. CREATE ROLE lsmb_<?lsmb dbname ?>__create_sic
  925. WITH INHERIT NOLOGIN;
  926. GRANT INSERT ON sic TO lsmb_<?lsmb dbname ?>__create_sic;
  927. INSERT INTO menu_acl (node_id, acl_type, role_name)
  928. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  929. INSERT INTO menu_acl (node_id, acl_type, role_name)
  930. values (153, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  931. INSERT INTO menu_acl (node_id, acl_type, role_name)
  932. values (154, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  933. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_sic
  934. WITH INHERIT NOLOGIN;
  935. GRANT UPDATE ON sic TO lsmb_<?lsmb dbname ?>__edit_sic;
  936. INSERT INTO menu_acl (node_id, acl_type, role_name)
  937. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  938. INSERT INTO menu_acl (node_id, acl_type, role_name)
  939. values (153, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  940. INSERT INTO menu_acl (node_id, acl_type, role_name)
  941. values (155, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  942. CREATE ROLE lsmb_<?lsmb dbname ?>__all_sic
  943. WITH INHERIT NOLOGIN
  944. IN ROLE lsmb_<?lsmb dbname ?>__create_sic,
  945. lsmb_<?lsmb dbname ?>__edit_sic;
  946. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_template
  947. WITH INHERIT NOLOGIN;
  948. -- TODO Add db permissions as templates get moved into db.
  949. INSERT INTO menu_acl (node_id, acl_type, role_name)
  950. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  951. INSERT INTO menu_acl (node_id, acl_type, role_name)
  952. values (156, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  953. INSERT INTO menu_acl (node_id, acl_type, role_name)
  954. values (157, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  955. INSERT INTO menu_acl (node_id, acl_type, role_name)
  956. values (158, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  957. INSERT INTO menu_acl (node_id, acl_type, role_name)
  958. values (159, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  959. INSERT INTO menu_acl (node_id, acl_type, role_name)
  960. values (160, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  961. INSERT INTO menu_acl (node_id, acl_type, role_name)
  962. values (161, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  963. INSERT INTO menu_acl (node_id, acl_type, role_name)
  964. values (162, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  965. INSERT INTO menu_acl (node_id, acl_type, role_name)
  966. values (163, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  967. INSERT INTO menu_acl (node_id, acl_type, role_name)
  968. values (164, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  969. INSERT INTO menu_acl (node_id, acl_type, role_name)
  970. values (165, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  971. INSERT INTO menu_acl (node_id, acl_type, role_name)
  972. values (166, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  973. INSERT INTO menu_acl (node_id, acl_type, role_name)
  974. values (167, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  975. INSERT INTO menu_acl (node_id, acl_type, role_name)
  976. values (168, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  977. INSERT INTO menu_acl (node_id, acl_type, role_name)
  978. values (169, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  979. INSERT INTO menu_acl (node_id, acl_type, role_name)
  980. values (170, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  981. INSERT INTO menu_acl (node_id, acl_type, role_name)
  982. values (171, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  983. INSERT INTO menu_acl (node_id, acl_type, role_name)
  984. values (172, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  985. INSERT INTO menu_acl (node_id, acl_type, role_name)
  986. values (173, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  987. INSERT INTO menu_acl (node_id, acl_type, role_name)
  988. values (174, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  989. INSERT INTO menu_acl (node_id, acl_type, role_name)
  990. values (175, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  991. INSERT INTO menu_acl (node_id, acl_type, role_name)
  992. values (176, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  993. INSERT INTO menu_acl (node_id, acl_type, role_name)
  994. values (177, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  995. INSERT INTO menu_acl (node_id, acl_type, role_name)
  996. values (178, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  997. INSERT INTO menu_acl (node_id, acl_type, role_name)
  998. values (179, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  999. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1000. values (180, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1001. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1002. values (181, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1003. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1004. values (182, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1005. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1006. values (183, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1007. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1008. values (184, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1009. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1010. values (185, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1011. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1012. values (186, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1013. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1014. values (187, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1015. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1016. values (188, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1017. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1018. values (189, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1019. CREATE ROLE lsmb_<?lsmb dbname ?>__manage_system
  1020. WITH INHERIT NOLOGIN
  1021. IN ROLE lsmb_<?lsmb dbname ?>__change_system_settings,
  1022. lsmb_<?lsmb dbname ?>__all_accounts,
  1023. lsmb_<?lsmb dbname ?>__all_department,
  1024. lsmb_<?lsmb dbname ?>__all_business_type,
  1025. lsmb_<?lsmb dbname ?>__all_sic,
  1026. lsmb_<?lsmb dbname ?>__edit_template;
  1027. -- Manual Translation
  1028. CREATE ROLE lsmb_<?lsmb dbname ?>__create_language
  1029. WITH INHERIT NOLOGIN;
  1030. GRANT INSERT ON language TO lsmb_<?lsmb dbname ?>__create_language;
  1031. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1032. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1033. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1034. values (150, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1035. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1036. values (151, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1037. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_language
  1038. WITH INHERIT NOLOGIN;
  1039. GRANT UPDATE ON language TO lsmb_<?lsmb dbname ?>__edit_language;
  1040. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1041. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1042. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1043. values (150, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1044. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1045. values (152, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1046. CREATE ROLE lsmb_<?lsmb dbname ?>__create_part_translation
  1047. WITH INHERIT NOLOGIN;
  1048. -- TODO add db permissions
  1049. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1050. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1051. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1052. values (95, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1053. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1054. values (96, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1055. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1056. values (97, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1057. CREATE ROLE lsmb_<?lsmb dbname ?>__create_project_translation
  1058. WITH INHERIT NOLOGIN;
  1059. -- TODO add db permissions
  1060. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1061. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1062. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1063. values (107, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1064. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1065. values (108, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1066. CREATE ROLE lsmb_<?lsmb dbname ?>__all_manual_translation
  1067. WITH INHERIT NOLOGIN
  1068. IN ROLE lsmb_<?lsmb dbname ?>__create_language,
  1069. lsmb_<?lsmb dbname ?>__create_part_translation,
  1070. lsmb_<?lsmb dbname ?>__create_project_translation;
  1071. GRANT SELECT ON custom_field_catalog TO public;
  1072. GRANT SELECT ON custom_table_catalog TO public;
  1073. -- Grants to all users;
  1074. GRANT ALL ON defaults TO public;
  1075. GRANT ALL ON "session" TO public;
  1076. GRANT ALL ON session_session_id_seq TO PUBLIC;
  1077. GRANT SELECT ON users TO public;
  1078. GRANT SELECT ON user_preference TO public;
  1079. GRANT SELECT ON custom_table_catalog TO PUBLIC;
  1080. GRANT SELECT ON custom_field_catalog TO PUBLIC;
  1081. grant select on menu_node, menu_attribute, menu_acl to public;
  1082. GRANT select on chart, gifi, country to public;