summaryrefslogtreecommitdiff
path: root/sql/modules/Roles.sql
blob: 80c9877157c5da49fee04cb64eccf9fb2649d470 (plain)
  1. GRANT ALL ON SCHEMA public TO public; -- required for Pg 8.2
  2. -- Contacts
  3. CREATE ROLE lsmb_<?lsmb dbname ?>__read_contact
  4. WITH INHERIT NOLOGIN;
  5. GRANT SELECT ON entity TO lsmb_<?lsmb dbname ?>__read_contact;
  6. GRANT SELECT ON company TO lsmb_<?lsmb dbname ?>__read_contact;
  7. GRANT SELECT ON location TO lsmb_<?lsmb dbname ?>__read_contact;
  8. GRANT SELECT ON person TO lsmb_<?lsmb dbname ?>__read_contact;
  9. GRANT SELECT ON entity_credit_account TO lsmb_<?lsmb dbname ?>__read_contact;
  10. GRANT SELECT ON company_to_contact TO lsmb_<?lsmb dbname ?>__read_contact;
  11. GRANT SELECT ON company_to_entity TO lsmb_<?lsmb dbname ?>__read_contact;
  12. GRANT SELECT ON company_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  13. GRANT SELECT ON customertax TO lsmb_<?lsmb dbname ?>__read_contact;
  14. GRANT SELECT ON contact_class TO lsmb_<?lsmb dbname ?>__read_contact;
  15. GRANT SELECT ON entity_class TO lsmb_<?lsmb dbname ?>__read_contact;
  16. GRANT SELECT ON entity_bank_account TO lsmb_<?lsmb dbname ?>__read_contact;
  17. GRANT SELECT ON entity_note TO lsmb_<?lsmb dbname ?>__read_contact;
  18. GRANT SELECT ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__read_contact;
  19. GRANT SELECT ON entity_other_name TO lsmb_<?lsmb dbname ?>__read_contact;
  20. GRANT SELECT ON location_class TO lsmb_<?lsmb dbname ?>__read_contact;
  21. GRANT SELECT ON person_to_company TO lsmb_<?lsmb dbname ?>__read_contact;
  22. GRANT SELECT ON person_to_contact TO lsmb_<?lsmb dbname ?>__read_contact;
  23. GRANT SELECT ON person_to_contact TO lsmb_<?lsmb dbname ?>__read_contact;
  24. GRANT SELECT ON person_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  25. GRANT SELECT ON person_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  26. GRANT SELECT ON company_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  27. GRANT SELECT ON vendortax TO lsmb_<?lsmb dbname ?>__read_contact;
  28. INSERT INTO menu_acl (node_id, acl_type, role_name)
  29. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  30. INSERT INTO menu_acl (node_id, acl_type, role_name)
  31. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  32. INSERT INTO menu_acl (node_id, acl_type, role_name)
  33. values (14, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  34. INSERT INTO menu_acl (node_id, acl_type, role_name)
  35. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  36. INSERT INTO menu_acl (node_id, acl_type, role_name)
  37. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  38. INSERT INTO menu_acl (node_id, acl_type, role_name)
  39. values (33, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  40. CREATE ROLE lsmb_<?lsmb dbname ?>__create_contact
  41. WITH INHERIT NOLOGIN
  42. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  43. GRANT INSERT ON entity TO lsmb_<?lsmb dbname ?>__create_contact;
  44. GRANT ALL ON entity_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  45. GRANT INSERT ON company TO lsmb_<?lsmb dbname ?>__create_contact;
  46. GRANT ALL ON company_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  47. GRANT INSERT ON location TO lsmb_<?lsmb dbname ?>__create_contact;
  48. GRANT ALL ON location_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  49. GRANT INSERT ON person TO lsmb_<?lsmb dbname ?>__create_contact;
  50. GRANT ALL ON person_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  51. GRANT INSERT ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_contact;
  52. GRANT ALL ON entity_credit_account_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  53. GRANT INSERT ON company_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  54. GRANT INSERT ON company_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  55. GRANT ALL ON SEQUENCE not_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  56. GRANT INSERT ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  57. GRANT INSERT ON customertax TO lsmb_<?lsmb dbname ?>__create_contact;
  58. GRANT INSERT ON entity_bank_account TO lsmb_<?lsmb dbname ?>__create_contact;
  59. GRANT ALL ON entity_bank_account_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  60. GRANT INSERT ON entity_note TO lsmb_<?lsmb dbname ?>__create_contact;
  61. GRANT INSERT ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  62. GRANT INSERT ON entity_other_name TO lsmb_<?lsmb dbname ?>__create_contact;
  63. GRANT INSERT ON person_to_company TO lsmb_<?lsmb dbname ?>__create_contact;
  64. GRANT INSERT ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  65. GRANT INSERT ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  66. GRANT INSERT ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  67. GRANT INSERT ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  68. GRANT INSERT ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  69. GRANT DELETE ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  70. GRANT INSERT ON vendortax TO lsmb_<?lsmb dbname ?>__create_contact;
  71. INSERT INTO menu_acl (node_id, acl_type, role_name)
  72. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  73. INSERT INTO menu_acl (node_id, acl_type, role_name)
  74. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  75. INSERT INTO menu_acl (node_id, acl_type, role_name)
  76. values (12, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  77. INSERT INTO menu_acl (node_id, acl_type, role_name)
  78. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  79. INSERT INTO menu_acl (node_id, acl_type, role_name)
  80. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  81. INSERT INTO menu_acl (node_id, acl_type, role_name)
  82. values (31, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  83. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_contact
  84. WITH INHERIT NOLOGIN
  85. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  86. GRANT UPDATE ON entity TO lsmb_<?lsmb dbname ?>__create_contact;
  87. GRANT UPDATE ON company TO lsmb_<?lsmb dbname ?>__create_contact;
  88. GRANT UPDATE ON location TO lsmb_<?lsmb dbname ?>__create_contact;
  89. GRANT UPDATE ON person TO lsmb_<?lsmb dbname ?>__create_contact;
  90. GRANT UPDATE ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_contact;
  91. GRANT UPDATE ON company_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  92. GRANT UPDATE ON company_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  93. GRANT UPDATE ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  94. GRANT UPDATE ON customertax TO lsmb_<?lsmb dbname ?>__create_contact;
  95. GRANT UPDATE ON entity_bank_account TO lsmb_<?lsmb dbname ?>__create_contact;
  96. GRANT UPDATE ON entity_note TO lsmb_<?lsmb dbname ?>__create_contact;
  97. GRANT UPDATE ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  98. GRANT UPDATE ON entity_other_name TO lsmb_<?lsmb dbname ?>__create_contact;
  99. GRANT UPDATE ON person_to_company TO lsmb_<?lsmb dbname ?>__create_contact;
  100. GRANT UPDATE ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  101. GRANT UPDATE ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  102. GRANT UPDATE ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  103. GRANT UPDATE ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  104. GRANT DELETE, INSERT ON vendortax TO lsmb_<?lsmb dbname ?>__create_contact;
  105. CREATE ROLE lsmb_<?lsmb dbname ?>__contact_all_rights
  106. WITH INHERIT NOLOGIN
  107. in role lsmb_<?lsmb dbname ?>__create_contact,
  108. lsmb_<?lsmb dbname ?>__edit_contact,
  109. lsmb_<?lsmb dbname ?>__read_contact;
  110. -- Batches and VOuchers
  111. CREATE ROLE lsmb_<?lsmb dbname ?>__create_batch
  112. WITH INHERIT NOLOGIN;
  113. GRANT INSERT ON batch TO lsmb_<?lsmb dbname ?>__create_batch;
  114. GRANT ALL ON batch_id_seq TO lsmb_<?lsmb dbname ?>__create_batch;
  115. GRANT SELECT ON batch_class TO lsmb_<?lsmb dbname ?>__create_batch;
  116. GRANT INSERT ON voucher TO lsmb_<?lsmb dbname ?>__create_batch;
  117. GRANT ALL ON voucher_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  118. -- TODO add Menu ACLs
  119. CREATE ROLE lsmb_<?lsmb dbname ?>__post_batches
  120. WITH INHERIT NOLOGIN;
  121. GRANT UPDATE ON ar TO lsmb_<?lsmb dbname ?>__post_batches;
  122. GRANT UPDATE ON ap TO lsmb_<?lsmb dbname ?>__post_batches;
  123. GRANT UPDATE ON acc_trans TO lsmb_<?lsmb dbname ?>__post_batches;
  124. GRANT UPDATE ON batch TO lsmb_<?lsmb dbname ?>__post_batches;
  125. GRANT UPDATE ON gl TO lsmb_<?lsmb dbname ?>__post_batches;
  126. -- TODO add Menu ACLs
  127. -- AR
  128. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction
  129. WITH INHERIT NOLOGIN
  130. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  131. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  132. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  133. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  134. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  135. INSERT INTO menu_acl (node_id, acl_type, role_name)
  136. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  137. INSERT INTO menu_acl (node_id, acl_type, role_name)
  138. values (2, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  139. INSERT INTO menu_acl (node_id, acl_type, role_name)
  140. values (194, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  141. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher
  142. WITH INHERIT NOLOGIN
  143. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  144. lsmb_<?lsmb dbname ?>__create_batch;
  145. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  146. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  147. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  148. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  149. -- TODO add Menu ACLs
  150. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_invoice
  151. WITH INHERIT NOLOGIN
  152. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  153. lsmb_<?lsmb dbname ?>__create_ar_transaction;
  154. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  155. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  156. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  157. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  158. INSERT INTO menu_acl (node_id, acl_type, role_name)
  159. values (3, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_invoice');
  160. INSERT INTO menu_acl (node_id, acl_type, role_name)
  161. values (195, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  162. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher
  163. WITH INHERIT NOLOGIN
  164. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  165. lsmb_<?lsmb dbname ?>__create_batch,
  166. lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  167. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  168. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  169. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  170. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  171. -- TODO add Menu ACLs
  172. CREATE ROLE lsmb_<?lsmb dbname ?>__list_ar_transactions
  173. WITH INHERIT NOLOGIN
  174. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  175. GRANT SELECT ON ar TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  176. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  177. GRANT SELECT ON invoice TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  178. GRANT SELECT ON inventory TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  179. INSERT INTO menu_acl (node_id, acl_type, role_name)
  180. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  181. INSERT INTO menu_acl (node_id, acl_type, role_name)
  182. values (4, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  183. INSERT INTO menu_acl (node_id, acl_type, role_name)
  184. values (5, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  185. INSERT INTO menu_acl (node_id, acl_type, role_name)
  186. values (6, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  187. INSERT INTO menu_acl (node_id, acl_type, role_name)
  188. values (7, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  189. INSERT INTO menu_acl (node_id, acl_type, role_name)
  190. values (9, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  191. INSERT INTO menu_acl (node_id, acl_type, role_name)
  192. values (10, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  193. INSERT INTO menu_acl (node_id, acl_type, role_name)
  194. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  195. INSERT INTO menu_acl (node_id, acl_type, role_name)
  196. values (13, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  197. INSERT INTO menu_acl (node_id, acl_type, role_name)
  198. values (15, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  199. CREATE ROLE lsmb_<?lsmb dbname ?>__ar_all_vouchers
  200. WITH INHERIT NOLOGIN
  201. IN ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher,
  202. lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  203. CREATE ROLE lsmb_<?lsmb dbname ?>__ar_all_transactions
  204. WITH INHERIT NOLOGIN
  205. IN ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction,
  206. lsmb_<?lsmb dbname ?>__create_ar_invoice,
  207. lsmb_<?lsmb dbname ?>__list_ar_transactions;
  208. CREATE ROLE lsmb_<?lsmb dbname ?>__create_sales_order
  209. WITH INHERIT NOLOGIN
  210. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  211. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_sales_order;
  212. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_order;
  213. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_sales_order;
  214. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_order;
  215. INSERT INTO menu_acl (node_id, acl_type, role_name)
  216. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_order');
  217. INSERT INTO menu_acl (node_id, acl_type, role_name)
  218. values (51, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_order');
  219. CREATE ROLE lsmb_<?lsmb dbname ?>__create_sales_quotation
  220. WITH INHERIT NOLOGIN
  221. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  222. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  223. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  224. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  225. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  226. INSERT INTO menu_acl (node_id, acl_type, role_name)
  227. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_quotation');
  228. INSERT INTO menu_acl (node_id, acl_type, role_name)
  229. values (68, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_quotation');
  230. CREATE ROLE lsmb_<?lsmb dbname ?>__list_sales_orders
  231. WITH INHERIT NOLOGIN
  232. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  233. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_sales_orders;
  234. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_sales_orders;
  235. INSERT INTO menu_acl (node_id, acl_type, role_name)
  236. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  237. INSERT INTO menu_acl (node_id, acl_type, role_name)
  238. values (53, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  239. INSERT INTO menu_acl (node_id, acl_type, role_name)
  240. values (54, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  241. CREATE ROLE lsmb_<?lsmb dbname ?>__list_sales_quotations
  242. WITH INHERIT NOLOGIN
  243. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  244. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_sales_quotations;
  245. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_sales_quotations;
  246. INSERT INTO menu_acl (node_id, acl_type, role_name)
  247. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  248. INSERT INTO menu_acl (node_id, acl_type, role_name)
  249. values (70, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  250. INSERT INTO menu_acl (node_id, acl_type, role_name)
  251. values (71, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  252. CREATE ROLE lsmb_<?lsmb dbname ?>__all_ar
  253. WITH INHERIT NOLOGIN
  254. IN ROLE lsmb_<?lsmb dbname ?>__ar_all_vouchers,
  255. lsmb_<?lsmb dbname ?>__ar_all_transactions,
  256. lsmb_<?lsmb dbname ?>__create_sales_order,
  257. lsmb_<?lsmb dbname ?>__create_sales_quotation,
  258. lsmb_<?lsmb dbname ?>__list_sales_orders,
  259. lsmb_<?lsmb dbname ?>__list_sales_quotations;
  260. -- AP
  261. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction
  262. WITH INHERIT NOLOGIN
  263. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  264. GRANT INSERT ON ap TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  265. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  266. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  267. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  268. INSERT INTO menu_acl (node_id, acl_type, role_name)
  269. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  270. INSERT INTO menu_acl (node_id, acl_type, role_name)
  271. values (22, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  272. INSERT INTO menu_acl (node_id, acl_type, role_name)
  273. values (196, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  274. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher
  275. WITH INHERIT NOLOGIN
  276. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  277. lsmb_<?lsmb dbname ?>__create_batch;
  278. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  279. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  280. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  281. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  282. -- TODO add Menu ACLs
  283. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_invoice
  284. WITH INHERIT NOLOGIN
  285. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  286. lsmb_<?lsmb dbname ?>__create_ap_transaction;
  287. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  288. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  289. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  290. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  291. INSERT INTO menu_acl (node_id, acl_type, role_name)
  292. values (23, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_invoice');
  293. INSERT INTO menu_acl (node_id, acl_type, role_name)
  294. values (197, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  295. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher
  296. WITH INHERIT NOLOGIN
  297. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  298. lsmb_<?lsmb dbname ?>__create_batch;
  299. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  300. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  301. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  302. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  303. -- TODO add Menu ACLs
  304. CREATE ROLE lsmb_<?lsmb dbname ?>__list_ap_transactions
  305. WITH INHERIT NOLOGIN
  306. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  307. GRANT SELECT ON ap TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  308. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  309. GRANT SELECT ON invoice TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  310. GRANT SELECT ON inventory TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  311. INSERT INTO menu_acl (node_id, acl_type, role_name)
  312. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  313. INSERT INTO menu_acl (node_id, acl_type, role_name)
  314. values (24, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  315. INSERT INTO menu_acl (node_id, acl_type, role_name)
  316. values (25, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  317. INSERT INTO menu_acl (node_id, acl_type, role_name)
  318. values (26, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  319. INSERT INTO menu_acl (node_id, acl_type, role_name)
  320. values (27, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  321. INSERT INTO menu_acl (node_id, acl_type, role_name)
  322. values (28, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  323. INSERT INTO menu_acl (node_id, acl_type, role_name)
  324. values (29, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  325. INSERT INTO menu_acl (node_id, acl_type, role_name)
  326. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  327. INSERT INTO menu_acl (node_id, acl_type, role_name)
  328. values (32, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  329. INSERT INTO menu_acl (node_id, acl_type, role_name)
  330. values (34, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  331. CREATE ROLE lsmb_<?lsmb dbname ?>__ap_all_vouchers
  332. WITH INHERIT NOLOGIN
  333. IN ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher,
  334. lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  335. CREATE ROLE lsmb_<?lsmb dbname ?>__ap_all_transactions
  336. WITH INHERIT NOLOGIN
  337. IN ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction,
  338. lsmb_<?lsmb dbname ?>__create_ap_invoice,
  339. lsmb_<?lsmb dbname ?>__list_ap_transactions;
  340. CREATE ROLE lsmb_<?lsmb dbname ?>__create_purchase_order
  341. WITH INHERIT NOLOGIN
  342. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  343. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  344. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  345. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  346. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  347. INSERT INTO menu_acl (node_id, acl_type, role_name)
  348. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_order');
  349. INSERT INTO menu_acl (node_id, acl_type, role_name)
  350. values (52, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_order');
  351. CREATE ROLE lsmb_<?lsmb dbname ?>__create_purchase_rfq
  352. WITH INHERIT NOLOGIN
  353. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  354. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  355. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  356. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  357. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  358. INSERT INTO menu_acl (node_id, acl_type, role_name)
  359. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_rfq');
  360. INSERT INTO menu_acl (node_id, acl_type, role_name)
  361. values (69, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_rfq');
  362. CREATE ROLE lsmb_<?lsmb dbname ?>__list_purchase_orders
  363. WITH INHERIT NOLOGIN
  364. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  365. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_purchase_orders;
  366. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_purchase_orders;
  367. INSERT INTO menu_acl (node_id, acl_type, role_name)
  368. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  369. INSERT INTO menu_acl (node_id, acl_type, role_name)
  370. values (53, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  371. INSERT INTO menu_acl (node_id, acl_type, role_name)
  372. values (55, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  373. CREATE ROLE lsmb_<?lsmb dbname ?>__list_purchase_rfqs
  374. WITH INHERIT NOLOGIN
  375. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  376. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_purchase_rfqs;
  377. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_purchase_rfqs;
  378. INSERT INTO menu_acl (node_id, acl_type, role_name)
  379. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  380. INSERT INTO menu_acl (node_id, acl_type, role_name)
  381. values (70, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  382. INSERT INTO menu_acl (node_id, acl_type, role_name)
  383. values (72, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  384. CREATE ROLE lsmb_<?lsmb dbname ?>__all_ap
  385. WITH INHERIT NOLOGIN
  386. IN ROLE lsmb_<?lsmb dbname ?>__ap_all_vouchers,
  387. lsmb_<?lsmb dbname ?>__ap_all_transactions,
  388. lsmb_<?lsmb dbname ?>__create_purchase_order,
  389. lsmb_<?lsmb dbname ?>__create_purchase_rfq,
  390. lsmb_<?lsmb dbname ?>__list_purchase_orders,
  391. lsmb_<?lsmb dbname ?>__list_purchase_rfqs;
  392. -- POS
  393. CREATE ROLE lsmb_<?lsmb dbname ?>__create_pos_invoice
  394. WITH INHERIT NOLOGIN
  395. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  396. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  397. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  398. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  399. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  400. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  401. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  402. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  403. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  404. INSERT INTO menu_acl (node_id, acl_type, role_name)
  405. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  406. INSERT INTO menu_acl (node_id, acl_type, role_name)
  407. values (17, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  408. INSERT INTO menu_acl (node_id, acl_type, role_name)
  409. values (18, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  410. CREATE ROLE lsmb_<?lsmb dbname ?>__close_till
  411. WITH INHERIT NOLOGIN;
  412. GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__close_till;
  413. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__close_till;
  414. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__close_till;
  415. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__close_till;
  416. INSERT INTO menu_acl (node_id, acl_type, role_name)
  417. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__close_till');
  418. INSERT INTO menu_acl (node_id, acl_type, role_name)
  419. values (19, 'allow', 'lsmb_<?lsmb dbname ?>__close_till');
  420. CREATE ROLE lsmb_<?lsmb dbname ?>__list_all_open
  421. WITH INHERIT NOLOGIN;
  422. GRANT SELECT ON ar TO lsmb_<?lsmb dbname ?>__list_all_open;
  423. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__list_all_open;
  424. INSERT INTO menu_acl (node_id, acl_type, role_name)
  425. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__list_all_open');
  426. INSERT INTO menu_acl (node_id, acl_type, role_name)
  427. values (18, 'allow', 'lsmb_<?lsmb dbname ?>__list_all_open');
  428. CREATE ROLE lsmb_<?lsmb dbname ?>__pos_cashier
  429. WITH INHERIT NOLOGIN
  430. IN ROLE lsmb_<?lsmb dbname ?>__create_pos_invoice,
  431. lsmb_<?lsmb dbname ?>__close_till;
  432. CREATE ROLE lsmb_<?lsmb dbname ?>__all_pos
  433. WITH INHERIT NOLOGIN
  434. IN ROLE lsmb_<?lsmb dbname ?>__pos_cashier,
  435. lsmb_<?lsmb dbname ?>__list_all_open;
  436. -- CASH
  437. CREATE ROLE lsmb_<?lsmb dbname ?>__reconcile
  438. WITH INHERIT NOLOGIN;
  439. -- GRANT INSERT ON pending_reports TO lsmb_<?lsmb dbname ?>__reconcile;
  440. -- GRANT INSERT on report_corrections TO lsmb_<?lsmb dbname ?>__reconcile;
  441. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__reconcile;
  442. -- GRANT ALL ON pending_reports_id_seq TO lsmb_<?lsmb dbname ?>__reconcile;
  443. -- GRANT ALL ON report_corrections_id_seq TO lsmb_<?lsmb dbname ?>__reconcile;
  444. INSERT INTO menu_acl (node_id, acl_type, role_name)
  445. values (35, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  446. INSERT INTO menu_acl (node_id, acl_type, role_name)
  447. values (45, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  448. CREATE ROLE lsmb_<?lsmb dbname ?>__approve_reconciliation
  449. WITH INHERIT NOLOGIN;
  450. -- GRANT UPDATE ON pending_reports TO lsmb_<?lsmb dbname ?>__reconcile;
  451. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__reconcile;
  452. INSERT INTO menu_acl (node_id, acl_type, role_name)
  453. values (35, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  454. INSERT INTO menu_acl (node_id, acl_type, role_name)
  455. values (41, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  456. INSERT INTO menu_acl (node_id, acl_type, role_name)
  457. values (44, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  458. CREATE ROLE lsmb_<?lsmb dbname ?>__all_reconcile
  459. WITH INHERIT NOLOGIN
  460. IN ROLE lsmb_<?lsmb dbname ?>__reconcile,
  461. lsmb_<?lsmb dbname ?>__approve_reconciliation;
  462. CREATE ROLE lsmb_<?lsmb dbname ?>__process_payment
  463. WITH INHERIT NOLOGIN
  464. IN ROLE lsmb_<?lsmb dbname ?>__list_ap_transactions;
  465. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__process_payment;
  466. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__process_payment;
  467. INSERT INTO menu_acl (node_id, acl_type, role_name)
  468. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  469. INSERT INTO menu_acl (node_id, acl_type, role_name)
  470. values (38, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  471. INSERT INTO menu_acl (node_id, acl_type, role_name)
  472. values (39, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  473. CREATE ROLE lsmb_<?lsmb dbname ?>__process_receipt
  474. WITH INHERIT NOLOGIN
  475. IN ROLE lsmb_<?lsmb dbname ?>__ar_list_transactions;
  476. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__process_receipt;
  477. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__process_receipt;
  478. INSERT INTO menu_acl (node_id, acl_type, role_name)
  479. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  480. INSERT INTO menu_acl (node_id, acl_type, role_name)
  481. values (36, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  482. INSERT INTO menu_acl (node_id, acl_type, role_name)
  483. values (47, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  484. CREATE ROLE lsmb_<?lsmb dbname ?>__cash_all
  485. WITH INHERIT NOLOGIN
  486. IN ROLE lsmb_<?lsmb dbname ?>__all_reconcile,
  487. lsmb_<?lsmb dbname ?>__process_payment,
  488. lsmb_<?lsmb dbname ?>__process_receipt;
  489. -- Inventory Control
  490. CREATE ROLE lsmb_<?lsmb dbname ?>__create_part
  491. WITH INHERIT NOLOGIN;
  492. GRANT INSERT ON parts TO lsmb_<?lsmb dbname ?>__create_part;
  493. GRANT ALL ON parts_id_seq TO lsmb_<?lsmb dbname ?>__create_part;
  494. INSERT INTO menu_acl (node_id, acl_type, role_name)
  495. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  496. INSERT INTO menu_acl (node_id, acl_type, role_name)
  497. values (78, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  498. INSERT INTO menu_acl (node_id, acl_type, role_name)
  499. values (79, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  500. INSERT INTO menu_acl (node_id, acl_type, role_name)
  501. values (80, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  502. INSERT INTO menu_acl (node_id, acl_type, role_name)
  503. values (81, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  504. INSERT INTO menu_acl (node_id, acl_type, role_name)
  505. values (82, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  506. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_part
  507. WITH INHERIT NOLOGIN;
  508. GRANT UPDATE ON parts TO lsmb_<?lsmb dbname ?>__edit_part;
  509. INSERT INTO menu_acl (node_id, acl_type, role_name)
  510. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  511. INSERT INTO menu_acl (node_id, acl_type, role_name)
  512. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  513. INSERT INTO menu_acl (node_id, acl_type, role_name)
  514. values (86, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  515. INSERT INTO menu_acl (node_id, acl_type, role_name)
  516. values (87, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  517. INSERT INTO menu_acl (node_id, acl_type, role_name)
  518. values (88, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  519. INSERT INTO menu_acl (node_id, acl_type, role_name)
  520. values (89, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  521. INSERT INTO menu_acl (node_id, acl_type, role_name)
  522. values (90, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  523. INSERT INTO menu_acl (node_id, acl_type, role_name)
  524. values (91, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  525. INSERT INTO menu_acl (node_id, acl_type, role_name)
  526. values (93, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  527. CREATE ROLE lsmb_<?lsmb dbname ?>__inventory_reports
  528. WITH INHERIT NOLOGIN;
  529. GRANT SELECT ON ar TO lsmb_<?lsmb dbname ?>__inventory_reports;
  530. GRANT SELECT ON ap TO lsmb_<?lsmb dbname ?>__inventory_reports;
  531. GRANT SELECT ON inventory TO lsmb_<?lsmb dbname ?>__inventory_reports;
  532. GRANT SELECT ON invoice TO lsmb_<?lsmb dbname ?>__inventory_reports;
  533. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__inventory_reports;
  534. INSERT INTO menu_acl (node_id, acl_type, role_name)
  535. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  536. INSERT INTO menu_acl (node_id, acl_type, role_name)
  537. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  538. INSERT INTO menu_acl (node_id, acl_type, role_name)
  539. values (88, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  540. INSERT INTO menu_acl (node_id, acl_type, role_name)
  541. values (94, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  542. CREATE ROLE lsmb_<?lsmb dbname ?>__create_pricegroup
  543. WITH INHERIT NOLOGIN
  544. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  545. GRANT INSERT ON pricegroup TO lsmb_<?lsmb dbname ?>__create_pricegroup;
  546. GRANT ALL ON pricegroup_id_seq TO lsmb_<?lsmb dbname ?>__create_pricegroup;
  547. GRANT UPDATE ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_pricegroup;
  548. INSERT INTO menu_acl (node_id, acl_type, role_name)
  549. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_pricegroup');
  550. INSERT INTO menu_acl (node_id, acl_type, role_name)
  551. values (83, 'allow', 'lsmb_<?lsmb dbname ?>__create_pricegroup');
  552. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_pricegroup
  553. WITH INHERIT NOLOGIN
  554. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  555. GRANT UPDATE ON pricegroup TO lsmb_<?lsmb dbname ?>__edit_pricegroup;
  556. GRANT UPDATE ON entity_credit_account TO lsmb_<?lsmb dbname ?>__edit_pricegroup;
  557. INSERT INTO menu_acl (node_id, acl_type, role_name)
  558. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  559. INSERT INTO menu_acl (node_id, acl_type, role_name)
  560. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  561. INSERT INTO menu_acl (node_id, acl_type, role_name)
  562. values (92, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  563. CREATE ROLE lsmb_<?lsmb dbname ?>__stock_assembly
  564. WITH INHERIT NOLOGIN;
  565. GRANT UPDATE ON parts TO lsmb_<?lsmb dbname ?>__stock_assembly;
  566. INSERT INTO menu_acl (node_id, acl_type, role_name)
  567. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__stock_assembly');
  568. INSERT INTO menu_acl (node_id, acl_type, role_name)
  569. values (84, 'allow', 'lsmb_<?lsmb dbname ?>__stock_assembly');
  570. CREATE ROLE lsmb_<?lsmb dbname ?>__ship_inventory
  571. WITH INHERIT NOLOGIN
  572. IN ROLE lsmb_<?lsmb dbname ?>__list_sales_orders;
  573. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__ship_inventory;
  574. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__ship_inventory;
  575. INSERT INTO menu_acl (node_id, acl_type, role_name)
  576. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__ship_inventory');
  577. INSERT INTO menu_acl (node_id, acl_type, role_name)
  578. values (64, 'allow', 'lsmb_<?lsmb dbname ?>__ship_inventory');
  579. CREATE ROLE lsmb_<?lsmb dbname ?>__receive_inventory
  580. WITH INHERIT NOLOGIN
  581. IN ROLE lsmb_<?lsmb dbname ?>__list_purchase_orders;
  582. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__receive_inventory;
  583. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__receive_inventory;
  584. INSERT INTO menu_acl (node_id, acl_type, role_name)
  585. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__receive_inventory');
  586. INSERT INTO menu_acl (node_id, acl_type, role_name)
  587. values (65, 'allow', 'lsmb_<?lsmb dbname ?>__receive_inventory');
  588. CREATE ROLE lsmb_<?lsmb dbname ?>__transfer_inventory
  589. WITH INHERIT NOLOGIN;
  590. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__transfer_inventory;
  591. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__transfer_inventory;
  592. INSERT INTO menu_acl (node_id, acl_type, role_name)
  593. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__transfer_inventory');
  594. INSERT INTO menu_acl (node_id, acl_type, role_name)
  595. values (66, 'allow', 'lsmb_<?lsmb dbname ?>__transfer_inventory');
  596. CREATE ROLE lsmb_<?lsmb dbname ?>__create_warehouse
  597. WITH INHERIT NOLOGIN;
  598. GRANT INSERT ON warehouse TO lsmb_<?lsmb dbname ?>__create_warehouse;
  599. GRANT ALL ON warehouse_id_seq TO lsmb_<?lsmb dbname ?>__create_warehouse;
  600. INSERT INTO menu_acl (node_id, acl_type, role_name)
  601. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  602. INSERT INTO menu_acl (node_id, acl_type, role_name)
  603. values (141, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  604. INSERT INTO menu_acl (node_id, acl_type, role_name)
  605. values (142, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  606. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_warehouse
  607. WITH INHERIT NOLOGIN;
  608. GRANT UPDATE ON warehouse TO lsmb_<?lsmb dbname ?>__edit_warehouse;
  609. INSERT INTO menu_acl (node_id, acl_type, role_name)
  610. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  611. INSERT INTO menu_acl (node_id, acl_type, role_name)
  612. values (141, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  613. INSERT INTO menu_acl (node_id, acl_type, role_name)
  614. values (143, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  615. CREATE ROLE lsmb_<?lsmb dbname ?>__all_inventory
  616. WITH INHERIT NOLOGIN
  617. IN ROLE lsmb_<?lsmb dbname ?>__create_part,
  618. lsmb_<?lsmb dbname ?>__inventory_reports,
  619. lsmb_<?lsmb dbname ?>__stock_assembly,
  620. lsmb_<?lsmb dbname ?>__ship_inventory,
  621. lsmb_<?lsmb dbname ?>__receive_inventory,
  622. lsmb_<?lsmb dbname ?>__transfer_inventory,
  623. lsmb_<?lsmb dbname ?>__edit_warehouse,
  624. lsmb_<?lsmb dbname ?>__create_warehouse;
  625. -- GL
  626. CREATE ROLE lsmb_<?lsmb dbname ?>__create_transaction
  627. WITH INHERIT NOLOGIN;
  628. GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__create_transaction;
  629. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_transaction;
  630. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_transaction;
  631. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_transaction;
  632. INSERT INTO menu_acl (node_id, acl_type, role_name)
  633. values (73, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  634. INSERT INTO menu_acl (node_id, acl_type, role_name)
  635. values (74, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  636. INSERT INTO menu_acl (node_id, acl_type, role_name)
  637. values (75, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  638. INSERT INTO menu_acl (node_id, acl_type, role_name)
  639. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  640. INSERT INTO menu_acl (node_id, acl_type, role_name)
  641. values (40, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  642. CREATE ROLE lsmb_<?lsmb dbname ?>__create_transaction_voucher
  643. WITH INHERIT NOLOGIN;
  644. GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  645. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  646. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  647. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  648. -- TODO Add menu permissions
  649. CREATE ROLE lsmb_<?lsmb dbname ?>__list_transactions
  650. WITH INHERIT NOLOGIN
  651. IN ROLE lsmb_<?lsmb dbname ?>__list_ar_transactions,
  652. lsmb_<?lsmb dbname ?>__list_ap_transactions;
  653. GRANT SELECT ON gl TO lsmb_<?lsmb dbname ?>__list_transactions;
  654. INSERT INTO menu_acl (node_id, acl_type, role_name)
  655. values (73, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
  656. INSERT INTO menu_acl (node_id, acl_type, role_name)
  657. values (76, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
  658. CREATE ROLE lsmb_<?lsmb dbname ?>__run_yearend
  659. WITH INHERIT NOLOGIN;
  660. GRANT INSERT, SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__run_yearend;
  661. INSERT INTO menu_acl (node_id, acl_type, role_name)
  662. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
  663. INSERT INTO menu_acl (node_id, acl_type, role_name)
  664. values (132, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
  665. CREATE ROLE lsmb_<?lsmb dbname ?>__list_batches
  666. WITH INHERIT NOLOGIN
  667. IN ROLE lsmb_<?lsmb dbname ?>__list_transactions;
  668. GRANT SELECT ON batch TO lsmb_<?lsmb dbname ?>__list_batches;
  669. GRANT SELECT ON batch_class TO lsmb_<?lsmb dbname ?>__list_batches;
  670. GRANT SELECT ON voucher TO lsmb_<?lsmb dbname ?>__list_batches;
  671. -- TODO: Add menu items
  672. CREATE ROLE lsmb_<?lsmb dbname ?>__all_gl
  673. WITH INHERIT NOLOGIN
  674. IN ROLE lsmb_<?lsmb dbname ?>__create_transaction,
  675. lsmb_<?lsmb dbname ?>__create_transaction_voucher,
  676. lsmb_<?lsmb dbname ?>__run_yearend,
  677. lsmb_<?lsmb dbname ?>__list_transactions;
  678. -- PROJECTS
  679. CREATE ROLE lsmb_<?lsmb dbname ?>__create_project
  680. WITH INHERIT NOLOGIN;
  681. GRANT INSERT ON project TO lsmb_<?lsmb dbname ?>__create_project;
  682. GRANT ALL ON project_id_seq TO lsmb_<?lsmb dbname ?>__create_project;
  683. INSERT INTO menu_acl (node_id, acl_type, role_name)
  684. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__create_project');
  685. INSERT INTO menu_acl (node_id, acl_type, role_name)
  686. values (99, 'allow', 'lsmb_<?lsmb dbname ?>__create_project');
  687. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_project
  688. WITH INHERIT NOLOGIN;
  689. GRANT UPDATE ON project TO lsmb_<?lsmb dbname ?>__edit_project;
  690. INSERT INTO menu_acl (node_id, acl_type, role_name)
  691. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  692. INSERT INTO menu_acl (node_id, acl_type, role_name)
  693. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  694. INSERT INTO menu_acl (node_id, acl_type, role_name)
  695. values (104, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  696. CREATE ROLE lsmb_<?lsmb dbname ?>__add_project_timecard
  697. WITH INHERIT NOLOGIN
  698. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  699. GRANT INSERT ON jcitems TO lsmb_<?lsmb dbname ?>__add_project_timecard;
  700. GRANT ALL ON jcitems_id_seq TO lsmb_<?lsmb dbname ?>__add_project_timecard;
  701. INSERT INTO menu_acl (node_id, acl_type, role_name)
  702. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  703. INSERT INTO menu_acl (node_id, acl_type, role_name)
  704. values (100, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  705. INSERT INTO menu_acl (node_id, acl_type, role_name)
  706. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  707. INSERT INTO menu_acl (node_id, acl_type, role_name)
  708. values (106, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  709. CREATE ROLE lsmb_<?lsmb dbname ?>__list_project_timecards
  710. WITH INHERIT NOLOGIN
  711. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  712. GRANT UPDATE ON project TO lsmb_<?lsmb dbname ?>__edit_project;
  713. INSERT INTO menu_acl (node_id, acl_type, role_name)
  714. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  715. INSERT INTO menu_acl (node_id, acl_type, role_name)
  716. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  717. INSERT INTO menu_acl (node_id, acl_type, role_name)
  718. values (106, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  719. -- ORDER GENERATION
  720. CREATE ROLE lsmb_<?lsmb dbname ?>__generate_orders
  721. WITH INHERIT NOLOGIN
  722. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  723. GRANT SELECT, INSERT, UPDATE ON oe TO lsmb_<?lsmb dbname ?>__generate_orders;
  724. GRANT SELECT, INSERT, UPDATE ON orderitems TO lsmb_<?lsmb dbname ?>__generate_orders;
  725. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__generate_orders;
  726. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__generate_orders;
  727. CREATE ROLE lsmb_<?lsmb dbname ?>__project_generate_orders
  728. WITH INHERIT NOLOGIN
  729. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  730. INSERT INTO menu_acl (node_id, acl_type, role_name)
  731. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  732. INSERT INTO menu_acl (node_id, acl_type, role_name)
  733. values (101, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  734. INSERT INTO menu_acl (node_id, acl_type, role_name)
  735. values (102, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  736. CREATE ROLE lsmb_<?lsmb dbname ?>__sales_to_purchase_orders
  737. WITH INHERIT NOLOGIN
  738. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  739. INSERT INTO menu_acl (node_id, acl_type, role_name)
  740. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  741. INSERT INTO menu_acl (node_id, acl_type, role_name)
  742. values (56, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  743. INSERT INTO menu_acl (node_id, acl_type, role_name)
  744. values (57, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  745. INSERT INTO menu_acl (node_id, acl_type, role_name)
  746. values (58, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  747. CREATE ROLE lsmb_<?lsmb dbname ?>__consolidate_purchase_orders
  748. WITH INHERIT NOLOGIN
  749. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  750. INSERT INTO menu_acl (node_id, acl_type, role_name)
  751. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  752. INSERT INTO menu_acl (node_id, acl_type, role_name)
  753. values (60, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  754. INSERT INTO menu_acl (node_id, acl_type, role_name)
  755. values (62, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  756. CREATE ROLE lsmb_<?lsmb dbname ?>__consolidate_sales_orders
  757. WITH INHERIT NOLOGIN
  758. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  759. INSERT INTO menu_acl (node_id, acl_type, role_name)
  760. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  761. INSERT INTO menu_acl (node_id, acl_type, role_name)
  762. values (60, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  763. INSERT INTO menu_acl (node_id, acl_type, role_name)
  764. values (61, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  765. CREATE ROLE lsmb_<?lsmb dbname ?>__manage_orders
  766. WITH INHERIT NOLOGIN
  767. IN ROLE lsmb_<?lsmb dbname ?>__project_generate_orders,
  768. lsmb_<?lsmb dbname ?>__sales_to_purchase_orders,
  769. lsmb_<?lsmb dbname ?>__consolidate_purchase_orders,
  770. lsmb_<?lsmb dbname ?>__consolidate_sales_orders;
  771. -- FINANCIAL REPORTS
  772. CREATE ROLE lsmb_<?lsmb dbname ?>__run_financial_reports
  773. WITH INHERIT NOLOGIN
  774. IN ROLE lsmb_<?lsmb dbname ?>__list_transactions;
  775. INSERT INTO menu_acl (node_id, acl_type, role_name)
  776. values (109, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  777. INSERT INTO menu_acl (node_id, acl_type, role_name)
  778. values (110, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  779. INSERT INTO menu_acl (node_id, acl_type, role_name)
  780. values (111, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  781. INSERT INTO menu_acl (node_id, acl_type, role_name)
  782. values (112, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  783. INSERT INTO menu_acl (node_id, acl_type, role_name)
  784. values (113, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  785. -- RECURRING TRANSACTIONS
  786. -- TO ADD WHEN THIS IS REDESIGNED
  787. -- BATCH PRINTING
  788. CREATE ROLE lsmb_<?lsmb dbname ?>__list_print_jobs
  789. WITH INHERIT NOLOGIN;
  790. INSERT INTO menu_acl (node_id, acl_type, role_name)
  791. values (116, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  792. INSERT INTO menu_acl (node_id, acl_type, role_name)
  793. values (117, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  794. INSERT INTO menu_acl (node_id, acl_type, role_name)
  795. values (118, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  796. INSERT INTO menu_acl (node_id, acl_type, role_name)
  797. values (119, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  798. INSERT INTO menu_acl (node_id, acl_type, role_name)
  799. values (120, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  800. INSERT INTO menu_acl (node_id, acl_type, role_name)
  801. values (121, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  802. INSERT INTO menu_acl (node_id, acl_type, role_name)
  803. values (122, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  804. INSERT INTO menu_acl (node_id, acl_type, role_name)
  805. values (123, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  806. INSERT INTO menu_acl (node_id, acl_type, role_name)
  807. values (124, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  808. INSERT INTO menu_acl (node_id, acl_type, role_name)
  809. values (125, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  810. INSERT INTO menu_acl (node_id, acl_type, role_name)
  811. values (126, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  812. INSERT INTO menu_acl (node_id, acl_type, role_name)
  813. values (127, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  814. CREATE ROLE lsmb_<?lsmb dbname ?>__print_jobs
  815. WITH INHERIT NOLOGIN
  816. IN ROLE lsmb_<?lsmb dbname ?>__list_print_jobs;
  817. -- SYSTEM SETTINGS
  818. CREATE ROLE lsmb_<?lsmb dbname ?>__list_system_settings
  819. WITH INHERIT NOLOGIN;
  820. INSERT INTO menu_acl (node_id, acl_type, role_name)
  821. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  822. INSERT INTO menu_acl (node_id, acl_type, role_name)
  823. values (129, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  824. INSERT INTO menu_acl (node_id, acl_type, role_name)
  825. values (131, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  826. CREATE ROLE lsmb_<?lsmb dbname ?>__change_system_settings
  827. WITH INHERIT NOLOGIN
  828. IN ROLE lsmb_<?lsmb dbname ?>__list_system_settings;
  829. CREATE ROLE lsmb_<?lsmb dbname ?>__set_taxes
  830. WITH INHERIT NOLOGIN;
  831. GRANT INSERT, UPDATE ON tax TO lsmb_<?lsmb dbname ?>__set_taxes;
  832. INSERT INTO menu_acl (node_id, acl_type, role_name)
  833. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__set_taxes');
  834. INSERT INTO menu_acl (node_id, acl_type, role_name)
  835. values (130, 'allow', 'lsmb_<?lsmb dbname ?>__set_taxes');
  836. CREATE ROLE lsmb_<?lsmb dbname ?>__create_account
  837. WITH INHERIT NOLOGIN;
  838. GRANT INSERT ON chart TO lsmb_<?lsmb dbname ?>__create_account;
  839. GRANT ALL ON chart_id_seq TO lsmb_<?lsmb dbname ?>__create_account;
  840. INSERT INTO menu_acl (node_id, acl_type, role_name)
  841. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  842. INSERT INTO menu_acl (node_id, acl_type, role_name)
  843. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  844. INSERT INTO menu_acl (node_id, acl_type, role_name)
  845. values (137, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  846. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_account
  847. WITH INHERIT NOLOGIN;
  848. GRANT UPDATE ON chart TO lsmb_<?lsmb dbname ?>__edit_account;
  849. INSERT INTO menu_acl (node_id, acl_type, role_name)
  850. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  851. INSERT INTO menu_acl (node_id, acl_type, role_name)
  852. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  853. INSERT INTO menu_acl (node_id, acl_type, role_name)
  854. values (138, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  855. CREATE ROLE lsmb_<?lsmb dbname ?>__create_gifi
  856. WITH INHERIT NOLOGIN;
  857. GRANT INSERT ON gifi TO lsmb_<?lsmb dbname ?>__create_gifi;
  858. INSERT INTO menu_acl (node_id, acl_type, role_name)
  859. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  860. INSERT INTO menu_acl (node_id, acl_type, role_name)
  861. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  862. INSERT INTO menu_acl (node_id, acl_type, role_name)
  863. values (139, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  864. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_gifi
  865. WITH INHERIT NOLOGIN;
  866. GRANT UPDATE ON gifi TO lsmb_<?lsmb dbname ?>__edit_gifi;
  867. INSERT INTO menu_acl (node_id, acl_type, role_name)
  868. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  869. INSERT INTO menu_acl (node_id, acl_type, role_name)
  870. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  871. INSERT INTO menu_acl (node_id, acl_type, role_name)
  872. values (140, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  873. CREATE ROLE lsmb_<?lsmb dbname ?>__all_accounts
  874. WITH INHERIT NOLOGIN
  875. IN ROLE lsmb_<?lsmb dbname ?>__create_account,
  876. lsmb_<?lsmb dbname ?>__set_taxes,
  877. lsmb_<?lsmb dbname ?>__edit_account,
  878. lsmb_<?lsmb dbname ?>__create_gifi,
  879. lsmb_<?lsmb dbname ?>__edit_gifi;
  880. CREATE ROLE lsmb_<?lsmb dbname ?>__create_department
  881. WITH INHERIT NOLOGIN;
  882. GRANT INSERT ON department TO lsmb_<?lsmb dbname ?>__create_department;
  883. GRANT ALL ON department_id_seq TO lsmb_<?lsmb dbname ?>__create_department;
  884. INSERT INTO menu_acl (node_id, acl_type, role_name)
  885. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  886. INSERT INTO menu_acl (node_id, acl_type, role_name)
  887. values (144, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  888. INSERT INTO menu_acl (node_id, acl_type, role_name)
  889. values (145, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  890. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_department
  891. WITH INHERIT NOLOGIN;
  892. GRANT UPDATE ON department TO lsmb_<?lsmb dbname ?>__edit_department;
  893. INSERT INTO menu_acl (node_id, acl_type, role_name)
  894. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  895. INSERT INTO menu_acl (node_id, acl_type, role_name)
  896. values (144, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  897. INSERT INTO menu_acl (node_id, acl_type, role_name)
  898. values (146, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  899. CREATE ROLE lsmb_<?lsmb dbname ?>__all_department
  900. WITH INHERIT NOLOGIN
  901. IN ROLE lsmb_<?lsmb dbname ?>__create_department,
  902. lsmb_<?lsmb dbname ?>__edit_department;
  903. CREATE ROLE lsmb_<?lsmb dbname ?>__create_business_type
  904. WITH INHERIT NOLOGIN;
  905. GRANT INSERT ON business TO lsmb_<?lsmb dbname ?>__create_business_type;
  906. GRANT ALL ON business_id_seq TO lsmb_<?lsmb dbname ?>__create_business_type;
  907. INSERT INTO menu_acl (node_id, acl_type, role_name)
  908. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  909. INSERT INTO menu_acl (node_id, acl_type, role_name)
  910. values (147, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  911. INSERT INTO menu_acl (node_id, acl_type, role_name)
  912. values (148, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  913. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_business_type
  914. WITH INHERIT NOLOGIN;
  915. GRANT UPDATE ON business TO lsmb_<?lsmb dbname ?>__edit_business_type;
  916. INSERT INTO menu_acl (node_id, acl_type, role_name)
  917. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  918. INSERT INTO menu_acl (node_id, acl_type, role_name)
  919. values (147, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  920. INSERT INTO menu_acl (node_id, acl_type, role_name)
  921. values (149, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  922. CREATE ROLE lsmb_<?lsmb dbname ?>__all_business_type
  923. WITH INHERIT NOLOGIN
  924. IN ROLE lsmb_<?lsmb dbname ?>__create_business_type,
  925. lsmb_<?lsmb dbname ?>__edit_business_type;
  926. CREATE ROLE lsmb_<?lsmb dbname ?>__create_sic
  927. WITH INHERIT NOLOGIN;
  928. GRANT INSERT ON sic TO lsmb_<?lsmb dbname ?>__create_sic;
  929. INSERT INTO menu_acl (node_id, acl_type, role_name)
  930. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  931. INSERT INTO menu_acl (node_id, acl_type, role_name)
  932. values (153, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  933. INSERT INTO menu_acl (node_id, acl_type, role_name)
  934. values (154, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  935. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_sic
  936. WITH INHERIT NOLOGIN;
  937. GRANT UPDATE ON sic TO lsmb_<?lsmb dbname ?>__edit_sic;
  938. INSERT INTO menu_acl (node_id, acl_type, role_name)
  939. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  940. INSERT INTO menu_acl (node_id, acl_type, role_name)
  941. values (153, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  942. INSERT INTO menu_acl (node_id, acl_type, role_name)
  943. values (155, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  944. CREATE ROLE lsmb_<?lsmb dbname ?>__all_sic
  945. WITH INHERIT NOLOGIN
  946. IN ROLE lsmb_<?lsmb dbname ?>__create_sic,
  947. lsmb_<?lsmb dbname ?>__edit_sic;
  948. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_template
  949. WITH INHERIT NOLOGIN;
  950. -- TODO Add db permissions as templates get moved into db.
  951. INSERT INTO menu_acl (node_id, acl_type, role_name)
  952. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  953. INSERT INTO menu_acl (node_id, acl_type, role_name)
  954. values (156, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  955. INSERT INTO menu_acl (node_id, acl_type, role_name)
  956. values (157, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  957. INSERT INTO menu_acl (node_id, acl_type, role_name)
  958. values (158, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  959. INSERT INTO menu_acl (node_id, acl_type, role_name)
  960. values (159, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  961. INSERT INTO menu_acl (node_id, acl_type, role_name)
  962. values (160, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  963. INSERT INTO menu_acl (node_id, acl_type, role_name)
  964. values (161, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  965. INSERT INTO menu_acl (node_id, acl_type, role_name)
  966. values (162, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  967. INSERT INTO menu_acl (node_id, acl_type, role_name)
  968. values (163, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  969. INSERT INTO menu_acl (node_id, acl_type, role_name)
  970. values (164, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  971. INSERT INTO menu_acl (node_id, acl_type, role_name)
  972. values (165, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  973. INSERT INTO menu_acl (node_id, acl_type, role_name)
  974. values (166, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  975. INSERT INTO menu_acl (node_id, acl_type, role_name)
  976. values (167, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  977. INSERT INTO menu_acl (node_id, acl_type, role_name)
  978. values (168, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  979. INSERT INTO menu_acl (node_id, acl_type, role_name)
  980. values (169, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  981. INSERT INTO menu_acl (node_id, acl_type, role_name)
  982. values (170, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  983. INSERT INTO menu_acl (node_id, acl_type, role_name)
  984. values (171, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  985. INSERT INTO menu_acl (node_id, acl_type, role_name)
  986. values (172, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  987. INSERT INTO menu_acl (node_id, acl_type, role_name)
  988. values (173, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  989. INSERT INTO menu_acl (node_id, acl_type, role_name)
  990. values (174, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  991. INSERT INTO menu_acl (node_id, acl_type, role_name)
  992. values (175, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  993. INSERT INTO menu_acl (node_id, acl_type, role_name)
  994. values (176, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  995. INSERT INTO menu_acl (node_id, acl_type, role_name)
  996. values (177, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  997. INSERT INTO menu_acl (node_id, acl_type, role_name)
  998. values (178, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  999. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1000. values (179, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1001. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1002. values (180, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1003. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1004. values (181, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1005. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1006. values (182, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1007. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1008. values (183, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1009. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1010. values (184, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1011. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1012. values (185, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1013. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1014. values (186, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1015. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1016. values (187, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1017. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1018. values (188, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1019. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1020. values (189, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1021. CREATE ROLE lsmb_<?lsmb dbname ?>__manage_system
  1022. WITH INHERIT NOLOGIN
  1023. IN ROLE lsmb_<?lsmb dbname ?>__change_system_settings,
  1024. lsmb_<?lsmb dbname ?>__all_accounts,
  1025. lsmb_<?lsmb dbname ?>__all_department,
  1026. lsmb_<?lsmb dbname ?>__all_business_type,
  1027. lsmb_<?lsmb dbname ?>__all_sic,
  1028. lsmb_<?lsmb dbname ?>__edit_template;
  1029. -- Manual Translation
  1030. CREATE ROLE lsmb_<?lsmb dbname ?>__create_language
  1031. WITH INHERIT NOLOGIN;
  1032. GRANT INSERT ON language TO lsmb_<?lsmb dbname ?>__create_language;
  1033. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1034. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1035. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1036. values (150, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1037. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1038. values (151, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1039. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_language
  1040. WITH INHERIT NOLOGIN;
  1041. GRANT UPDATE ON language TO lsmb_<?lsmb dbname ?>__edit_language;
  1042. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1043. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1044. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1045. values (150, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1046. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1047. values (152, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1048. CREATE ROLE lsmb_<?lsmb dbname ?>__create_part_translation
  1049. WITH INHERIT NOLOGIN;
  1050. -- TODO add db permissions
  1051. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1052. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1053. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1054. values (95, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1055. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1056. values (96, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1057. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1058. values (97, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1059. CREATE ROLE lsmb_<?lsmb dbname ?>__create_project_translation
  1060. WITH INHERIT NOLOGIN;
  1061. -- TODO add db permissions
  1062. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1063. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1064. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1065. values (107, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1066. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1067. values (108, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1068. CREATE ROLE lsmb_<?lsmb dbname ?>__all_manual_translation
  1069. WITH INHERIT NOLOGIN
  1070. IN ROLE lsmb_<?lsmb dbname ?>__create_language,
  1071. lsmb_<?lsmb dbname ?>__create_part_translation,
  1072. lsmb_<?lsmb dbname ?>__create_project_translation;
  1073. GRANT SELECT ON custom_field_catalog TO public;
  1074. GRANT SELECT ON custom_table_catalog TO public;
  1075. -- Grants to all users;
  1076. GRANT ALL ON defaults TO public;
  1077. GRANT ALL ON "session" TO public;
  1078. GRANT ALL ON session_session_id_seq TO PUBLIC;
  1079. GRANT SELECT ON users TO public;
  1080. GRANT ALL ON user_preference TO public;
  1081. GRANT SELECT ON custom_table_catalog TO PUBLIC;
  1082. GRANT SELECT ON custom_field_catalog TO PUBLIC;
  1083. grant select on menu_node, menu_attribute, menu_acl to public;
  1084. GRANT select on chart, gifi, country to public;
  1085. grant select on employee to public;
  1086. GRANT SELECT ON parts, partsgroup TO public;
  1087. GRANT SELECT ON language, project TO public;
  1088. GRANT SELECT ON business, exchangerate, department, shipto, tax TO public;
  1089. GRANT ALL ON recurring, recurringemail, recurringprint, status TO public;
  1090. GRANT ALL ON transactions, entity_employee, customer, vendor TO public;
  1091. GRANT ALL ON pending_job, payments_queue TO PUBLIC;
  1092. GRANT ALL ON pending_job_id_seq TO public;
  1093. --TODO, lock recurring, pending_job, payment_queue down more
  1094. -- CT: The following grant is required for now, but will hopefully become less
  1095. -- important when we get to 1.4 and can more sensibly lock things down.
  1096. GRANT ALL ON dpt_trans TO public;
  1097. -- Roles dependant on FUNCTIONS
  1098. CREATE ROLE lsmb_<?lsmb dbname ?>__voucher_delete
  1099. WITH INHERIT NOLOGIN;
  1100. GRANT EXECUTE ON FUNCTION voucher__delete(int)
  1101. TO lsmb_<?lsmb dbname ?>__voucher_delete;
  1102. GRANT EXECUTE ON FUNCTION batch__delete(int)
  1103. TO lsmb_<?lsmb dbname ?>__voucher_delete;