summaryrefslogtreecommitdiff
path: root/sql/modules/Roles.sql
blob: 8fda27e6d8c5bbfe1285fa703e30a4688bdeeea3 (plain)
  1. GRANT ALL ON SCHEMA public TO public; -- required for Pg 8.2
  2. -- Contacts
  3. CREATE ROLE lsmb_<?lsmb dbname ?>__read_contact
  4. WITH INHERIT NOLOGIN;
  5. GRANT SELECT ON entity TO lsmb_<?lsmb dbname ?>__read_contact;
  6. GRANT SELECT ON company TO lsmb_<?lsmb dbname ?>__read_contact;
  7. GRANT SELECT ON location TO lsmb_<?lsmb dbname ?>__read_contact;
  8. GRANT SELECT ON person TO lsmb_<?lsmb dbname ?>__read_contact;
  9. GRANT SELECT ON entity_credit_account TO lsmb_<?lsmb dbname ?>__read_contact;
  10. GRANT SELECT ON company_to_contact TO lsmb_<?lsmb dbname ?>__read_contact;
  11. GRANT SELECT ON company_to_entity TO lsmb_<?lsmb dbname ?>__read_contact;
  12. GRANT SELECT ON company_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  13. GRANT SELECT ON customertax TO lsmb_<?lsmb dbname ?>__read_contact;
  14. GRANT SELECT ON contact_class TO lsmb_<?lsmb dbname ?>__read_contact;
  15. GRANT SELECT ON entity_class TO lsmb_<?lsmb dbname ?>__read_contact;
  16. GRANT SELECT ON entity_bank_account TO lsmb_<?lsmb dbname ?>__read_contact;
  17. GRANT SELECT ON entity_note TO lsmb_<?lsmb dbname ?>__read_contact;
  18. GRANT SELECT ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__read_contact;
  19. GRANT SELECT ON entity_other_name TO lsmb_<?lsmb dbname ?>__read_contact;
  20. GRANT SELECT ON location_class TO lsmb_<?lsmb dbname ?>__read_contact;
  21. GRANT SELECT ON person_to_company TO lsmb_<?lsmb dbname ?>__read_contact;
  22. GRANT SELECT ON person_to_contact TO lsmb_<?lsmb dbname ?>__read_contact;
  23. GRANT SELECT ON person_to_contact TO lsmb_<?lsmb dbname ?>__read_contact;
  24. GRANT SELECT ON person_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  25. GRANT SELECT ON person_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  26. GRANT SELECT ON company_to_location TO lsmb_<?lsmb dbname ?>__read_contact;
  27. GRANT SELECT ON vendortax TO lsmb_<?lsmb dbname ?>__read_contact;
  28. INSERT INTO menu_acl (node_id, acl_type, role_name)
  29. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  30. INSERT INTO menu_acl (node_id, acl_type, role_name)
  31. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  32. INSERT INTO menu_acl (node_id, acl_type, role_name)
  33. values (14, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  34. INSERT INTO menu_acl (node_id, acl_type, role_name)
  35. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  36. INSERT INTO menu_acl (node_id, acl_type, role_name)
  37. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  38. INSERT INTO menu_acl (node_id, acl_type, role_name)
  39. values (33, 'allow', 'lsmb_<?lsmb dbname ?>__read_contact');
  40. CREATE ROLE lsmb_<?lsmb dbname ?>__create_contact
  41. WITH INHERIT NOLOGIN
  42. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  43. GRANT INSERT ON entity TO lsmb_<?lsmb dbname ?>__create_contact;
  44. GRANT ALL ON entity_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  45. GRANT INSERT ON company TO lsmb_<?lsmb dbname ?>__create_contact;
  46. GRANT ALL ON company_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  47. GRANT INSERT ON location TO lsmb_<?lsmb dbname ?>__create_contact;
  48. GRANT ALL ON location_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  49. GRANT INSERT ON person TO lsmb_<?lsmb dbname ?>__create_contact;
  50. GRANT ALL ON person_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  51. GRANT INSERT ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_contact;
  52. GRANT ALL ON entity_credit_account_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  53. GRANT INSERT ON company_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  54. GRANT INSERT ON company_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  55. GRANT INSERT ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  56. GRANT INSERT ON customertax TO lsmb_<?lsmb dbname ?>__create_contact;
  57. GRANT INSERT ON entity_bank_account TO lsmb_<?lsmb dbname ?>__create_contact;
  58. GRANT ALL ON entity_bank_account_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  59. GRANT INSERT ON entity_note TO lsmb_<?lsmb dbname ?>__create_contact;
  60. GRANT INSERT ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  61. GRANT INSERT ON entity_other_name TO lsmb_<?lsmb dbname ?>__create_contact;
  62. GRANT INSERT ON person_to_company TO lsmb_<?lsmb dbname ?>__create_contact;
  63. GRANT INSERT ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  64. GRANT INSERT ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  65. GRANT INSERT ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  66. GRANT INSERT ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  67. GRANT INSERT ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  68. GRANT DELETE ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  69. GRANT INSERT ON vendortax TO lsmb_<?lsmb dbname ?>__create_contact;
  70. INSERT INTO menu_acl (node_id, acl_type, role_name)
  71. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  72. INSERT INTO menu_acl (node_id, acl_type, role_name)
  73. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  74. INSERT INTO menu_acl (node_id, acl_type, role_name)
  75. values (12, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  76. INSERT INTO menu_acl (node_id, acl_type, role_name)
  77. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  78. INSERT INTO menu_acl (node_id, acl_type, role_name)
  79. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  80. INSERT INTO menu_acl (node_id, acl_type, role_name)
  81. values (31, 'allow', 'lsmb_<?lsmb dbname ?>__create_contact');
  82. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_contact
  83. WITH INHERIT NOLOGIN
  84. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  85. GRANT UPDATE ON entity TO lsmb_<?lsmb dbname ?>__create_contact;
  86. GRANT UPDATE ON company TO lsmb_<?lsmb dbname ?>__create_contact;
  87. GRANT UPDATE ON location TO lsmb_<?lsmb dbname ?>__create_contact;
  88. GRANT UPDATE ON person TO lsmb_<?lsmb dbname ?>__create_contact;
  89. GRANT UPDATE ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_contact;
  90. GRANT UPDATE ON company_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  91. GRANT UPDATE ON company_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  92. GRANT UPDATE ON company_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  93. GRANT UPDATE ON customertax TO lsmb_<?lsmb dbname ?>__create_contact;
  94. GRANT UPDATE ON entity_bank_account TO lsmb_<?lsmb dbname ?>__create_contact;
  95. GRANT UPDATE ON entity_note TO lsmb_<?lsmb dbname ?>__create_contact;
  96. GRANT UPDATE ON entity_class_to_entity TO lsmb_<?lsmb dbname ?>__create_contact;
  97. GRANT UPDATE ON entity_other_name TO lsmb_<?lsmb dbname ?>__create_contact;
  98. GRANT UPDATE ON person_to_company TO lsmb_<?lsmb dbname ?>__create_contact;
  99. GRANT UPDATE ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  100. GRANT UPDATE ON person_to_contact TO lsmb_<?lsmb dbname ?>__create_contact;
  101. GRANT UPDATE ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  102. GRANT UPDATE ON person_to_location TO lsmb_<?lsmb dbname ?>__create_contact;
  103. GRANT DELETE, INSERT ON vendortax TO lsmb_<?lsmb dbname ?>__create_contact;
  104. CREATE ROLE lsmb_<?lsmb dbname ?>__contact_all_rights
  105. WITH INHERIT NOLOGIN
  106. in role lsmb_<?lsmb dbname ?>__create_contact,
  107. lsmb_<?lsmb dbname ?>__edit_contact,
  108. lsmb_<?lsmb dbname ?>__read_contact;
  109. -- Batches and VOuchers
  110. CREATE ROLE lsmb_<?lsmb dbname ?>__create_batch
  111. WITH INHERIT NOLOGIN;
  112. GRANT INSERT ON batch TO lsmb_<?lsmb dbname ?>__create_batch;
  113. GRANT ALL ON batch_id_seq TO lsmb_<?lsmb dbname ?>__create_batch;
  114. GRANT SELECT ON batch_class TO lsmb_<?lsmb dbname ?>__create_batch;
  115. GRANT INSERT ON voucher TO lsmb_<?lsmb dbname ?>__create_batch;
  116. GRANT ALL ON voucher_id_seq TO lsmb_<?lsmb dbname ?>__create_contact;
  117. -- TODO add Menu ACLs
  118. CREATE ROLE lsmb_<?lsmb dbname ?>__post_batches
  119. WITH INHERIT NOLOGIN;
  120. GRANT UPDATE ON ar TO lsmb_<?lsmb dbname ?>__post_batches;
  121. GRANT UPDATE ON ap TO lsmb_<?lsmb dbname ?>__post_batches;
  122. GRANT UPDATE ON acc_trans TO lsmb_<?lsmb dbname ?>__post_batches;
  123. GRANT UPDATE ON batch TO lsmb_<?lsmb dbname ?>__post_batches;
  124. GRANT UPDATE ON gl TO lsmb_<?lsmb dbname ?>__post_batches;
  125. -- TODO add Menu ACLs
  126. -- AR
  127. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction
  128. WITH INHERIT NOLOGIN
  129. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  130. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  131. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  132. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  133. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_transaction;
  134. INSERT INTO menu_acl (node_id, acl_type, role_name)
  135. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  136. INSERT INTO menu_acl (node_id, acl_type, role_name)
  137. values (2, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  138. INSERT INTO menu_acl (node_id, acl_type, role_name)
  139. values (194, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  140. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher
  141. WITH INHERIT NOLOGIN
  142. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  143. lsmb_<?lsmb dbname ?>__create_batch;
  144. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  145. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  146. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  147. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  148. -- TODO add Menu ACLs
  149. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_invoice
  150. WITH INHERIT NOLOGIN
  151. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  152. lsmb_<?lsmb dbname ?>__create_ar_transaction;
  153. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  154. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  155. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  156. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice;
  157. INSERT INTO menu_acl (node_id, acl_type, role_name)
  158. values (3, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_invoice');
  159. INSERT INTO menu_acl (node_id, acl_type, role_name)
  160. values (195, 'allow', 'lsmb_<?lsmb dbname ?>__create_ar_transaction');
  161. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher
  162. WITH INHERIT NOLOGIN
  163. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  164. lsmb_<?lsmb dbname ?>__create_batch,
  165. lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher;
  166. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  167. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  168. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  169. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  170. -- TODO add Menu ACLs
  171. CREATE ROLE lsmb_<?lsmb dbname ?>__list_ar_transactions
  172. WITH INHERIT NOLOGIN
  173. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  174. GRANT SELECT ON ar TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  175. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  176. GRANT SELECT ON invoice TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  177. GRANT SELECT ON inventory TO lsmb_<?lsmb dbname ?>__list_ar_transactions;
  178. INSERT INTO menu_acl (node_id, acl_type, role_name)
  179. values (1, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  180. INSERT INTO menu_acl (node_id, acl_type, role_name)
  181. values (4, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  182. INSERT INTO menu_acl (node_id, acl_type, role_name)
  183. values (5, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  184. INSERT INTO menu_acl (node_id, acl_type, role_name)
  185. values (6, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  186. INSERT INTO menu_acl (node_id, acl_type, role_name)
  187. values (7, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  188. INSERT INTO menu_acl (node_id, acl_type, role_name)
  189. values (9, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  190. INSERT INTO menu_acl (node_id, acl_type, role_name)
  191. values (10, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  192. INSERT INTO menu_acl (node_id, acl_type, role_name)
  193. values (11, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  194. INSERT INTO menu_acl (node_id, acl_type, role_name)
  195. values (13, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  196. INSERT INTO menu_acl (node_id, acl_type, role_name)
  197. values (15, 'allow', 'lsmb_<?lsmb dbname ?>__list_ar_transactions');
  198. CREATE ROLE lsmb_<?lsmb dbname ?>__ar_all_vouchers
  199. WITH INHERIT NOLOGIN
  200. IN ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction_voucher,
  201. lsmb_<?lsmb dbname ?>__create_ar_invoice_voucher;
  202. CREATE ROLE lsmb_<?lsmb dbname ?>__ar_all_transactions
  203. WITH INHERIT NOLOGIN
  204. IN ROLE lsmb_<?lsmb dbname ?>__create_ar_transaction,
  205. lsmb_<?lsmb dbname ?>__create_ar_invoice,
  206. lsmb_<?lsmb dbname ?>__list_ar_transactions;
  207. CREATE ROLE lsmb_<?lsmb dbname ?>__create_sales_order
  208. WITH INHERIT NOLOGIN
  209. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  210. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_sales_order;
  211. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_order;
  212. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_sales_order;
  213. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_order;
  214. INSERT INTO menu_acl (node_id, acl_type, role_name)
  215. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_order');
  216. INSERT INTO menu_acl (node_id, acl_type, role_name)
  217. values (51, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_order');
  218. CREATE ROLE lsmb_<?lsmb dbname ?>__create_sales_quotation
  219. WITH INHERIT NOLOGIN
  220. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  221. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  222. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  223. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  224. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_sales_quotation;
  225. INSERT INTO menu_acl (node_id, acl_type, role_name)
  226. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_quotation');
  227. INSERT INTO menu_acl (node_id, acl_type, role_name)
  228. values (68, 'allow', 'lsmb_<?lsmb dbname ?>__create_sales_quotation');
  229. CREATE ROLE lsmb_<?lsmb dbname ?>__list_sales_orders
  230. WITH INHERIT NOLOGIN
  231. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  232. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_sales_orders;
  233. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_sales_orders;
  234. INSERT INTO menu_acl (node_id, acl_type, role_name)
  235. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  236. INSERT INTO menu_acl (node_id, acl_type, role_name)
  237. values (53, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  238. INSERT INTO menu_acl (node_id, acl_type, role_name)
  239. values (54, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_orders');
  240. CREATE ROLE lsmb_<?lsmb dbname ?>__list_sales_quotations
  241. WITH INHERIT NOLOGIN
  242. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  243. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_sales_quotations;
  244. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_sales_quotations;
  245. INSERT INTO menu_acl (node_id, acl_type, role_name)
  246. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  247. INSERT INTO menu_acl (node_id, acl_type, role_name)
  248. values (70, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  249. INSERT INTO menu_acl (node_id, acl_type, role_name)
  250. values (71, 'allow', 'lsmb_<?lsmb dbname ?>__list_sales_quotations');
  251. CREATE ROLE lsmb_<?lsmb dbname ?>__all_ar
  252. WITH INHERIT NOLOGIN
  253. IN ROLE lsmb_<?lsmb dbname ?>__ar_all_vouchers,
  254. lsmb_<?lsmb dbname ?>__ar_all_transactions,
  255. lsmb_<?lsmb dbname ?>__create_sales_order,
  256. lsmb_<?lsmb dbname ?>__create_sales_quotation,
  257. lsmb_<?lsmb dbname ?>__list_sales_orders,
  258. lsmb_<?lsmb dbname ?>__list_sales_quotations;
  259. -- AP
  260. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction
  261. WITH INHERIT NOLOGIN
  262. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  263. GRANT INSERT ON ap TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  264. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  265. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  266. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_transaction;
  267. INSERT INTO menu_acl (node_id, acl_type, role_name)
  268. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  269. INSERT INTO menu_acl (node_id, acl_type, role_name)
  270. values (22, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  271. INSERT INTO menu_acl (node_id, acl_type, role_name)
  272. values (196, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  273. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher
  274. WITH INHERIT NOLOGIN
  275. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  276. lsmb_<?lsmb dbname ?>__create_batch;
  277. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  278. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  279. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  280. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher;
  281. -- TODO add Menu ACLs
  282. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_invoice
  283. WITH INHERIT NOLOGIN
  284. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  285. lsmb_<?lsmb dbname ?>__create_ap_transaction;
  286. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  287. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  288. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  289. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice;
  290. INSERT INTO menu_acl (node_id, acl_type, role_name)
  291. values (23, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_invoice');
  292. INSERT INTO menu_acl (node_id, acl_type, role_name)
  293. values (197, 'allow', 'lsmb_<?lsmb dbname ?>__create_ap_transaction');
  294. CREATE ROLE lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher
  295. WITH INHERIT NOLOGIN
  296. IN ROLE lsmb_<?lsmb dbname ?>__read_contact,
  297. lsmb_<?lsmb dbname ?>__create_batch;
  298. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  299. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  300. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  301. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  302. -- TODO add Menu ACLs
  303. CREATE ROLE lsmb_<?lsmb dbname ?>__list_ap_transactions
  304. WITH INHERIT NOLOGIN
  305. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  306. GRANT SELECT ON ap TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  307. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  308. GRANT SELECT ON invoice TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  309. GRANT SELECT ON inventory TO lsmb_<?lsmb dbname ?>__list_ap_transactions;
  310. INSERT INTO menu_acl (node_id, acl_type, role_name)
  311. values (21, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  312. INSERT INTO menu_acl (node_id, acl_type, role_name)
  313. values (24, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  314. INSERT INTO menu_acl (node_id, acl_type, role_name)
  315. values (25, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  316. INSERT INTO menu_acl (node_id, acl_type, role_name)
  317. values (26, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  318. INSERT INTO menu_acl (node_id, acl_type, role_name)
  319. values (27, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  320. INSERT INTO menu_acl (node_id, acl_type, role_name)
  321. values (28, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  322. INSERT INTO menu_acl (node_id, acl_type, role_name)
  323. values (29, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  324. INSERT INTO menu_acl (node_id, acl_type, role_name)
  325. values (30, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  326. INSERT INTO menu_acl (node_id, acl_type, role_name)
  327. values (32, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  328. INSERT INTO menu_acl (node_id, acl_type, role_name)
  329. values (34, 'allow', 'lsmb_<?lsmb dbname ?>__list_ap_transactions');
  330. CREATE ROLE lsmb_<?lsmb dbname ?>__ap_all_vouchers
  331. WITH INHERIT NOLOGIN
  332. IN ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction_voucher,
  333. lsmb_<?lsmb dbname ?>__create_ap_invoice_voucher;
  334. CREATE ROLE lsmb_<?lsmb dbname ?>__ap_all_transactions
  335. WITH INHERIT NOLOGIN
  336. IN ROLE lsmb_<?lsmb dbname ?>__create_ap_transaction,
  337. lsmb_<?lsmb dbname ?>__create_ap_invoice,
  338. lsmb_<?lsmb dbname ?>__list_ap_transactions;
  339. CREATE ROLE lsmb_<?lsmb dbname ?>__create_purchase_order
  340. WITH INHERIT NOLOGIN
  341. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  342. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  343. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  344. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  345. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_order;
  346. INSERT INTO menu_acl (node_id, acl_type, role_name)
  347. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_order');
  348. INSERT INTO menu_acl (node_id, acl_type, role_name)
  349. values (52, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_order');
  350. CREATE ROLE lsmb_<?lsmb dbname ?>__create_purchase_rfq
  351. WITH INHERIT NOLOGIN
  352. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  353. GRANT INSERT ON oe TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  354. GRANT INSERT ON orderitems TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  355. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  356. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__create_purchase_rfq;
  357. INSERT INTO menu_acl (node_id, acl_type, role_name)
  358. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_rfq');
  359. INSERT INTO menu_acl (node_id, acl_type, role_name)
  360. values (69, 'allow', 'lsmb_<?lsmb dbname ?>__create_purchase_rfq');
  361. CREATE ROLE lsmb_<?lsmb dbname ?>__list_purchase_orders
  362. WITH INHERIT NOLOGIN
  363. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  364. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_purchase_orders;
  365. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_purchase_orders;
  366. INSERT INTO menu_acl (node_id, acl_type, role_name)
  367. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  368. INSERT INTO menu_acl (node_id, acl_type, role_name)
  369. values (53, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  370. INSERT INTO menu_acl (node_id, acl_type, role_name)
  371. values (55, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_orders');
  372. CREATE ROLE lsmb_<?lsmb dbname ?>__list_purchase_rfqs
  373. WITH INHERIT NOLOGIN
  374. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  375. GRANT SELECT ON oe TO lsmb_<?lsmb dbname ?>__list_purchase_rfqs;
  376. GRANT SELECT ON orderitems TO lsmb_<?lsmb dbname ?>__list_purchase_rfqs;
  377. INSERT INTO menu_acl (node_id, acl_type, role_name)
  378. values (67, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  379. INSERT INTO menu_acl (node_id, acl_type, role_name)
  380. values (70, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  381. INSERT INTO menu_acl (node_id, acl_type, role_name)
  382. values (72, 'allow', 'lsmb_<?lsmb dbname ?>__list_purchase_rfqs');
  383. CREATE ROLE lsmb_<?lsmb dbname ?>__all_ap
  384. WITH INHERIT NOLOGIN
  385. IN ROLE lsmb_<?lsmb dbname ?>__ap_all_vouchers,
  386. lsmb_<?lsmb dbname ?>__ap_all_transactions,
  387. lsmb_<?lsmb dbname ?>__create_purchase_order,
  388. lsmb_<?lsmb dbname ?>__create_purchase_rfq,
  389. lsmb_<?lsmb dbname ?>__list_purchase_orders,
  390. lsmb_<?lsmb dbname ?>__list_purchase_rfqs;
  391. -- POS
  392. CREATE ROLE lsmb_<?lsmb dbname ?>__create_pos_invoice
  393. WITH INHERIT NOLOGIN
  394. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  395. GRANT INSERT ON invoice TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  396. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  397. GRANT INSERT ON ar TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  398. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  399. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  400. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  401. GRANT ALL ON invoice_id_seq TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  402. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_pos_invoice;
  403. INSERT INTO menu_acl (node_id, acl_type, role_name)
  404. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  405. INSERT INTO menu_acl (node_id, acl_type, role_name)
  406. values (17, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  407. INSERT INTO menu_acl (node_id, acl_type, role_name)
  408. values (18, 'allow', 'lsmb_<?lsmb dbname ?>__create_pos_invoice');
  409. CREATE ROLE lsmb_<?lsmb dbname ?>__close_till
  410. WITH INHERIT NOLOGIN;
  411. GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__close_till;
  412. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__close_till;
  413. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__close_till;
  414. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__close_till;
  415. INSERT INTO menu_acl (node_id, acl_type, role_name)
  416. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__close_till');
  417. INSERT INTO menu_acl (node_id, acl_type, role_name)
  418. values (19, 'allow', 'lsmb_<?lsmb dbname ?>__close_till');
  419. CREATE ROLE lsmb_<?lsmb dbname ?>__list_all_open
  420. WITH INHERIT NOLOGIN;
  421. GRANT SELECT ON ar TO lsmb_<?lsmb dbname ?>__list_all_open;
  422. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__list_all_open;
  423. INSERT INTO menu_acl (node_id, acl_type, role_name)
  424. values (16, 'allow', 'lsmb_<?lsmb dbname ?>__list_all_open');
  425. INSERT INTO menu_acl (node_id, acl_type, role_name)
  426. values (18, 'allow', 'lsmb_<?lsmb dbname ?>__list_all_open');
  427. CREATE ROLE lsmb_<?lsmb dbname ?>__pos_cashier
  428. WITH INHERIT NOLOGIN
  429. IN ROLE lsmb_<?lsmb dbname ?>__create_pos_invoice,
  430. lsmb_<?lsmb dbname ?>__close_till;
  431. CREATE ROLE lsmb_<?lsmb dbname ?>__all_pos
  432. WITH INHERIT NOLOGIN
  433. IN ROLE lsmb_<?lsmb dbname ?>__pos_cashier,
  434. lsmb_<?lsmb dbname ?>__list_all_open;
  435. -- CASH
  436. CREATE ROLE lsmb_<?lsmb dbname ?>__reconcile
  437. WITH INHERIT NOLOGIN;
  438. -- GRANT INSERT ON pending_reports TO lsmb_<?lsmb dbname ?>__reconcile;
  439. -- GRANT INSERT on report_corrections TO lsmb_<?lsmb dbname ?>__reconcile;
  440. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__reconcile;
  441. -- GRANT ALL ON pending_reports_id_seq TO lsmb_<?lsmb dbname ?>__reconcile;
  442. -- GRANT ALL ON report_corrections_id_seq TO lsmb_<?lsmb dbname ?>__reconcile;
  443. INSERT INTO menu_acl (node_id, acl_type, role_name)
  444. values (35, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  445. INSERT INTO menu_acl (node_id, acl_type, role_name)
  446. values (45, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  447. CREATE ROLE lsmb_<?lsmb dbname ?>__approve_reconciliation
  448. WITH INHERIT NOLOGIN;
  449. -- GRANT UPDATE ON pending_reports TO lsmb_<?lsmb dbname ?>__reconcile;
  450. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__reconcile;
  451. INSERT INTO menu_acl (node_id, acl_type, role_name)
  452. values (35, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  453. INSERT INTO menu_acl (node_id, acl_type, role_name)
  454. values (41, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  455. INSERT INTO menu_acl (node_id, acl_type, role_name)
  456. values (44, 'allow', 'lsmb_<?lsmb dbname ?>_reconcile');
  457. CREATE ROLE lsmb_<?lsmb dbname ?>__all_reconcile
  458. WITH INHERIT NOLOGIN
  459. IN ROLE lsmb_<?lsmb dbname ?>__reconcile,
  460. lsmb_<?lsmb dbname ?>__approve_reconciliation;
  461. CREATE ROLE lsmb_<?lsmb dbname ?>__process_payment
  462. WITH INHERIT NOLOGIN
  463. IN ROLE lsmb_<?lsmb dbname ?>__list_ap_transactions;
  464. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__process_payment;
  465. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__process_payment;
  466. INSERT INTO menu_acl (node_id, acl_type, role_name)
  467. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  468. INSERT INTO menu_acl (node_id, acl_type, role_name)
  469. values (38, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  470. INSERT INTO menu_acl (node_id, acl_type, role_name)
  471. values (39, 'allow', 'lsmb_<?lsmb dbname ?>__process_payment');
  472. CREATE ROLE lsmb_<?lsmb dbname ?>__process_receipt
  473. WITH INHERIT NOLOGIN
  474. IN ROLE lsmb_<?lsmb dbname ?>__ar_list_transactions;
  475. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__process_receipt;
  476. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__process_receipt;
  477. INSERT INTO menu_acl (node_id, acl_type, role_name)
  478. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  479. INSERT INTO menu_acl (node_id, acl_type, role_name)
  480. values (36, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  481. INSERT INTO menu_acl (node_id, acl_type, role_name)
  482. values (47, 'allow', 'lsmb_<?lsmb dbname ?>__process_receipt');
  483. CREATE ROLE lsmb_<?lsmb dbname ?>__cash_all
  484. WITH INHERIT NOLOGIN
  485. IN ROLE lsmb_<?lsmb dbname ?>__all_reconcile,
  486. lsmb_<?lsmb dbname ?>__process_payment,
  487. lsmb_<?lsmb dbname ?>__process_receipt;
  488. -- Inventory Control
  489. CREATE ROLE lsmb_<?lsmb dbname ?>__create_part
  490. WITH INHERIT NOLOGIN;
  491. GRANT INSERT ON parts TO lsmb_<?lsmb dbname ?>__create_part;
  492. GRANT ALL ON parts_id_seq TO lsmb_<?lsmb dbname ?>__create_part;
  493. INSERT INTO menu_acl (node_id, acl_type, role_name)
  494. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  495. INSERT INTO menu_acl (node_id, acl_type, role_name)
  496. values (78, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  497. INSERT INTO menu_acl (node_id, acl_type, role_name)
  498. values (79, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  499. INSERT INTO menu_acl (node_id, acl_type, role_name)
  500. values (80, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  501. INSERT INTO menu_acl (node_id, acl_type, role_name)
  502. values (81, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  503. INSERT INTO menu_acl (node_id, acl_type, role_name)
  504. values (82, 'allow', 'lsmb_<?lsmb dbname ?>__create_part');
  505. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_part
  506. WITH INHERIT NOLOGIN;
  507. GRANT UPDATE ON parts TO lsmb_<?lsmb dbname ?>__edit_part;
  508. INSERT INTO menu_acl (node_id, acl_type, role_name)
  509. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  510. INSERT INTO menu_acl (node_id, acl_type, role_name)
  511. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  512. INSERT INTO menu_acl (node_id, acl_type, role_name)
  513. values (86, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  514. INSERT INTO menu_acl (node_id, acl_type, role_name)
  515. values (87, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  516. INSERT INTO menu_acl (node_id, acl_type, role_name)
  517. values (88, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  518. INSERT INTO menu_acl (node_id, acl_type, role_name)
  519. values (89, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  520. INSERT INTO menu_acl (node_id, acl_type, role_name)
  521. values (90, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  522. INSERT INTO menu_acl (node_id, acl_type, role_name)
  523. values (91, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  524. INSERT INTO menu_acl (node_id, acl_type, role_name)
  525. values (93, 'allow', 'lsmb_<?lsmb dbname ?>__edit_part');
  526. CREATE ROLE lsmb_<?lsmb dbname ?>__inventory_reports
  527. WITH INHERIT NOLOGIN;
  528. GRANT SELECT ON ar TO lsmb_<?lsmb dbname ?>__inventory_reports;
  529. GRANT SELECT ON ap TO lsmb_<?lsmb dbname ?>__inventory_reports;
  530. GRANT SELECT ON inventory TO lsmb_<?lsmb dbname ?>__inventory_reports;
  531. GRANT SELECT ON invoice TO lsmb_<?lsmb dbname ?>__inventory_reports;
  532. GRANT SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__inventory_reports;
  533. INSERT INTO menu_acl (node_id, acl_type, role_name)
  534. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  535. INSERT INTO menu_acl (node_id, acl_type, role_name)
  536. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  537. INSERT INTO menu_acl (node_id, acl_type, role_name)
  538. values (88, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  539. INSERT INTO menu_acl (node_id, acl_type, role_name)
  540. values (94, 'allow', 'lsmb_<?lsmb dbname ?>__inventory_reports');
  541. CREATE ROLE lsmb_<?lsmb dbname ?>__create_pricegroup
  542. WITH INHERIT NOLOGIN
  543. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  544. GRANT INSERT ON pricegroup TO lsmb_<?lsmb dbname ?>__create_pricegroup;
  545. GRANT ALL ON pricegroup_id_seq TO lsmb_<?lsmb dbname ?>__create_pricegroup;
  546. GRANT UPDATE ON entity_credit_account TO lsmb_<?lsmb dbname ?>__create_pricegroup;
  547. INSERT INTO menu_acl (node_id, acl_type, role_name)
  548. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_pricegroup');
  549. INSERT INTO menu_acl (node_id, acl_type, role_name)
  550. values (83, 'allow', 'lsmb_<?lsmb dbname ?>__create_pricegroup');
  551. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_pricegroup
  552. WITH INHERIT NOLOGIN
  553. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  554. GRANT UPDATE ON pricegroup TO lsmb_<?lsmb dbname ?>__edit_pricegroup;
  555. GRANT UPDATE ON entity_credit_account TO lsmb_<?lsmb dbname ?>__edit_pricegroup;
  556. INSERT INTO menu_acl (node_id, acl_type, role_name)
  557. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  558. INSERT INTO menu_acl (node_id, acl_type, role_name)
  559. values (85, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  560. INSERT INTO menu_acl (node_id, acl_type, role_name)
  561. values (92, 'allow', 'lsmb_<?lsmb dbname ?>__edit_pricegroup');
  562. CREATE ROLE lsmb_<?lsmb dbname ?>__stock_assembly
  563. WITH INHERIT NOLOGIN;
  564. GRANT UPDATE ON parts TO lsmb_<?lsmb dbname ?>__stock_assembly;
  565. INSERT INTO menu_acl (node_id, acl_type, role_name)
  566. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__stock_assembly');
  567. INSERT INTO menu_acl (node_id, acl_type, role_name)
  568. values (84, 'allow', 'lsmb_<?lsmb dbname ?>__stock_assembly');
  569. CREATE ROLE lsmb_<?lsmb dbname ?>__ship_inventory
  570. WITH INHERIT NOLOGIN
  571. IN ROLE lsmb_<?lsmb dbname ?>__list_sales_orders;
  572. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__ship_inventory;
  573. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__ship_inventory;
  574. INSERT INTO menu_acl (node_id, acl_type, role_name)
  575. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__ship_inventory');
  576. INSERT INTO menu_acl (node_id, acl_type, role_name)
  577. values (64, 'allow', 'lsmb_<?lsmb dbname ?>__ship_inventory');
  578. CREATE ROLE lsmb_<?lsmb dbname ?>__receive_inventory
  579. WITH INHERIT NOLOGIN
  580. IN ROLE lsmb_<?lsmb dbname ?>__list_purchase_orders;
  581. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__receive_inventory;
  582. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__receive_inventory;
  583. INSERT INTO menu_acl (node_id, acl_type, role_name)
  584. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__receive_inventory');
  585. INSERT INTO menu_acl (node_id, acl_type, role_name)
  586. values (65, 'allow', 'lsmb_<?lsmb dbname ?>__receive_inventory');
  587. CREATE ROLE lsmb_<?lsmb dbname ?>__transfer_inventory
  588. WITH INHERIT NOLOGIN;
  589. GRANT INSERT ON inventory TO lsmb_<?lsmb dbname ?>__transfer_inventory;
  590. GRANT ALL ON inventory_entry_id_seq TO lsmb_<?lsmb dbname ?>__transfer_inventory;
  591. INSERT INTO menu_acl (node_id, acl_type, role_name)
  592. values (63, 'allow', 'lsmb_<?lsmb dbname ?>__transfer_inventory');
  593. INSERT INTO menu_acl (node_id, acl_type, role_name)
  594. values (66, 'allow', 'lsmb_<?lsmb dbname ?>__transfer_inventory');
  595. CREATE ROLE lsmb_<?lsmb dbname ?>__create_warehouse
  596. WITH INHERIT NOLOGIN;
  597. GRANT INSERT ON warehouse TO lsmb_<?lsmb dbname ?>__create_warehouse;
  598. GRANT ALL ON warehouse_id_seq TO lsmb_<?lsmb dbname ?>__create_warehouse;
  599. INSERT INTO menu_acl (node_id, acl_type, role_name)
  600. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  601. INSERT INTO menu_acl (node_id, acl_type, role_name)
  602. values (141, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  603. INSERT INTO menu_acl (node_id, acl_type, role_name)
  604. values (142, 'allow', 'lsmb_<?lsmb dbname ?>__create_warehouse');
  605. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_warehouse
  606. WITH INHERIT NOLOGIN;
  607. GRANT UPDATE ON warehouse TO lsmb_<?lsmb dbname ?>__edit_warehouse;
  608. INSERT INTO menu_acl (node_id, acl_type, role_name)
  609. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  610. INSERT INTO menu_acl (node_id, acl_type, role_name)
  611. values (141, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  612. INSERT INTO menu_acl (node_id, acl_type, role_name)
  613. values (143, 'allow', 'lsmb_<?lsmb dbname ?>__edit_warehouse');
  614. CREATE ROLE lsmb_<?lsmb dbname ?>__all_inventory
  615. WITH INHERIT NOLOGIN
  616. IN ROLE lsmb_<?lsmb dbname ?>__create_part,
  617. lsmb_<?lsmb dbname ?>__inventory_reports,
  618. lsmb_<?lsmb dbname ?>__stock_assembly,
  619. lsmb_<?lsmb dbname ?>__ship_inventory,
  620. lsmb_<?lsmb dbname ?>__receive_inventory,
  621. lsmb_<?lsmb dbname ?>__transfer_inventory,
  622. lsmb_<?lsmb dbname ?>__edit_warehouse,
  623. lsmb_<?lsmb dbname ?>__create_warehouse;
  624. -- GL
  625. CREATE ROLE lsmb_<?lsmb dbname ?>__create_transaction
  626. WITH INHERIT NOLOGIN;
  627. GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__create_transaction;
  628. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_transaction;
  629. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_transaction;
  630. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_transaction;
  631. INSERT INTO menu_acl (node_id, acl_type, role_name)
  632. values (73, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  633. INSERT INTO menu_acl (node_id, acl_type, role_name)
  634. values (74, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  635. INSERT INTO menu_acl (node_id, acl_type, role_name)
  636. values (75, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  637. INSERT INTO menu_acl (node_id, acl_type, role_name)
  638. values (35, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  639. INSERT INTO menu_acl (node_id, acl_type, role_name)
  640. values (40, 'allow', 'lsmb_<?lsmb dbname ?>__create_transaction');
  641. CREATE ROLE lsmb_<?lsmb dbname ?>__create_transaction_voucher
  642. WITH INHERIT NOLOGIN;
  643. GRANT INSERT ON gl TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  644. GRANT INSERT ON acc_trans TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  645. GRANT ALL ON id TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  646. GRANT ALL ON acc_trans_entry_id_seq TO lsmb_<?lsmb dbname ?>__create_transaction_voucher;
  647. -- TODO Add menu permissions
  648. CREATE ROLE lsmb_<?lsmb dbname ?>__list_transactions
  649. WITH INHERIT NOLOGIN
  650. IN ROLE lsmb_<?lsmb dbname ?>__list_ar_transactions,
  651. lsmb_<?lsmb dbname ?>__list_ap_transactions;
  652. GRANT SELECT ON gl TO lsmb_<?lsmb dbname ?>__list_transactions;
  653. INSERT INTO menu_acl (node_id, acl_type, role_name)
  654. values (73, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
  655. INSERT INTO menu_acl (node_id, acl_type, role_name)
  656. values (76, 'allow', 'lsmb_<?lsmb dbname ?>__list_transactions');
  657. CREATE ROLE lsmb_<?lsmb dbname ?>__run_yearend
  658. WITH INHERIT NOLOGIN;
  659. GRANT INSERT, SELECT ON acc_trans TO lsmb_<?lsmb dbname ?>__run_yearend;
  660. INSERT INTO menu_acl (node_id, acl_type, role_name)
  661. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
  662. INSERT INTO menu_acl (node_id, acl_type, role_name)
  663. values (132, 'allow', 'lsmb_<?lsmb dbname ?>__run_yearend');
  664. CREATE ROLE lsmb_<?lsmb dbname ?>__list_batches
  665. WITH INHERIT NOLOGIN
  666. IN ROLE lsmb_<?lsmb dbname ?>__list_transactions;
  667. GRANT SELECT ON batch TO lsmb_<?lsmb dbname ?>__list_batches;
  668. GRANT SELECT ON batch_class TO lsmb_<?lsmb dbname ?>__list_batches;
  669. GRANT SELECT ON voucher TO lsmb_<?lsmb dbname ?>__list_batches;
  670. -- TODO: Add menu items
  671. CREATE ROLE lsmb_<?lsmb dbname ?>__all_gl
  672. WITH INHERIT NOLOGIN
  673. IN ROLE lsmb_<?lsmb dbname ?>__create_transaction,
  674. lsmb_<?lsmb dbname ?>__create_transaction_voucher,
  675. lsmb_<?lsmb dbname ?>__run_yearend,
  676. lsmb_<?lsmb dbname ?>__list_transactions;
  677. -- PROJECTS
  678. CREATE ROLE lsmb_<?lsmb dbname ?>__create_project
  679. WITH INHERIT NOLOGIN;
  680. GRANT INSERT ON project TO lsmb_<?lsmb dbname ?>__create_project;
  681. GRANT ALL ON project_id_seq TO lsmb_<?lsmb dbname ?>__create_project;
  682. INSERT INTO menu_acl (node_id, acl_type, role_name)
  683. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__create_project');
  684. INSERT INTO menu_acl (node_id, acl_type, role_name)
  685. values (99, 'allow', 'lsmb_<?lsmb dbname ?>__create_project');
  686. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_project
  687. WITH INHERIT NOLOGIN;
  688. GRANT UPDATE ON project TO lsmb_<?lsmb dbname ?>__edit_project;
  689. INSERT INTO menu_acl (node_id, acl_type, role_name)
  690. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  691. INSERT INTO menu_acl (node_id, acl_type, role_name)
  692. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  693. INSERT INTO menu_acl (node_id, acl_type, role_name)
  694. values (104, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  695. CREATE ROLE lsmb_<?lsmb dbname ?>__add_project_timecard
  696. WITH INHERIT NOLOGIN
  697. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  698. GRANT INSERT ON jcitems TO lsmb_<?lsmb dbname ?>__add_project_timecard;
  699. GRANT ALL ON jcitems_id_seq TO lsmb_<?lsmb dbname ?>__add_project_timecard;
  700. INSERT INTO menu_acl (node_id, acl_type, role_name)
  701. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  702. INSERT INTO menu_acl (node_id, acl_type, role_name)
  703. values (100, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  704. INSERT INTO menu_acl (node_id, acl_type, role_name)
  705. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  706. INSERT INTO menu_acl (node_id, acl_type, role_name)
  707. values (106, 'allow', 'lsmb_<?lsmb dbname ?>__add_project_timecard');
  708. CREATE ROLE lsmb_<?lsmb dbname ?>__list_project_timecards
  709. WITH INHERIT NOLOGIN
  710. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  711. GRANT UPDATE ON project TO lsmb_<?lsmb dbname ?>__edit_project;
  712. INSERT INTO menu_acl (node_id, acl_type, role_name)
  713. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  714. INSERT INTO menu_acl (node_id, acl_type, role_name)
  715. values (103, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  716. INSERT INTO menu_acl (node_id, acl_type, role_name)
  717. values (106, 'allow', 'lsmb_<?lsmb dbname ?>__edit_project');
  718. -- ORDER GENERATION
  719. CREATE ROLE lsmb_<?lsmb dbname ?>__generate_orders
  720. WITH INHERIT NOLOGIN
  721. IN ROLE lsmb_<?lsmb dbname ?>__read_contact;
  722. GRANT SELECT, INSERT, UPDATE ON oe TO lsmb_<?lsmb dbname ?>__generate_orders;
  723. GRANT SELECT, INSERT, UPDATE ON orderitems TO lsmb_<?lsmb dbname ?>__generate_orders;
  724. GRANT ALL ON oe_id_seq TO lsmb_<?lsmb dbname ?>__generate_orders;
  725. GRANT ALL ON orderitems_id_seq TO lsmb_<?lsmb dbname ?>__generate_orders;
  726. CREATE ROLE lsmb_<?lsmb dbname ?>__project_generate_orders
  727. WITH INHERIT NOLOGIN
  728. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  729. INSERT INTO menu_acl (node_id, acl_type, role_name)
  730. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  731. INSERT INTO menu_acl (node_id, acl_type, role_name)
  732. values (101, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  733. INSERT INTO menu_acl (node_id, acl_type, role_name)
  734. values (102, 'allow', 'lsmb_<?lsmb dbname ?>__project_generate_orders');
  735. CREATE ROLE lsmb_<?lsmb dbname ?>__sales_to_purchase_orders
  736. WITH INHERIT NOLOGIN
  737. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  738. INSERT INTO menu_acl (node_id, acl_type, role_name)
  739. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  740. INSERT INTO menu_acl (node_id, acl_type, role_name)
  741. values (56, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  742. INSERT INTO menu_acl (node_id, acl_type, role_name)
  743. values (57, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  744. INSERT INTO menu_acl (node_id, acl_type, role_name)
  745. values (58, 'allow', 'lsmb_<?lsmb dbname ?>__sales_to_purchase_orders');
  746. CREATE ROLE lsmb_<?lsmb dbname ?>__consolidate_purchase_orders
  747. WITH INHERIT NOLOGIN
  748. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  749. INSERT INTO menu_acl (node_id, acl_type, role_name)
  750. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  751. INSERT INTO menu_acl (node_id, acl_type, role_name)
  752. values (60, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  753. INSERT INTO menu_acl (node_id, acl_type, role_name)
  754. values (62, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_purchase_orders');
  755. CREATE ROLE lsmb_<?lsmb dbname ?>__consolidate_sales_orders
  756. WITH INHERIT NOLOGIN
  757. IN ROLE lsmb_<?lsmb dbname ?>__generate_orders;
  758. INSERT INTO menu_acl (node_id, acl_type, role_name)
  759. values (50, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  760. INSERT INTO menu_acl (node_id, acl_type, role_name)
  761. values (60, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  762. INSERT INTO menu_acl (node_id, acl_type, role_name)
  763. values (61, 'allow', 'lsmb_<?lsmb dbname ?>__consolidate_sales_orders');
  764. CREATE ROLE lsmb_<?lsmb dbname ?>__manage_orders
  765. WITH INHERIT NOLOGIN
  766. IN ROLE lsmb_<?lsmb dbname ?>__project_generate_orders,
  767. lsmb_<?lsmb dbname ?>__sales_to_purchase_orders,
  768. lsmb_<?lsmb dbname ?>__consolidate_purchase_orders,
  769. lsmb_<?lsmb dbname ?>__consolidate_sales_orders;
  770. -- FINANCIAL REPORTS
  771. CREATE ROLE lsmb_<?lsmb dbname ?>__run_financial_reports
  772. WITH INHERIT NOLOGIN
  773. IN ROLE lsmb_<?lsmb dbname ?>__list_transactions;
  774. INSERT INTO menu_acl (node_id, acl_type, role_name)
  775. values (109, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  776. INSERT INTO menu_acl (node_id, acl_type, role_name)
  777. values (110, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  778. INSERT INTO menu_acl (node_id, acl_type, role_name)
  779. values (111, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  780. INSERT INTO menu_acl (node_id, acl_type, role_name)
  781. values (112, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  782. INSERT INTO menu_acl (node_id, acl_type, role_name)
  783. values (113, 'allow', 'lsmb_<?lsmb dbname ?>__run_financial_reports');
  784. -- RECURRING TRANSACTIONS
  785. -- TO ADD WHEN THIS IS REDESIGNED
  786. -- BATCH PRINTING
  787. CREATE ROLE lsmb_<?lsmb dbname ?>__list_print_jobs
  788. WITH INHERIT NOLOGIN;
  789. INSERT INTO menu_acl (node_id, acl_type, role_name)
  790. values (116, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  791. INSERT INTO menu_acl (node_id, acl_type, role_name)
  792. values (117, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  793. INSERT INTO menu_acl (node_id, acl_type, role_name)
  794. values (118, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  795. INSERT INTO menu_acl (node_id, acl_type, role_name)
  796. values (119, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  797. INSERT INTO menu_acl (node_id, acl_type, role_name)
  798. values (120, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  799. INSERT INTO menu_acl (node_id, acl_type, role_name)
  800. values (121, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  801. INSERT INTO menu_acl (node_id, acl_type, role_name)
  802. values (122, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  803. INSERT INTO menu_acl (node_id, acl_type, role_name)
  804. values (123, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  805. INSERT INTO menu_acl (node_id, acl_type, role_name)
  806. values (124, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  807. INSERT INTO menu_acl (node_id, acl_type, role_name)
  808. values (125, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  809. INSERT INTO menu_acl (node_id, acl_type, role_name)
  810. values (126, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  811. INSERT INTO menu_acl (node_id, acl_type, role_name)
  812. values (127, 'allow', 'lsmb_<?lsmb dbname ?>__list_print_jobs');
  813. CREATE ROLE lsmb_<?lsmb dbname ?>__print_jobs
  814. WITH INHERIT NOLOGIN
  815. IN ROLE lsmb_<?lsmb dbname ?>__list_print_jobs;
  816. -- SYSTEM SETTINGS
  817. CREATE ROLE lsmb_<?lsmb dbname ?>__list_system_settings
  818. WITH INHERIT NOLOGIN;
  819. INSERT INTO menu_acl (node_id, acl_type, role_name)
  820. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  821. INSERT INTO menu_acl (node_id, acl_type, role_name)
  822. values (129, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  823. INSERT INTO menu_acl (node_id, acl_type, role_name)
  824. values (131, 'allow', 'lsmb_<?lsmb dbname ?>__list_system_settings');
  825. CREATE ROLE lsmb_<?lsmb dbname ?>__change_system_settings
  826. WITH INHERIT NOLOGIN
  827. IN ROLE lsmb_<?lsmb dbname ?>__list_system_settings;
  828. CREATE ROLE lsmb_<?lsmb dbname ?>__set_taxes
  829. WITH INHERIT NOLOGIN;
  830. GRANT INSERT, UPDATE ON tax TO lsmb_<?lsmb dbname ?>__set_taxes;
  831. INSERT INTO menu_acl (node_id, acl_type, role_name)
  832. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__set_taxes');
  833. INSERT INTO menu_acl (node_id, acl_type, role_name)
  834. values (130, 'allow', 'lsmb_<?lsmb dbname ?>__set_taxes');
  835. CREATE ROLE lsmb_<?lsmb dbname ?>__create_account
  836. WITH INHERIT NOLOGIN;
  837. GRANT INSERT ON chart TO lsmb_<?lsmb dbname ?>__create_account;
  838. GRANT ALL ON chart_id_seq TO lsmb_<?lsmb dbname ?>__create_account;
  839. INSERT INTO menu_acl (node_id, acl_type, role_name)
  840. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  841. INSERT INTO menu_acl (node_id, acl_type, role_name)
  842. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  843. INSERT INTO menu_acl (node_id, acl_type, role_name)
  844. values (137, 'allow', 'lsmb_<?lsmb dbname ?>__create_account');
  845. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_account
  846. WITH INHERIT NOLOGIN;
  847. GRANT UPDATE ON chart TO lsmb_<?lsmb dbname ?>__edit_account;
  848. INSERT INTO menu_acl (node_id, acl_type, role_name)
  849. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  850. INSERT INTO menu_acl (node_id, acl_type, role_name)
  851. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  852. INSERT INTO menu_acl (node_id, acl_type, role_name)
  853. values (138, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  854. CREATE ROLE lsmb_<?lsmb dbname ?>__create_gifi
  855. WITH INHERIT NOLOGIN;
  856. GRANT INSERT ON gifi TO lsmb_<?lsmb dbname ?>__create_gifi;
  857. INSERT INTO menu_acl (node_id, acl_type, role_name)
  858. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  859. INSERT INTO menu_acl (node_id, acl_type, role_name)
  860. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  861. INSERT INTO menu_acl (node_id, acl_type, role_name)
  862. values (139, 'allow', 'lsmb_<?lsmb dbname ?>__create_gifi');
  863. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_gifi
  864. WITH INHERIT NOLOGIN;
  865. GRANT UPDATE ON gifi TO lsmb_<?lsmb dbname ?>__edit_gifi;
  866. INSERT INTO menu_acl (node_id, acl_type, role_name)
  867. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  868. INSERT INTO menu_acl (node_id, acl_type, role_name)
  869. values (136, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  870. INSERT INTO menu_acl (node_id, acl_type, role_name)
  871. values (140, 'allow', 'lsmb_<?lsmb dbname ?>__edit_account');
  872. CREATE ROLE lsmb_<?lsmb dbname ?>__all_accounts
  873. WITH INHERIT NOLOGIN
  874. IN ROLE lsmb_<?lsmb dbname ?>__create_account,
  875. lsmb_<?lsmb dbname ?>__set_taxes,
  876. lsmb_<?lsmb dbname ?>__edit_account,
  877. lsmb_<?lsmb dbname ?>__create_gifi,
  878. lsmb_<?lsmb dbname ?>__edit_gifi;
  879. CREATE ROLE lsmb_<?lsmb dbname ?>__create_department
  880. WITH INHERIT NOLOGIN;
  881. GRANT INSERT ON department TO lsmb_<?lsmb dbname ?>__create_department;
  882. GRANT ALL ON department_id_seq TO lsmb_<?lsmb dbname ?>__create_department;
  883. INSERT INTO menu_acl (node_id, acl_type, role_name)
  884. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  885. INSERT INTO menu_acl (node_id, acl_type, role_name)
  886. values (144, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  887. INSERT INTO menu_acl (node_id, acl_type, role_name)
  888. values (145, 'allow', 'lsmb_<?lsmb dbname ?>__create_department');
  889. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_department
  890. WITH INHERIT NOLOGIN;
  891. GRANT UPDATE ON department TO lsmb_<?lsmb dbname ?>__edit_department;
  892. INSERT INTO menu_acl (node_id, acl_type, role_name)
  893. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  894. INSERT INTO menu_acl (node_id, acl_type, role_name)
  895. values (144, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  896. INSERT INTO menu_acl (node_id, acl_type, role_name)
  897. values (146, 'allow', 'lsmb_<?lsmb dbname ?>__edit_department');
  898. CREATE ROLE lsmb_<?lsmb dbname ?>__all_department
  899. WITH INHERIT NOLOGIN
  900. IN ROLE lsmb_<?lsmb dbname ?>__create_department,
  901. lsmb_<?lsmb dbname ?>__edit_department;
  902. CREATE ROLE lsmb_<?lsmb dbname ?>__create_business_type
  903. WITH INHERIT NOLOGIN;
  904. GRANT INSERT ON business TO lsmb_<?lsmb dbname ?>__create_business_type;
  905. GRANT ALL ON business_id_seq TO lsmb_<?lsmb dbname ?>__create_business_type;
  906. INSERT INTO menu_acl (node_id, acl_type, role_name)
  907. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  908. INSERT INTO menu_acl (node_id, acl_type, role_name)
  909. values (147, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  910. INSERT INTO menu_acl (node_id, acl_type, role_name)
  911. values (148, 'allow', 'lsmb_<?lsmb dbname ?>__create_business_type');
  912. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_business_type
  913. WITH INHERIT NOLOGIN;
  914. GRANT UPDATE ON business TO lsmb_<?lsmb dbname ?>__edit_business_type;
  915. INSERT INTO menu_acl (node_id, acl_type, role_name)
  916. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  917. INSERT INTO menu_acl (node_id, acl_type, role_name)
  918. values (147, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  919. INSERT INTO menu_acl (node_id, acl_type, role_name)
  920. values (149, 'allow', 'lsmb_<?lsmb dbname ?>__edit_business_type');
  921. CREATE ROLE lsmb_<?lsmb dbname ?>__all_business_type
  922. WITH INHERIT NOLOGIN
  923. IN ROLE lsmb_<?lsmb dbname ?>__create_business_type,
  924. lsmb_<?lsmb dbname ?>__edit_business_type;
  925. CREATE ROLE lsmb_<?lsmb dbname ?>__create_sic
  926. WITH INHERIT NOLOGIN;
  927. GRANT INSERT ON sic TO lsmb_<?lsmb dbname ?>__create_sic;
  928. INSERT INTO menu_acl (node_id, acl_type, role_name)
  929. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  930. INSERT INTO menu_acl (node_id, acl_type, role_name)
  931. values (153, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  932. INSERT INTO menu_acl (node_id, acl_type, role_name)
  933. values (154, 'allow', 'lsmb_<?lsmb dbname ?>__create_sic');
  934. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_sic
  935. WITH INHERIT NOLOGIN;
  936. GRANT UPDATE ON sic TO lsmb_<?lsmb dbname ?>__edit_sic;
  937. INSERT INTO menu_acl (node_id, acl_type, role_name)
  938. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  939. INSERT INTO menu_acl (node_id, acl_type, role_name)
  940. values (153, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  941. INSERT INTO menu_acl (node_id, acl_type, role_name)
  942. values (155, 'allow', 'lsmb_<?lsmb dbname ?>__edit_sic');
  943. CREATE ROLE lsmb_<?lsmb dbname ?>__all_sic
  944. WITH INHERIT NOLOGIN
  945. IN ROLE lsmb_<?lsmb dbname ?>__create_sic,
  946. lsmb_<?lsmb dbname ?>__edit_sic;
  947. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_template
  948. WITH INHERIT NOLOGIN;
  949. -- TODO Add db permissions as templates get moved into db.
  950. INSERT INTO menu_acl (node_id, acl_type, role_name)
  951. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  952. INSERT INTO menu_acl (node_id, acl_type, role_name)
  953. values (156, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  954. INSERT INTO menu_acl (node_id, acl_type, role_name)
  955. values (157, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  956. INSERT INTO menu_acl (node_id, acl_type, role_name)
  957. values (158, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  958. INSERT INTO menu_acl (node_id, acl_type, role_name)
  959. values (159, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  960. INSERT INTO menu_acl (node_id, acl_type, role_name)
  961. values (160, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  962. INSERT INTO menu_acl (node_id, acl_type, role_name)
  963. values (161, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  964. INSERT INTO menu_acl (node_id, acl_type, role_name)
  965. values (162, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  966. INSERT INTO menu_acl (node_id, acl_type, role_name)
  967. values (163, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  968. INSERT INTO menu_acl (node_id, acl_type, role_name)
  969. values (164, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  970. INSERT INTO menu_acl (node_id, acl_type, role_name)
  971. values (165, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  972. INSERT INTO menu_acl (node_id, acl_type, role_name)
  973. values (166, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  974. INSERT INTO menu_acl (node_id, acl_type, role_name)
  975. values (167, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  976. INSERT INTO menu_acl (node_id, acl_type, role_name)
  977. values (168, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  978. INSERT INTO menu_acl (node_id, acl_type, role_name)
  979. values (169, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  980. INSERT INTO menu_acl (node_id, acl_type, role_name)
  981. values (170, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  982. INSERT INTO menu_acl (node_id, acl_type, role_name)
  983. values (171, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  984. INSERT INTO menu_acl (node_id, acl_type, role_name)
  985. values (172, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  986. INSERT INTO menu_acl (node_id, acl_type, role_name)
  987. values (173, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  988. INSERT INTO menu_acl (node_id, acl_type, role_name)
  989. values (174, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  990. INSERT INTO menu_acl (node_id, acl_type, role_name)
  991. values (175, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  992. INSERT INTO menu_acl (node_id, acl_type, role_name)
  993. values (176, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  994. INSERT INTO menu_acl (node_id, acl_type, role_name)
  995. values (177, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  996. INSERT INTO menu_acl (node_id, acl_type, role_name)
  997. values (178, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  998. INSERT INTO menu_acl (node_id, acl_type, role_name)
  999. values (179, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1000. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1001. values (180, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1002. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1003. values (181, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1004. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1005. values (182, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1006. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1007. values (183, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1008. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1009. values (184, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1010. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1011. values (185, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1012. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1013. values (186, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1014. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1015. values (187, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1016. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1017. values (188, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1018. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1019. values (189, 'allow', 'lsmb_<?lsmb dbname ?>__edit_template');
  1020. CREATE ROLE lsmb_<?lsmb dbname ?>__manage_system
  1021. WITH INHERIT NOLOGIN
  1022. IN ROLE lsmb_<?lsmb dbname ?>__change_system_settings,
  1023. lsmb_<?lsmb dbname ?>__all_accounts,
  1024. lsmb_<?lsmb dbname ?>__all_department,
  1025. lsmb_<?lsmb dbname ?>__all_business_type,
  1026. lsmb_<?lsmb dbname ?>__all_sic,
  1027. lsmb_<?lsmb dbname ?>__edit_template;
  1028. -- Manual Translation
  1029. CREATE ROLE lsmb_<?lsmb dbname ?>__create_language
  1030. WITH INHERIT NOLOGIN;
  1031. GRANT INSERT ON language TO lsmb_<?lsmb dbname ?>__create_language;
  1032. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1033. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1034. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1035. values (150, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1036. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1037. values (151, 'allow', 'lsmb_<?lsmb dbname ?>__create_language');
  1038. CREATE ROLE lsmb_<?lsmb dbname ?>__edit_language
  1039. WITH INHERIT NOLOGIN;
  1040. GRANT UPDATE ON language TO lsmb_<?lsmb dbname ?>__edit_language;
  1041. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1042. values (128, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1043. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1044. values (150, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1045. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1046. values (152, 'allow', 'lsmb_<?lsmb dbname ?>__edit_language');
  1047. CREATE ROLE lsmb_<?lsmb dbname ?>__create_part_translation
  1048. WITH INHERIT NOLOGIN;
  1049. -- TODO add db permissions
  1050. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1051. values (77, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1052. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1053. values (95, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1054. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1055. values (96, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1056. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1057. values (97, 'allow', 'lsmb_<?lsmb dbname ?>__create_part_translation');
  1058. CREATE ROLE lsmb_<?lsmb dbname ?>__create_project_translation
  1059. WITH INHERIT NOLOGIN;
  1060. -- TODO add db permissions
  1061. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1062. values (98, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1063. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1064. values (107, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1065. INSERT INTO menu_acl (node_id, acl_type, role_name)
  1066. values (108, 'allow', 'lsmb_<?lsmb dbname ?>__create_project_translation');
  1067. CREATE ROLE lsmb_<?lsmb dbname ?>__all_manual_translation
  1068. WITH INHERIT NOLOGIN
  1069. IN ROLE lsmb_<?lsmb dbname ?>__create_language,
  1070. lsmb_<?lsmb dbname ?>__create_part_translation,
  1071. lsmb_<?lsmb dbname ?>__create_project_translation;
  1072. GRANT SELECT ON custom_field_catalog TO public;
  1073. GRANT SELECT ON custom_table_catalog TO public;
  1074. -- Grants to all users;
  1075. GRANT ALL ON defaults TO public;
  1076. GRANT ALL ON "session" TO public;
  1077. GRANT ALL ON session_session_id_seq TO PUBLIC;
  1078. GRANT SELECT ON users TO public;
  1079. GRANT ALL ON user_preference TO public;
  1080. GRANT SELECT ON custom_table_catalog TO PUBLIC;
  1081. GRANT SELECT ON custom_field_catalog TO PUBLIC;
  1082. grant select on menu_node, menu_attribute, menu_acl to public;
  1083. GRANT select on chart, gifi, country to public;
  1084. grant select on employee to public;
  1085. GRANT SELECT ON parts, partsgroup TO public;
  1086. GRANT SELECT ON language, project TO public;
  1087. GRANT SELECT ON business, exchangerate, department, shipto, tax TO public;
  1088. GRANT ALL ON recurring, recurringemail, recurringprint, status TO public;
  1089. GRANT ALL ON transactions, entity_employee, customer, vendor TO public;
  1090. GRANT ALL ON pending_job, payments_queue TO PUBLIC;
  1091. GRANT ALL ON pending_job_id_seq TO public;
  1092. --TODO, lock recurring, pending_job, payment_queue down more
  1093. -- CT: The following grant is required for now, but will hopefully become less
  1094. -- important when we get to 1.4 and can more sensibly lock things down.
  1095. GRANT ALL ON dpt_trans TO public;