CSPACE-2004, CSPACE-1926 ImportAuthZ now creates a ROLE_TENANT_ADMINISTRATOR for each tenant that has all privileges to all services used by that tenant. It also creates a ROLE_TENANT_READER. This role has only READ, SEARCH privileges for all services used by the tenant
test: ant import, mvn test (service level)
Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
- int EXPECTED_ITEMS = 1;
+ int EXPECTED_ITEMS = 5; //seeded permissions
if (logger.isDebugEnabled()) {
logger.debug(testName + ": received = " + list.getPermissions().size()
+ " expected=" + EXPECTED_ITEMS);
\r
<target name="import" depends="import-unix,import-windows"\r
description="import authorization" />\r
- <target name="import-unix" if="osfamily-unix">\r
+ <target name="import-unix" if="osfamily-unix" depends="setup_hibernate.cfg">\r
<exec executable="mvn" failonerror="true">\r
<arg value="exec:java" />\r
<arg value="-f" />\r
<arg value="${mvn.opts}" />\r
</exec>\r
</target>\r
- <target name="import-windows" if="osfamily-windows">\r
+ <target name="import-windows" if="osfamily-windows" depends="setup_hibernate.cfg">\r
<exec executable="cmd" failonerror="true">\r
<arg value="/c" />\r
<arg value="mvn.bat" />\r
</target>\r
\r
\r
+ <target name="setup_hibernate.cfg" description="replace property keywords in hibernate.cfg.xml">\r
+ <property name="src.hibernate.cfg" value="${basedir}/src/main/resources/hibernate.cfg.xml"/>\r
+ <property name="dest.hibernate.cfg" value="${basedir}/target/classes/hibernate.cfg.xml"/>\r
+ <delete file="${dest.hibernate.cfg}" verbose="true" />\r
+ <filter token="DB_URL" value="${db.jdbc.url}" />\r
+ <filter token="DB_DRIVER_CLASS" value="${db.jdbc.driver.class}" />\r
+ <filter token="DB_USER" value="${env.DB_USER}" /> <!-- double-sub from ${db.user} fails -->\r
+ <filter token="DB_PASSWORD" value="${env.DB_PASSWORD}" /> <!-- double-sub from ${db.user.password} fails -->\r
+ <filter token="DB_DIALECT" value="${db.dialect}" />\r
+ <copy tofile="${dest.hibernate.cfg}" file="${src.hibernate.cfg}" filtering="true"/>\r
+ </target>\r
+\r
+ \r
<target name="deploy" depends="install"\r
description="deploy authorization-mgt import in ${jboss.server.cspace}">\r
</target>\r
<version>${project.version}</version>\r
<scope>provided</scope>\r
</dependency>\r
+ <dependency>\r
+ <groupId>org.collectionspace.services</groupId>\r
+ <artifactId>org.collectionspace.services.authorization-mgt.service</artifactId>\r
+ <version>${project.version}</version>\r
+ <scope>provided</scope>\r
+ </dependency>\r
<dependency>\r
<groupId>org.testng</groupId>\r
<artifactId>testng</artifactId>\r
<argument>test</argument>\r
<argument>-b</argument>\r
<argument>${basedir}/../../common/src/main/config/services/tenant-bindings.xml</argument>\r
- <argument>-idir</argument>\r
- <argument>${basedir}/src/main/resources/import-data/</argument>\r
<argument>-edir</argument>\r
<argument>${basedir}/src/main/resources/import-data/</argument>\r
</arguments>\r
*/
public class ImportAuthz {
+ final private static String OPTIONS_USERNAME = "username";
+ final private static String OPTIONS_PASSWORD = "password";
+ final private static String OPTIONS_TENANT_BINDING = "tenant binding file";
+ final private static String OPTIONS_IMPORT_DIR = "importdir";
+ final private static String OPTIONS_EXPORT_DIR = "exportdir";
+ final private static String OPTIONS_HELP = "help";
+
public static void main(String[] args) {
Options options = createOptions();
try {
// parse the command line arguments
CommandLine line = parser.parse(options, args);
+ if (line.hasOption("h")) {
+ printUsage();
+ System.exit(1);
+ }
String user = line.getOptionValue("u");
String password = line.getOptionValue("p");
String tenantBinding = line.getOptionValue("b");
- String importDir = line.getOptionValue("idir");
String exportDir = line.getOptionValue("edir");
System.out.println("user=" + user
+ " password=" + password
+ " tenantBinding=" + tenantBinding
- + " importDir=" + importDir
+ " exportDir=" + exportDir);
AuthorizationSeedDriver driver = new AuthorizationSeedDriver(
- user, password, tenantBinding, importDir, exportDir);
- driver.seedData();
+ user, password, tenantBinding, exportDir);
+ driver.generate();
+ driver.seed();
} catch (ParseException exp) {
// oops, something went wrong
System.err.println("Parsing failed. Reason: " + exp.getMessage());
+ } catch (Exception e) {
+ System.out.println("Error : " + e.getMessage());
+ printUsage();
}
}
private static Options createOptions() {
Options options = new Options();
- options.addOption("u", true, "username");
- options.addOption("p", true, "password");
- options.addOption("b", true, "tenant binding file");
- options.addOption("idir", true, "import dir");
- options.addOption("edir", true, "export dir");
+ options.addOption("u", true, OPTIONS_USERNAME);
+ options.addOption("p", true, OPTIONS_PASSWORD);
+ options.addOption("b", true, OPTIONS_TENANT_BINDING);
+ options.addOption("edir", true, OPTIONS_EXPORT_DIR);
+ options.addOption("h", true, OPTIONS_HELP);
return options;
}
+
+ private static void printUsage() {
+ StringBuilder sb = new StringBuilder();
+ sb.append("\nUsage : java -cp <classpath> " + ImportAuthz.class.getName() + " <options>");
+ sb.append("\nOptions :");
+ sb.append("\n -u <" + OPTIONS_USERNAME + "> cspace username");
+ sb.append("\n -p <" + OPTIONS_PASSWORD + "> password");
+ sb.append("\n -b <" + OPTIONS_TENANT_BINDING + "> tenant binding file (fully qualified path)");
+ sb.append("\n -edir <" + OPTIONS_EXPORT_DIR + "> directory to export authz data into");
+ System.out.println(sb.toString());
+ }
}
package org.collectionspace.services.authorization.driver;
import java.io.File;
+import java.util.ArrayList;
import java.util.HashSet;
+import java.util.List;
import org.collectionspace.services.authorization.AuthZ;
+import org.collectionspace.services.authorization.Permission;
+import org.collectionspace.services.authorization.PermissionRole;
+import org.collectionspace.services.authorization.PermissionRoleRel;
+import org.collectionspace.services.authorization.Role;
+import org.collectionspace.services.authorization.SubjectType;
import org.collectionspace.services.authorization.importer.AuthorizationGen;
import org.collectionspace.services.authorization.importer.AuthorizationSeed;
+import org.collectionspace.services.authorization.importer.AuthorizationStore;
+import org.collectionspace.services.authorization.storage.PermissionRoleUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.support.ClassPathXmlApplicationContext;
final Logger logger = LoggerFactory.getLogger(AuthorizationSeedDriver.class);
final static private String SPRING_SECURITY_METADATA = "applicationContext-authorization-test.xml";
+ final static private String ROLE_FILE = "import-roles.xml";
final static private String PERMISSION_FILE = "import-permissions.xml";
final static private String PERMISSION_ROLE_FILE = "import-permissions-roles.xml";
- private String user = "test";
- private String password = "test";
+ private String user;
+ private String password;
private String tenantBindingFile;
- private String importDir;
private String exportDir;
+ private AuthorizationGen authzGen;
private org.springframework.jdbc.datasource.DataSourceTransactionManager txManager;
/**
*/
public AuthorizationSeedDriver(String user, String password,
String tenantBindingFile,
- String importDir, String exportDir) {
+ String exportDir) {
if (user == null || user.isEmpty()) {
- this.user = user;
+ throw new IllegalArgumentException("username required.");
}
+ this.user = user;
+
if (password == null || password.isEmpty()) {
- this.password = password;
+ throw new IllegalArgumentException("password required.");
}
+ this.password = password;
+
if (tenantBindingFile == null || tenantBindingFile.isEmpty()) {
- throw new IllegalStateException("tenantbindings are required.");
+ throw new IllegalArgumentException("tenantbinding file are required.");
}
this.tenantBindingFile = tenantBindingFile;
if (exportDir == null || exportDir.isEmpty()) {
- throw new IllegalStateException("exportdir required.");
+ throw new IllegalArgumentException("exportdir required.");
}
this.exportDir = exportDir;
- if (importDir == null || importDir.isEmpty()) {
- importDir = exportDir;
- } else {
- this.importDir = importDir;
- }
}
- public void seedData() {
- setup();
- TransactionStatus status = null;
+ public void generate() {
try {
- AuthorizationGen authzGen = new AuthorizationGen();
+ authzGen = new AuthorizationGen();
authzGen.initialize(tenantBindingFile);
- authzGen.createDefaultServicePermissions();
- //create default role(s) for the tenant and assign permissions
- authzGen.createDefaultPermissionsRoles();
- authzGen.exportPermissions(exportDir + File.separator + PERMISSION_FILE);
- authzGen.exportPermissionRoles(exportDir + File.separator + PERMISSION_ROLE_FILE);
+ authzGen.createDefaultRoles();
+ authzGen.createDefaultPermissions();
+ authzGen.associateDefaultPermissionsRoles();
+ authzGen.exportDefaultRoles(exportDir + File.separator + ROLE_FILE);
+ authzGen.exportDefaultPermissions(exportDir + File.separator + PERMISSION_FILE);
+ authzGen.exportDefaultPermissionRoles(exportDir + File.separator + PERMISSION_ROLE_FILE);
if (logger.isDebugEnabled()) {
logger.debug("authroization generation completed ");
}
+ } catch (Exception ex) {
+ if (logger.isDebugEnabled()) {
+ ex.printStackTrace();
+ }
+ throw new RuntimeException(ex);
+ }
+ }
+
+ public void seed() {
+ TransactionStatus status = null;
+ try {
+ store();
+
+ setupSpring();
status = beginTransaction("seedData");
AuthorizationSeed authzSeed = new AuthorizationSeed();
- authzSeed.seedPermissions(importDir + File.separator + PERMISSION_FILE,
- importDir + File.separator + PERMISSION_ROLE_FILE);
+ authzSeed.seedPermissions(exportDir + File.separator + PERMISSION_FILE,
+ exportDir + File.separator + PERMISSION_ROLE_FILE);
if (logger.isDebugEnabled()) {
- logger.debug("authroization seeding completed ");
+ logger.debug("authorization seeding completed ");
}
} catch (Exception ex) {
if (status != null) {
}
}
- private void setup() {
+ private void setupSpring() {
ClassPathXmlApplicationContext appContext = new ClassPathXmlApplicationContext(
new String[]{SPRING_SECURITY_METADATA});
System.setProperty("spring-beans-config", SPRING_SECURITY_METADATA);
AuthZ authZ = AuthZ.get();
txManager = (org.springframework.jdbc.datasource.DataSourceTransactionManager) appContext.getBean("transactionManager");
+ if (logger.isDebugEnabled()) {
+ logger.debug("spring setup complete");
+ }
}
private void login() {
gauths.add(gauth);
Authentication authRequest = new UsernamePasswordAuthenticationToken(user, password, gauths);
SecurityContextHolder.getContext().setAuthentication(authRequest);
+ if (logger.isDebugEnabled()) {
+ logger.debug("login successful for user=" + user);
+ }
}
private void logout() {
SecurityContextHolder.getContext().setAuthentication(null);
+ if (logger.isDebugEnabled()) {
+ logger.debug("logged out user=" + user);
+ }
+ }
+
+ private void store() throws Exception {
+ AuthorizationStore authzStore = new AuthorizationStore();
+ for (Role role : authzGen.getDefaultRoles()) {
+ authzStore.store(role);
+ }
+
+ for (Permission perm : authzGen.getDefaultPermissions()) {
+ authzStore.store(perm);
+ }
+
+ List<PermissionRoleRel> permRoleRels = new ArrayList<PermissionRoleRel>();
+ for (PermissionRole pr : authzGen.getDefaultPermissionRoles()) {
+ PermissionRoleUtil.buildPermissionRoleRel(pr, SubjectType.ROLE, permRoleRels);
+ }
+ for (PermissionRoleRel permRoleRel : permRoleRels) {
+ authzStore.store(permRoleRel);
+ }
+
+ if (logger.isDebugEnabled()) {
+ logger.debug("authroization storage completed ");
+ }
+
}
private TransactionStatus beginTransaction(String name) {
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.util.ArrayList;
+import java.util.Date;
import java.util.Hashtable;
import java.util.List;
import java.util.UUID;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
-import org.collectionspace.services.authorization.AccountRole;
import org.collectionspace.services.authorization.ActionType;
import org.collectionspace.services.authorization.Permission;
import org.collectionspace.services.authorization.EffectType;
import org.collectionspace.services.authorization.PermissionsRolesList;
import org.collectionspace.services.authorization.Role;
import org.collectionspace.services.authorization.RoleValue;
+import org.collectionspace.services.authorization.RolesList;
import org.collectionspace.services.authorization.SubjectType;
import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
import org.collectionspace.services.common.service.ServiceBindingType;
*/
public class AuthorizationGen {
+ final public static String ROLE_ADMINISTRATOR = "ROLE_ADMINISTRATOR";
+ final public static String ROLE_TENANT_ADMINISTRATOR = "ROLE_TENANT_ADMINISTRATOR";
+ final public static String ROLE_TENANT_READER = "ROLE_TENANT_READER";
+ final public static String ROLE_ADMINISTRATOR_ID = "0";
final Logger logger = LoggerFactory.getLogger(AuthorizationGen.class);
- private List<Permission> permList = new ArrayList<Permission>();
- private List<PermissionRole> permRoleList = new ArrayList<PermissionRole>();
+ private List<Permission> adminPermList = new ArrayList<Permission>();
+ private List<PermissionRole> adminPermRoleList = new ArrayList<PermissionRole>();
+ private List<Permission> readerPermList = new ArrayList<Permission>();
+ private List<PermissionRole> readerPermRoleList = new ArrayList<PermissionRole>();
+ private List<Role> adminRoles = new ArrayList<Role>();
+ private List<Role> readerRoles = new ArrayList<Role>();
+ private Role cspaceAdminRole;
private Hashtable<String, TenantBindingType> tenantBindings =
new Hashtable<String, TenantBindingType>();
- final public static String ROLE_ADMINISTRATOR = "ROLE_ADMINISTRATOR";
public void initialize(String tenantBindingFileName) throws Exception {
TenantBindingConfigReaderImpl tenantBindingConfigReader =
new TenantBindingConfigReaderImpl(null);
tenantBindingConfigReader.read(tenantBindingFileName);
tenantBindings = tenantBindingConfigReader.getTenantBindings();
+ cspaceAdminRole = buildCSpaceAdminRole();
+
if (logger.isDebugEnabled()) {
logger.debug("initialized with tenant bindings from " + tenantBindingFileName);
}
}
- public void createDefaultServicePermissions() {
+ /**
+ * createDefaultPermissions creates default admin and reader permissions
+ * for each tenant found in the given tenant binding file
+ * @see initialize
+ * @return
+ */
+ public void createDefaultPermissions() {
for (String tenantId : tenantBindings.keySet()) {
- List<Permission> perms = createDefaultServicePermissions(tenantId);
- permList.addAll(perms);
+ List<Permission> adminPerms = createDefaultAdminPermissions(tenantId);
+ adminPermList.addAll(adminPerms);
+
+ List<Permission> readerPerms = createDefaultReaderPermissions(tenantId);
+ readerPermList.addAll(readerPerms);
}
}
- public List<Permission> createDefaultServicePermissions(String tenantId) {
+ /**
+ * createDefaultAdminPermissions creates default admin permissions for all services
+ * used by the given tenant
+ * @param tenantId
+ * @return
+ */
+ public List<Permission> createDefaultAdminPermissions(String tenantId) {
ArrayList<Permission> apcList = new ArrayList<Permission>();
TenantBindingType tbinding = tenantBindings.get(tenantId);
for (ServiceBindingType sbinding : tbinding.getServiceBindings()) {
//add permissions for the main path
- Permission perm = buildCommonPermission(tbinding.getId(),
+ Permission perm = buildAdminPermission(tbinding.getId(),
sbinding.getName().toLowerCase());
apcList.add(perm);
//add permissions for alternate paths
List<String> uriPaths = sbinding.getUriPath();
for (String uriPath : uriPaths) {
- perm = buildCommonPermission(tbinding.getId(),
+ perm = buildAdminPermission(tbinding.getId(),
uriPath.toLowerCase());
apcList.add(perm);
}
}
- private Permission buildCommonPermission(String tenantId, String resourceName) {
+ private Permission buildAdminPermission(String tenantId, String resourceName) {
String id = UUID.randomUUID().toString();
Permission perm = new Permission();
perm.setCsid(id);
+ perm.setDescription("generated admin permission");
+ perm.setCreatedAtItem(new Date());
perm.setResourceName(resourceName.toLowerCase());
perm.setEffect(EffectType.PERMIT);
perm.setTenantId(tenantId);
return perm;
}
- public List<Permission> getDefaultServicePermissions() {
- return permList;
+ /**
+ * createDefaultReaderPermissions creates read only permissions for all services
+ * used by the given tenant
+ * @param tenantId
+ * @return
+ */
+ public List<Permission> createDefaultReaderPermissions(String tenantId) {
+ ArrayList<Permission> apcList = new ArrayList<Permission>();
+ TenantBindingType tbinding = tenantBindings.get(tenantId);
+ for (ServiceBindingType sbinding : tbinding.getServiceBindings()) {
+
+ //add permissions for the main path
+ Permission perm = buildReaderPermission(tbinding.getId(),
+ sbinding.getName().toLowerCase());
+ apcList.add(perm);
+
+ //add permissions for alternate paths
+ List<String> uriPaths = sbinding.getUriPath();
+ for (String uriPath : uriPaths) {
+ perm = buildReaderPermission(tbinding.getId(),
+ uriPath.toLowerCase());
+ apcList.add(perm);
+ }
+
+ }
+ return apcList;
+
+ }
+
+ private Permission buildReaderPermission(String tenantId, String resourceName) {
+ String id = UUID.randomUUID().toString();
+ Permission perm = new Permission();
+ perm.setCsid(id);
+ perm.setCreatedAtItem(new Date());
+ perm.setDescription("generated readonly permission");
+ perm.setResourceName(resourceName.toLowerCase());
+ perm.setEffect(EffectType.PERMIT);
+ perm.setTenantId(tenantId);
+ ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
+ perm.setActions(pas);
+
+ PermissionAction pa1 = new PermissionAction();
+ pa1.setName(ActionType.READ);
+ pas.add(pa1);
+
+ PermissionAction pa4 = new PermissionAction();
+ pa4.setName(ActionType.SEARCH);
+ pas.add(pa4);
+ return perm;
+ }
+
+ public List<Permission> getDefaultPermissions() {
+ List<Permission> allPermList = new ArrayList<Permission>();
+ allPermList.addAll(adminPermList);
+ allPermList.addAll(readerPermList);
+ return allPermList;
+ }
+
+ public List<Permission> getDefaultAdminPermissions() {
+ return adminPermList;
+ }
+
+ public List<Permission> getDefaultReaderPermissions() {
+ return readerPermList;
+ }
+
+ /**
+ * createDefaultRoles creates default admin and reader roles
+ * for each tenant found in the given tenant binding file
+ */
+ public void createDefaultRoles() {
+ for (String tenantId : tenantBindings.keySet()) {
+
+ Role arole = buildTenantAdminRole(tenantId);
+ adminRoles.add(arole);
+
+ Role rrole = buildTenantReaderRole(tenantId);
+ readerRoles.add(rrole);
+
+ }
+ }
+
+ private Role buildTenantAdminRole(String tenantId) {
+ Role role = new Role();
+ role.setCreatedAtItem(new Date());
+ role.setRoleName(ROLE_TENANT_ADMINISTRATOR);
+ String id = UUID.randomUUID().toString();
+ role.setCsid(id);
+ role.setDescription("generated tenant admin role");
+ role.setTenantId(tenantId);
+ return role;
+ }
+
+ private Role buildTenantReaderRole(String tenantId) {
+ Role role = new Role();
+ role.setCreatedAtItem(new Date());
+ role.setRoleName(ROLE_TENANT_READER);
+ String id = UUID.randomUUID().toString();
+ role.setCsid(id);
+ role.setDescription("generated tenant read only role");
+ role.setTenantId(tenantId);
+ return role;
}
- public void createDefaultPermissionsRoles() {
- for (Permission p : permList) {
- TenantBindingType tbinding = tenantBindings.get(p.getTenantId());
-// String tenantAdminRole = getTenantAdminRole(tbinding.getName());
-// PermissionRole permRole = buildCommonPermissionRoles(p.getTenantId(), p.getCsid(),
-// p.getResourceName(), tenantAdminRole, "999");
-// permRoleList.add(permRole);
+ public List<Role> getDefaultRoles() {
+ List<Role> allRoleList = new ArrayList<Role>();
+ allRoleList.addAll(adminRoles);
+ allRoleList.addAll(readerRoles);
+ return allRoleList;
+ }
+
+ public void associateDefaultPermissionsRoles() {
+ List<Role> roles = new ArrayList<Role>();
+ roles.add(cspaceAdminRole);
+ for (Permission p : adminPermList) {
+ PermissionRole permAdmRole = associatePermissionRoles(p, adminRoles);
+ adminPermRoleList.add(permAdmRole);
//CSpace Administrator has all access
- PermissionRole permAdmRole = buildCommonPermissionRoles(p.getTenantId(), p.getCsid(),
- p.getResourceName(), ROLE_ADMINISTRATOR, "1");
- permRoleList.add(permAdmRole);
+ PermissionRole permCAdmRole = associatePermissionRoles(p, roles);
+ adminPermRoleList.add(permCAdmRole);
+ }
+
+ for (Permission p : readerPermList) {
+ PermissionRole permRdrRole = associatePermissionRoles(p, readerRoles);
+ readerPermRoleList.add(permRdrRole);
}
}
- public List<PermissionRole> createPermissionsRoles(List<Permission> perms, String roleName, String roleId) {
+ public List<PermissionRole> associatePermissionsRoles(List<Permission> perms, List<Role> roles) {
List<PermissionRole> permRoles = new ArrayList<PermissionRole>();
- for (Permission p : perms) {
- PermissionRole permRole = buildCommonPermissionRoles(p.getTenantId(), p.getCsid(),
- p.getResourceName(), roleName, roleId);
+ for (Permission perm : perms) {
+ PermissionRole permRole = associatePermissionRoles(perm, roles);
permRoles.add(permRole);
}
return permRoles;
}
- private PermissionRole buildCommonPermissionRoles(String tenantId, String permId,
- String resName, String roleName, String roleId) {
+ private PermissionRole associatePermissionRoles(Permission perm,
+ List<Role> roles) {
PermissionRole pr = new PermissionRole();
pr.setSubject(SubjectType.ROLE);
List<PermissionValue> permValues = new ArrayList<PermissionValue>();
pr.setPermissions(permValues);
PermissionValue permValue = new PermissionValue();
- permValue.setPermissionId(permId);
- permValue.setResourceName(resName.toLowerCase());
+ permValue.setPermissionId(perm.getCsid());
+ permValue.setResourceName(perm.getResourceName().toLowerCase());
permValues.add(permValue);
List<RoleValue> roleValues = new ArrayList<RoleValue>();
- RoleValue radmin = new RoleValue();
- radmin.setRoleName(roleName.toUpperCase());
- radmin.setRoleId(roleId);
- roleValues.add(radmin);
+ for (Role role : roles) {
+ RoleValue rv = new RoleValue();
+ rv.setRoleName(role.getRoleName().toUpperCase());
+ rv.setRoleId(role.getCsid());
+ roleValues.add(rv);
+ }
pr.setRoles(roleValues);
return pr;
}
- /**
- * getTenantAdminRole generates role for tenant administrator
- * @param tenantName
- * @return
- */
- private String getTenantAdminRole(String tenantName) {
- tenantName = tenantName.toUpperCase();
- tenantName = tenantName.replace(' ', '_');
- return ROLE_ADMINISTRATOR + "_" + tenantName;
+ public List<PermissionRole> getDefaultPermissionRoles() {
+ List<PermissionRole> allPermRoleList = new ArrayList<PermissionRole>();
+ allPermRoleList.addAll(adminPermRoleList);
+ allPermRoleList.addAll(readerPermRoleList);
+ return allPermRoleList;
+ }
+
+ public List<PermissionRole> getDefaultAdminPermissionRoles() {
+ return adminPermRoleList;
+ }
+
+ public List<PermissionRole> getDefaultReaderPermissionRoles() {
+ return readerPermRoleList;
}
- public List<PermissionRole> getDefaultServicePermissionRoles() {
- return permRoleList;
+ private Role buildCSpaceAdminRole() {
+ Role role = new Role();
+ role.setRoleName(ROLE_ADMINISTRATOR);
+ role.setCsid(ROLE_ADMINISTRATOR_ID);
+ return role;
+ }
+
+ public void exportDefaultRoles(String fileName) {
+ RolesList rList = new RolesList();
+ List<Role> allRoleList = new ArrayList<Role>();
+ allRoleList.addAll(adminRoles);
+ allRoleList.addAll(readerRoles);
+ rList.setRoles(allRoleList);
+ toFile(rList, RolesList.class,
+ fileName);
+ if (logger.isDebugEnabled()) {
+ logger.debug("exported roles to " + fileName);
+ }
}
- public void exportPermissions(String fileName) {
+ public void exportDefaultPermissions(String fileName) {
PermissionsList pcList = new PermissionsList();
- pcList.setPermissions(permList);
+ List<Permission> allPermList = new ArrayList<Permission>();
+ allPermList.addAll(adminPermList);
+ allPermList.addAll(readerPermList);
+ pcList.setPermissions(allPermList);
toFile(pcList, PermissionsList.class,
fileName);
if (logger.isDebugEnabled()) {
}
}
- public void exportPermissionRoles(String fileName) {
+ public void exportDefaultPermissionRoles(String fileName) {
PermissionsRolesList psrsl = new PermissionsRolesList();
- psrsl.setPermissionRoles(permRoleList);
+ List<PermissionRole> allPermRoleList = new ArrayList<PermissionRole>();
+ allPermRoleList.addAll(adminPermRoleList);
+ allPermRoleList.addAll(readerPermRoleList);
+ psrsl.setPermissionRoles(allPermRoleList);
toFile(psrsl, PermissionsRolesList.class,
fileName);
if (logger.isDebugEnabled()) {
--- /dev/null
+/**
+ * This document is a part of the source code and related artifacts
+ * for CollectionSpace, an open source collections management system
+ * for museums and related institutions:
+
+ * http://www.collectionspace.org
+ * http://wiki.collectionspace.org
+
+ * Copyright 2010 University of California at Berkeley
+
+ * Licensed under the Educational Community License (ECL), Version 2.0.
+ * You may not use this file except in compliance with this License.
+
+ * You may obtain a copy of the ECL 2.0 License at
+
+ * https://source.collectionspace.org/collection-space/LICENSE.txt
+
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.collectionspace.services.authorization.importer;
+
+import java.util.Date;
+import javax.persistence.EntityManager;
+import javax.persistence.EntityManagerFactory;
+import org.collectionspace.services.common.document.JaxbUtils;
+import org.collectionspace.services.common.storage.jpa.JpaStorageUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * AuthorizationStore stores persistent entities during import
+ * @author
+ */
+public class AuthorizationStore {
+
+ private final Logger logger = LoggerFactory.getLogger(AuthorizationStore.class);
+ private final static String PERSISTENCE_UNIT = "org.collectionspace.services.authorization";
+
+ /**
+ * store the given entity
+ * @param entity
+ * @return csid of the entity
+ * @throws Exception
+ */
+ public String store(Object entity) throws Exception {
+ EntityManagerFactory emf = null;
+ EntityManager em = null;
+ try {
+ emf = JpaStorageUtils.getEntityManagerFactory(PERSISTENCE_UNIT);
+ em = emf.createEntityManager();
+ //FIXME: more efficient would be to participate in transaction already started
+ //by the caller
+ em.getTransaction().begin();
+ if (JaxbUtils.getValue(entity, "getCreatedAt") == null) {
+ JaxbUtils.setValue(entity, "setCreatedAtItem", Date.class, new Date());
+ }
+ em.persist(entity);
+ em.getTransaction().commit();
+ String id = null;
+ try{
+ id = (String) JaxbUtils.getValue(entity, "getCsid");
+ } catch(NoSuchMethodException nsme) {
+ //do nothing ok, relationship does not have csid
+ }
+ return id;
+ } catch (Exception e) {
+ if (em != null && em.getTransaction().isActive()) {
+ em.getTransaction().rollback();
+ }
+ if (logger.isDebugEnabled()) {
+ logger.debug("Caught exception ", e);
+ }
+ throw e;
+ } finally {
+ if (em != null) {
+ JpaStorageUtils.releaseEntityManagerFactory(emf);
+ }
+ }
+ }
+}
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<persistence version="1.0" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd
+ http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <persistence-unit name="org.collectionspace.services.authorization">
+ <class>org.collectionspace.services.authorization.Permission</class>
+ <class>org.collectionspace.services.authorization.PermissionAction</class>
+ <class>org.collectionspace.services.authorization.PermissionRoleRel</class>
+ <class>org.collectionspace.services.authorization.Role</class>
+ <class>org.collectionspace.services.authorization.AccountRoleRel</class>
+ <properties>
+ <property name="hibernate.ejb.cfgfile" value="hibernate.cfg.xml"/>
+
+ <!--property name="hibernate.dialect" value="org.hibernate.dialect.MySQLDialect"/>
+ <property name="hibernate.max_fetch_depth" value="3"/>
+ <property name="hibernate.connection.driver_class" value="com.mysql.jdbc.Driver"/>
+ <property name="hibernate.connection.username" value="test"/>
+ <property name="hibernate.connection.password" value="test"/>
+ <property name="hibernate.connection.url" value="jdbc:mysql://localhost:3306/cspace"/-->
+ </properties>
+ </persistence-unit>
+</persistence>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Document : hibernate.cfg.xml
+ Created on :
+ Author :
+ Description:
+ Hibernate configuration file for testing and tools
+-->
+<!DOCTYPE hibernate-configuration PUBLIC
+ "-//Hibernate/Hibernate Configuration DTD 3.0//EN"
+ "http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
+<hibernate-configuration>
+ <session-factory>
+ <property name="connection.url">@DB_URL@</property>
+ <property name="connection.driver_class">@DB_DRIVER_CLASS@</property>
+ <property name="connection.username">@DB_USER@</property>
+ <property name="connection.password">@DB_PASSWORD@</property>
+ <property name="dialect">@DB_DIALECT@</property>
+ <property name="transaction.factory_class">org.hibernate.transaction.JDBCTransactionFactory</property>
+ <property name="current_session_context_class">thread</property>
+ <property name="hibernate.show_sql">true</property>
+ </session-factory>
+</hibernate-configuration>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>68eea582-e5b0-4aab-a01b-e45126ce1924</permissionId>
+ <permissionId>de3657a1-99f8-46b6-b4bb-2e28f9def87f</permissionId>
<resourceName>idgenerators</resourceName>
</permission>
<role>
- <roleId>1</roleId>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>de3657a1-99f8-46b6-b4bb-2e28f9def87f</permissionId>
+ <resourceName>idgenerators</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>b6644980-aeef-4d8f-a048-338057f9d973</permissionId>
+ <resourceName>id</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>b6644980-aeef-4d8f-a048-338057f9d973</permissionId>
+ <resourceName>id</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>ddcdcc15-7f5a-49d8-8354-82c2e52d4727</permissionId>
+ <resourceName>
+ /idgenerators/*/ids
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>ddcdcc15-7f5a-49d8-8354-82c2e52d4727</permissionId>
+ <resourceName>
+ /idgenerators/*/ids
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>b203fb49-56c3-4662-b4bd-4008a6462364</permissionId>
+ <resourceName>collectionobjects</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>b203fb49-56c3-4662-b4bd-4008a6462364</permissionId>
+ <resourceName>collectionobjects</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>2dde10d0-2ce9-471b-9c66-c67a6e7c511f</permissionId>
+ <resourceName>
+ /collectionobjects/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>2dde10d0-2ce9-471b-9c66-c67a6e7c511f</permissionId>
+ <resourceName>
+ /collectionobjects/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>b8323642-cd0a-491f-a952-cf36d2b32134</permissionId>
+ <resourceName>intakes</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>b8323642-cd0a-491f-a952-cf36d2b32134</permissionId>
+ <resourceName>intakes</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>3c3e7ff6-7ecd-4643-b662-3fcb54e62abe</permissionId>
+ <resourceName>
+ /intakes/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>3c3e7ff6-7ecd-4643-b662-3fcb54e62abe</permissionId>
+ <resourceName>
+ /intakes/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>e248b5af-6eb3-4063-8816-6c2b0c55537c</permissionId>
+ <resourceName>loansin</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>e248b5af-6eb3-4063-8816-6c2b0c55537c</permissionId>
+ <resourceName>loansin</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>6529cf6d-34ae-4bab-a6e2-ab19973620fb</permissionId>
+ <resourceName>
+ /loansin/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>6529cf6d-34ae-4bab-a6e2-ab19973620fb</permissionId>
+ <resourceName>
+ /loansin/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>1145d28d-269a-41fd-806f-b0d6511cf273</permissionId>
+ <resourceName>loansout</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>1145d28d-269a-41fd-806f-b0d6511cf273</permissionId>
+ <resourceName>loansout</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>8773ed3b-9432-44e8-900e-1bc3908e7911</permissionId>
+ <resourceName>
+ /loansout/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>8773ed3b-9432-44e8-900e-1bc3908e7911</permissionId>
+ <resourceName>
+ /loansout/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>21786a64-02e0-4359-9c61-47cf821f2362</permissionId>
+ <resourceName>movements</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>21786a64-02e0-4359-9c61-47cf821f2362</permissionId>
+ <resourceName>movements</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>d501423e-9425-4c99-bf6f-478a2a9f971e</permissionId>
+ <resourceName>
+ /movements/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>d501423e-9425-4c99-bf6f-478a2a9f971e</permissionId>
+ <resourceName>
+ /movements/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>88075c4c-d5ed-420a-a767-1ab662066feb</permissionId>
+ <resourceName>vocabularies</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>88075c4c-d5ed-420a-a767-1ab662066feb</permissionId>
+ <resourceName>vocabularies</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>2444d28d-883f-4566-a378-f03b95d100b9</permissionId>
+ <resourceName>vocabularyitems</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>2444d28d-883f-4566-a378-f03b95d100b9</permissionId>
+ <resourceName>vocabularyitems</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>80a57584-6438-4df3-95df-bba1d7d9a275</permissionId>
+ <resourceName>
+ /vocabularies/*/items/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>80a57584-6438-4df3-95df-bba1d7d9a275</permissionId>
+ <resourceName>
+ /vocabularies/*/items/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>812a71ed-0dfe-4371-a390-4776ab5519f2</permissionId>
+ <resourceName>orgauthorities</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>812a71ed-0dfe-4371-a390-4776ab5519f2</permissionId>
+ <resourceName>orgauthorities</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>a9aeff96-179f-4b1d-8e74-25358185fdae</permissionId>
+ <resourceName>
+ /orgauthorities/*/items/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>a9aeff96-179f-4b1d-8e74-25358185fdae</permissionId>
+ <resourceName>
+ /orgauthorities/*/items/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>23897bf4-c727-4737-a70c-dc446519e1d5</permissionId>
+ <resourceName>organizations</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>23897bf4-c727-4737-a70c-dc446519e1d5</permissionId>
+ <resourceName>organizations</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>64f48448-c5ed-4096-acc8-17daebf2924f</permissionId>
+ <resourceName>
+ /orgauthorities/*/items/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>64f48448-c5ed-4096-acc8-17daebf2924f</permissionId>
+ <resourceName>
+ /orgauthorities/*/items/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>90bea796-bf38-46a6-8a9e-fc9a1eed157d</permissionId>
+ <resourceName>
+ /orgauthorities/*/items/*/refobjs
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>90bea796-bf38-46a6-8a9e-fc9a1eed157d</permissionId>
+ <resourceName>
+ /orgauthorities/*/items/*/refobjs
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>e61b8b12-3db0-499a-b074-79afec3f141a</permissionId>
+ <resourceName>personauthorities</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>e61b8b12-3db0-499a-b074-79afec3f141a</permissionId>
+ <resourceName>personauthorities</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>ce34076c-83b0-409c-b2b8-2d3805af9056</permissionId>
+ <resourceName>
+ /personauthorities/*/items/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>ce34076c-83b0-409c-b2b8-2d3805af9056</permissionId>
+ <resourceName>
+ /personauthorities/*/items/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>acac0886-627b-43e6-810c-f62c928b99bf</permissionId>
+ <resourceName>
+ /personauthorities/*/items/*/refobjs
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>acac0886-627b-43e6-810c-f62c928b99bf</permissionId>
+ <resourceName>
+ /personauthorities/*/items/*/refobjs
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>1aa13e33-4b21-4e6f-b670-2fc13f8fd2b4</permissionId>
+ <resourceName>persons</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>1aa13e33-4b21-4e6f-b670-2fc13f8fd2b4</permissionId>
+ <resourceName>persons</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>cbb98b91-25ed-4e8b-af4d-48f11e981e19</permissionId>
+ <resourceName>
+ /personauthorities/*/items/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>cbb98b91-25ed-4e8b-af4d-48f11e981e19</permissionId>
+ <resourceName>
+ /personauthorities/*/items/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>7c9e5c9a-8eb7-4579-ad94-e6d4f90c9ae8</permissionId>
+ <resourceName>locationauthorities</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>7c9e5c9a-8eb7-4579-ad94-e6d4f90c9ae8</permissionId>
+ <resourceName>locationauthorities</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>ce653183-2722-46c9-8f19-2e719c9cb06c</permissionId>
+ <resourceName>
+ /locationauthorities/*/items/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>ce653183-2722-46c9-8f19-2e719c9cb06c</permissionId>
+ <resourceName>
+ /locationauthorities/*/items/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>59b8de3a-9b1d-4e82-9aa5-0d28dd5a46ac</permissionId>
+ <resourceName>locations</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>59b8de3a-9b1d-4e82-9aa5-0d28dd5a46ac</permissionId>
+ <resourceName>locations</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>37e00906-0fa5-4d20-be21-739f66bcac52</permissionId>
+ <resourceName>acquisitions</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>37e00906-0fa5-4d20-be21-739f66bcac52</permissionId>
+ <resourceName>acquisitions</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>1ebea466-ab70-4368-8965-aa9305661d50</permissionId>
+ <resourceName>
+ /acquisitions/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>1ebea466-ab70-4368-8965-aa9305661d50</permissionId>
+ <resourceName>
+ /acquisitions/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>c48e8d4a-7972-469f-a2bc-1bca201cd772</permissionId>
+ <resourceName>relations</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>c48e8d4a-7972-469f-a2bc-1bca201cd772</permissionId>
+ <resourceName>relations</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>b2f182cb-61d7-4016-a2e2-075c13afefd0</permissionId>
+ <resourceName>
+ relations/subject/*/type/*/object/*
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>b2f182cb-61d7-4016-a2e2-075c13afefd0</permissionId>
+ <resourceName>
+ relations/subject/*/type/*/object/*
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>6ba014c0-80e1-456f-9c3c-de339391d254</permissionId>
+ <resourceName>accounts</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>6ba014c0-80e1-456f-9c3c-de339391d254</permissionId>
+ <resourceName>accounts</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>ee04f607-8e32-46dd-b5c9-b7657cdd290c</permissionId>
+ <resourceName>dimensions</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>ee04f607-8e32-46dd-b5c9-b7657cdd290c</permissionId>
+ <resourceName>dimensions</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>828327fc-7b3d-4bde-b6d6-e48c74c3f4fd</permissionId>
+ <resourceName>contacts</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>828327fc-7b3d-4bde-b6d6-e48c74c3f4fd</permissionId>
+ <resourceName>contacts</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>2d48d7a3-faba-4e8d-93a3-0863de7d92da</permissionId>
+ <resourceName>
+ /personauthorities/*/items/*/contacts
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>2d48d7a3-faba-4e8d-93a3-0863de7d92da</permissionId>
+ <resourceName>
+ /personauthorities/*/items/*/contacts
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
<roleName>ROLE_ADMINISTRATOR</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>150c809f-ffd6-4b23-b86b-a6533feeda29</permissionId>
- <resourceName>id</resourceName>
+ <permissionId>7d8f835d-d9c0-4508-b279-eef890db247a</permissionId>
+ <resourceName>
+ /orgauthorities/*/items/*/contacts
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>7d8f835d-d9c0-4508-b279-eef890db247a</permissionId>
+ <resourceName>
+ /orgauthorities/*/items/*/contacts
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>ab92d994-29eb-4d64-bd49-b3cafd8f0a5b</permissionId>
+ <resourceName>notes</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>ab92d994-29eb-4d64-bd49-b3cafd8f0a5b</permissionId>
+ <resourceName>notes</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>db65825c-50c3-49a8-af5f-68115f16537b</permissionId>
+ <resourceName>authorization/roles</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>db65825c-50c3-49a8-af5f-68115f16537b</permissionId>
+ <resourceName>authorization/roles</resourceName>
</permission>
<role>
- <roleId>1</roleId>
+ <roleId>0</roleId>
<roleName>ROLE_ADMINISTRATOR</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>30f13249-56c6-428e-9f9b-be092520ca30</permissionId>
+ <permissionId>f7f41db6-f85f-4cd3-a2d6-d9185b6dd8e9</permissionId>
+ <resourceName>authorization/permissions</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>f7f41db6-f85f-4cd3-a2d6-d9185b6dd8e9</permissionId>
+ <resourceName>authorization/permissions</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>074e7f98-2580-48d3-969d-4043f156eaa2</permissionId>
+ <resourceName>authorization/permissions/permroles</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>074e7f98-2580-48d3-969d-4043f156eaa2</permissionId>
+ <resourceName>authorization/permissions/permroles</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
+ <roleName>ROLE_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>0cdd6f4e-58b6-4c11-bbbd-0984c30d6dbd</permissionId>
<resourceName>
- /idgenerators/*/ids
+ /authorization/permissions/*/permroles/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>0cdd6f4e-58b6-4c11-bbbd-0984c30d6dbd</permissionId>
+ <resourceName>
+ /authorization/permissions/*/permroles/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
+ <roleId>0</roleId>
<roleName>ROLE_ADMINISTRATOR</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>e5005679-b03a-4911-9081-741dced66508</permissionId>
- <resourceName>collectionobjects</resourceName>
+ <permissionId>361c4bed-bd81-4f22-82df-f462111663a9</permissionId>
+ <resourceName>accounts/accountroles</resourceName>
</permission>
<role>
- <roleId>1</roleId>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>361c4bed-bd81-4f22-82df-f462111663a9</permissionId>
+ <resourceName>accounts/accountroles</resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
<roleName>ROLE_ADMINISTRATOR</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>676a2ce3-f65a-445e-bc0f-cce5dc056eac</permissionId>
+ <permissionId>e272da20-719c-49d1-9584-c21cedcd3a65</permissionId>
<resourceName>
- /collectionobjects/*/authorityrefs/
+ /accounts/*/accountroles/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>e272da20-719c-49d1-9584-c21cedcd3a65</permissionId>
+ <resourceName>
+ /accounts/*/accountroles/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
+ <roleId>0</roleId>
<roleName>ROLE_ADMINISTRATOR</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>200f1961-8910-4170-8f7b-32fcf7eef047</permissionId>
- <resourceName>intakes</resourceName>
+ <permissionId>d7618a4f-d8be-45f6-b0f3-2816ecdca341</permissionId>
+ <resourceName>authorization/roles/permroles</resourceName>
+ </permission>
+ <role>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>d7618a4f-d8be-45f6-b0f3-2816ecdca341</permissionId>
+ <resourceName>authorization/roles/permroles</resourceName>
</permission>
<role>
- <roleId>1</roleId>
+ <roleId>0</roleId>
<roleName>ROLE_ADMINISTRATOR</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>aa534e0f-6979-4c52-873c-d58bd0151f9c</permissionId>
+ <permissionId>3b6b0755-9044-46ee-8a85-4e44ac68dd0a</permissionId>
<resourceName>
- /intakes/*/authorityrefs/
+ /authorization/roles/*/permroles/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
+ <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>3b6b0755-9044-46ee-8a85-4e44ac68dd0a</permissionId>
+ <resourceName>
+ /authorization/roles/*/permroles/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>0</roleId>
<roleName>ROLE_ADMINISTRATOR</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>0a3692cd-94f6-44dd-854a-1fb0b19fe71d</permissionId>
+ <permissionId>da5253a4-471f-4ada-9d7d-8f1a9a747647</permissionId>
+ <resourceName>idgenerators</resourceName>
+ </permission>
+ <role>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>4d524373-a5df-45e2-aec6-2e214f08431e</permissionId>
+ <resourceName>id</resourceName>
+ </permission>
+ <role>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>c757f1c4-3282-4055-b0e1-2c818fec709b</permissionId>
+ <resourceName>
+ /idgenerators/*/ids
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>e383a971-0335-41da-88e6-f7625303f186</permissionId>
+ <resourceName>collectionobjects</resourceName>
+ </permission>
+ <role>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>b2c49fb3-fb34-4425-86c7-73c48873a983</permissionId>
+ <resourceName>
+ /collectionobjects/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>2ac4ace4-20f8-4a5f-b984-4753e5452a87</permissionId>
+ <resourceName>intakes</resourceName>
+ </permission>
+ <role>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>64af5fcc-a57d-4fa6-820c-4ab857a46590</permissionId>
+ <resourceName>
+ /intakes/*/authorityrefs/
+ </resourceName>
+ </permission>
+ <role>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
+ </role>
+ </permissionRole>
+ <permissionRole>
+ <subject>ROLE</subject>
+ <permission>
+ <permissionId>0258eabe-02d3-494c-b405-30e3463a2feb</permissionId>
<resourceName>loansin</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>f56deb15-81a5-47ad-89c7-ea4738451b8c</permissionId>
+ <permissionId>ae5f5fab-7205-4b92-932f-857b68c5d4b5</permissionId>
<resourceName>
/loansin/*/authorityrefs/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>1628fe32-a657-4577-a6cd-87bcf942d56d</permissionId>
+ <permissionId>9e8b0907-e262-42f9-a4da-6e0bf6493e5a</permissionId>
<resourceName>loansout</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>d38171bb-62b2-402b-a8e9-329433f7092c</permissionId>
+ <permissionId>b46b29bc-1795-4e3e-a247-59e23742b705</permissionId>
<resourceName>
/loansout/*/authorityrefs/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>bf39f493-8e5b-4ca1-baaf-67dd8283b299</permissionId>
+ <permissionId>f90c5454-58e9-4b32-a8e4-03b80ed6f58e</permissionId>
<resourceName>movements</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>30130f70-6122-478c-9425-428815c0006c</permissionId>
+ <permissionId>e7c31362-9bb7-48a4-a324-63e84401df30</permissionId>
<resourceName>
/movements/*/authorityrefs/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>61dc8d8b-8d2e-4d0b-a76f-87d5be9a583c</permissionId>
+ <permissionId>90f3a12c-0ac1-417b-942e-88f2b11383b7</permissionId>
<resourceName>vocabularies</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>cdff0a6a-ca8a-4651-a291-d7e4e9e531ba</permissionId>
+ <permissionId>c961fc05-1a2c-4890-88b4-42757378e323</permissionId>
<resourceName>vocabularyitems</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>2bbbbe30-9562-4686-8237-00422e24e1d6</permissionId>
+ <permissionId>4d13ef59-1443-40ee-8e45-9892c83ec9a1</permissionId>
<resourceName>
/vocabularies/*/items/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>60e310d8-8d49-4ced-bdff-d1bc82d8cabd</permissionId>
+ <permissionId>6caa049b-25cc-486c-935f-bf215d550bcd</permissionId>
<resourceName>orgauthorities</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>0562b8c3-1883-4491-b77f-d8437c1433d6</permissionId>
+ <permissionId>08c36f8b-2432-44c4-a1dd-cba8c8ea53e5</permissionId>
<resourceName>
/orgauthorities/*/items/*/authorityrefs/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>44cba976-171b-408e-b3ed-3bd5b18e95e1</permissionId>
+ <permissionId>c0149cbb-a984-4e32-8302-c045a3e82bf2</permissionId>
<resourceName>organizations</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>c8e68564-bd16-462d-b191-a4fb4ad6d93a</permissionId>
+ <permissionId>b2e0c247-9e3b-4bf3-a956-8b98a8505263</permissionId>
<resourceName>
/orgauthorities/*/items/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>faf6fdb6-654e-44a3-b7de-e98eb3105e3f</permissionId>
+ <permissionId>35cb8d8b-4309-4177-9c1c-157dbeb36f5d</permissionId>
<resourceName>
/orgauthorities/*/items/*/refobjs
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>fc3845e7-122b-44c6-b46f-756421291994</permissionId>
+ <permissionId>c890f437-7356-4bcd-b5b1-0e36b13e6358</permissionId>
<resourceName>personauthorities</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>44b6f2f5-2ae5-4f9f-aaf6-21361e38992e</permissionId>
+ <permissionId>778904e1-8b67-4ace-af24-8b756385ce80</permissionId>
<resourceName>
/personauthorities/*/items/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>f488f02a-0107-4991-847f-db811fa843f5</permissionId>
+ <permissionId>d531417d-b61b-471c-90ff-f21969f00e4c</permissionId>
<resourceName>
/personauthorities/*/items/*/refobjs
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>b1236cf3-c8e3-462a-b189-e5bcebdd382e</permissionId>
+ <permissionId>46581f00-1338-417d-9ff5-1250a8eb5e3c</permissionId>
<resourceName>persons</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>7e329610-aa02-4d66-9a44-f7f5302c2ea4</permissionId>
+ <permissionId>b707073a-6c2f-4bc5-b8b2-800be7cc17ec</permissionId>
<resourceName>
/personauthorities/*/items/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>abee33c0-e304-44e1-ae27-0e518e0ee55b</permissionId>
+ <permissionId>88832e9b-0f62-406e-8a64-ea61d53153ed</permissionId>
<resourceName>locationauthorities</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>1924cf31-7025-4f43-896e-e6d7a7352788</permissionId>
+ <permissionId>5b8c3d7d-f027-4675-9edf-1f7733ce360d</permissionId>
<resourceName>
/locationauthorities/*/items/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>273e7918-f911-4f54-bc86-122aa539e813</permissionId>
+ <permissionId>a73bebb8-d109-4fbd-aa29-f71766eac61a</permissionId>
<resourceName>locations</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>934a970c-221e-41b5-92be-6ba22276bd7a</permissionId>
+ <permissionId>7d6dcff6-167f-4634-a35d-ec635e34fc60</permissionId>
<resourceName>acquisitions</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>61a10a62-4f23-4427-b262-f978a3b03806</permissionId>
+ <permissionId>2007cc99-7208-4238-9792-bceb5df78733</permissionId>
<resourceName>
/acquisitions/*/authorityrefs/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>463dc11d-8324-4fb9-9d07-7c134c68eb47</permissionId>
+ <permissionId>94594f80-9ae2-4f51-b1f1-21e49bca2f5e</permissionId>
<resourceName>relations</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>3c536b47-b851-4dca-bbd2-12d0fc20f713</permissionId>
+ <permissionId>e75b9dd6-737a-43cd-b847-c8effa3d6055</permissionId>
<resourceName>
relations/subject/*/type/*/object/*
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>87c457d9-3bf4-40d4-a3e1-7a9aae90c5c9</permissionId>
+ <permissionId>da6da169-41d0-4f7f-a246-e7a9c96967de</permissionId>
<resourceName>accounts</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>5762278c-fceb-4d67-908d-af389ac309ba</permissionId>
+ <permissionId>8b1fc4c6-1610-490d-8972-17ac113b36d9</permissionId>
<resourceName>dimensions</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>bd9104e1-1931-4d0e-aff4-d06ec78f069f</permissionId>
+ <permissionId>97455f0e-2064-4667-9bfe-540a05b571ae</permissionId>
<resourceName>contacts</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>aa3c23d7-7d42-43f0-899a-3b8bc0c03c3a</permissionId>
+ <permissionId>10655b0e-d168-4ac5-96fc-5ff88621aaee</permissionId>
<resourceName>
/personauthorities/*/items/*/contacts
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>a0f846e4-343c-4479-831e-04cc40e51902</permissionId>
+ <permissionId>1209a058-b37e-438d-906a-03bc49a4928c</permissionId>
<resourceName>
/orgauthorities/*/items/*/contacts
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>b975509e-d1bd-42a2-98d4-bfde50a342c3</permissionId>
+ <permissionId>eb97ccdf-daaa-436e-bd40-f86e3d7dc8d0</permissionId>
<resourceName>notes</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>c9524c19-4819-4aea-aab3-341887d83b3f</permissionId>
+ <permissionId>655fb068-d229-47e0-b636-48e53217d070</permissionId>
<resourceName>authorization/roles</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>eec11401-da9e-4a33-b68d-b3d4906c3329</permissionId>
+ <permissionId>556204b7-df13-40fe-8185-ac4e9924a033</permissionId>
<resourceName>authorization/permissions</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>975a8e80-8a30-426c-9d5b-aa32f6813f6d</permissionId>
+ <permissionId>3d5ecccd-37a5-4185-88b3-66aa1def43b5</permissionId>
<resourceName>authorization/permissions/permroles</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>76ae1b26-9c42-4011-8130-178d90ff4c3b</permissionId>
+ <permissionId>049d792a-f1c7-42de-8d88-c09a1143340f</permissionId>
<resourceName>
/authorization/permissions/*/permroles/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>662f9c6c-f8f1-4a78-922e-9c4250237b36</permissionId>
+ <permissionId>b85355db-2c33-4469-bb27-bf4fb1ac4039</permissionId>
<resourceName>accounts/accountroles</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>e8cca9fb-a6cc-4944-a441-857d661280a9</permissionId>
+ <permissionId>ce37cf6c-a550-49de-9bdf-0ede7cafb617</permissionId>
<resourceName>
/accounts/*/accountroles/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>f771df0b-98c8-4f84-aaf3-ae62c113d4cb</permissionId>
+ <permissionId>e1af00a3-a7c9-441f-a48c-f9698f47298a</permissionId>
<resourceName>authorization/roles/permroles</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>937a7ab0-6c26-497b-a901-49f550987320</permissionId>
+ <permissionId>8fc74578-d253-4eb7-a0e3-43bc70a88a62</permissionId>
<resourceName>
/authorization/roles/*/permroles/
</resourceName>
</permission>
<role>
- <roleId>1</roleId>
- <roleName>ROLE_ADMINISTRATOR</roleName>
+ <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+ <roleName>ROLE_TENANT_READER</roleName>
</role>
</permissionRole>
</ns2:permissions_roles_list>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:permissions_list xmlns:ns2="http://collectionspace.org/services/authorization">
- <permission csid="68eea582-e5b0-4aab-a01b-e45126ce1924">
+ <permission csid="de3657a1-99f8-46b6-b4bb-2e28f9def87f">
+ <description>generated admin permission</description>
<resourceName>idgenerators</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.388</createdAt>
</permission>
- <permission csid="150c809f-ffd6-4b23-b86b-a6533feeda29">
+ <permission csid="b6644980-aeef-4d8f-a048-338057f9d973">
+ <description>generated admin permission</description>
<resourceName>id</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.390</createdAt>
</permission>
- <permission csid="30f13249-56c6-428e-9f9b-be092520ca30">
+ <permission csid="ddcdcc15-7f5a-49d8-8354-82c2e52d4727">
+ <description>generated admin permission</description>
<resourceName>
/idgenerators/*/ids
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.390</createdAt>
</permission>
- <permission csid="e5005679-b03a-4911-9081-741dced66508">
+ <permission csid="b203fb49-56c3-4662-b4bd-4008a6462364">
+ <description>generated admin permission</description>
<resourceName>collectionobjects</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.391</createdAt>
</permission>
- <permission csid="676a2ce3-f65a-445e-bc0f-cce5dc056eac">
+ <permission csid="2dde10d0-2ce9-471b-9c66-c67a6e7c511f">
+ <description>generated admin permission</description>
<resourceName>
/collectionobjects/*/authorityrefs/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.391</createdAt>
</permission>
- <permission csid="200f1961-8910-4170-8f7b-32fcf7eef047">
+ <permission csid="b8323642-cd0a-491f-a952-cf36d2b32134">
+ <description>generated admin permission</description>
<resourceName>intakes</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.391</createdAt>
</permission>
- <permission csid="aa534e0f-6979-4c52-873c-d58bd0151f9c">
+ <permission csid="3c3e7ff6-7ecd-4643-b662-3fcb54e62abe">
+ <description>generated admin permission</description>
<resourceName>
/intakes/*/authorityrefs/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.392</createdAt>
</permission>
- <permission csid="0a3692cd-94f6-44dd-854a-1fb0b19fe71d">
+ <permission csid="e248b5af-6eb3-4063-8816-6c2b0c55537c">
+ <description>generated admin permission</description>
<resourceName>loansin</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.392</createdAt>
</permission>
- <permission csid="f56deb15-81a5-47ad-89c7-ea4738451b8c">
+ <permission csid="6529cf6d-34ae-4bab-a6e2-ab19973620fb">
+ <description>generated admin permission</description>
<resourceName>
/loansin/*/authorityrefs/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.393</createdAt>
</permission>
- <permission csid="1628fe32-a657-4577-a6cd-87bcf942d56d">
+ <permission csid="1145d28d-269a-41fd-806f-b0d6511cf273">
+ <description>generated admin permission</description>
<resourceName>loansout</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.393</createdAt>
</permission>
- <permission csid="d38171bb-62b2-402b-a8e9-329433f7092c">
+ <permission csid="8773ed3b-9432-44e8-900e-1bc3908e7911">
+ <description>generated admin permission</description>
<resourceName>
/loansout/*/authorityrefs/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.393</createdAt>
</permission>
- <permission csid="bf39f493-8e5b-4ca1-baaf-67dd8283b299">
+ <permission csid="21786a64-02e0-4359-9c61-47cf821f2362">
+ <description>generated admin permission</description>
<resourceName>movements</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.394</createdAt>
</permission>
- <permission csid="30130f70-6122-478c-9425-428815c0006c">
+ <permission csid="d501423e-9425-4c99-bf6f-478a2a9f971e">
+ <description>generated admin permission</description>
<resourceName>
/movements/*/authorityrefs/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.394</createdAt>
</permission>
- <permission csid="61dc8d8b-8d2e-4d0b-a76f-87d5be9a583c">
+ <permission csid="88075c4c-d5ed-420a-a767-1ab662066feb">
+ <description>generated admin permission</description>
<resourceName>vocabularies</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.395</createdAt>
</permission>
- <permission csid="cdff0a6a-ca8a-4651-a291-d7e4e9e531ba">
+ <permission csid="2444d28d-883f-4566-a378-f03b95d100b9">
+ <description>generated admin permission</description>
<resourceName>vocabularyitems</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.395</createdAt>
</permission>
- <permission csid="2bbbbe30-9562-4686-8237-00422e24e1d6">
+ <permission csid="80a57584-6438-4df3-95df-bba1d7d9a275">
+ <description>generated admin permission</description>
<resourceName>
/vocabularies/*/items/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.396</createdAt>
</permission>
- <permission csid="60e310d8-8d49-4ced-bdff-d1bc82d8cabd">
+ <permission csid="812a71ed-0dfe-4371-a390-4776ab5519f2">
+ <description>generated admin permission</description>
<resourceName>orgauthorities</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.396</createdAt>
</permission>
- <permission csid="0562b8c3-1883-4491-b77f-d8437c1433d6">
+ <permission csid="a9aeff96-179f-4b1d-8e74-25358185fdae">
+ <description>generated admin permission</description>
<resourceName>
/orgauthorities/*/items/*/authorityrefs/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.397</createdAt>
</permission>
- <permission csid="44cba976-171b-408e-b3ed-3bd5b18e95e1">
+ <permission csid="23897bf4-c727-4737-a70c-dc446519e1d5">
+ <description>generated admin permission</description>
<resourceName>organizations</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.397</createdAt>
</permission>
- <permission csid="c8e68564-bd16-462d-b191-a4fb4ad6d93a">
+ <permission csid="64f48448-c5ed-4096-acc8-17daebf2924f">
+ <description>generated admin permission</description>
<resourceName>
/orgauthorities/*/items/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.397</createdAt>
</permission>
- <permission csid="faf6fdb6-654e-44a3-b7de-e98eb3105e3f">
+ <permission csid="90bea796-bf38-46a6-8a9e-fc9a1eed157d">
+ <description>generated admin permission</description>
<resourceName>
/orgauthorities/*/items/*/refobjs
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.398</createdAt>
</permission>
- <permission csid="fc3845e7-122b-44c6-b46f-756421291994">
+ <permission csid="e61b8b12-3db0-499a-b074-79afec3f141a">
+ <description>generated admin permission</description>
<resourceName>personauthorities</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.398</createdAt>
</permission>
- <permission csid="44b6f2f5-2ae5-4f9f-aaf6-21361e38992e">
+ <permission csid="ce34076c-83b0-409c-b2b8-2d3805af9056">
+ <description>generated admin permission</description>
<resourceName>
/personauthorities/*/items/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.398</createdAt>
</permission>
- <permission csid="f488f02a-0107-4991-847f-db811fa843f5">
+ <permission csid="acac0886-627b-43e6-810c-f62c928b99bf">
+ <description>generated admin permission</description>
<resourceName>
/personauthorities/*/items/*/refobjs
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.399</createdAt>
</permission>
- <permission csid="b1236cf3-c8e3-462a-b189-e5bcebdd382e">
+ <permission csid="1aa13e33-4b21-4e6f-b670-2fc13f8fd2b4">
+ <description>generated admin permission</description>
<resourceName>persons</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.399</createdAt>
</permission>
- <permission csid="7e329610-aa02-4d66-9a44-f7f5302c2ea4">
+ <permission csid="cbb98b91-25ed-4e8b-af4d-48f11e981e19">
+ <description>generated admin permission</description>
<resourceName>
/personauthorities/*/items/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.400</createdAt>
</permission>
- <permission csid="abee33c0-e304-44e1-ae27-0e518e0ee55b">
+ <permission csid="7c9e5c9a-8eb7-4579-ad94-e6d4f90c9ae8">
+ <description>generated admin permission</description>
<resourceName>locationauthorities</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.400</createdAt>
</permission>
- <permission csid="1924cf31-7025-4f43-896e-e6d7a7352788">
+ <permission csid="ce653183-2722-46c9-8f19-2e719c9cb06c">
+ <description>generated admin permission</description>
<resourceName>
/locationauthorities/*/items/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.401</createdAt>
</permission>
- <permission csid="273e7918-f911-4f54-bc86-122aa539e813">
+ <permission csid="59b8de3a-9b1d-4e82-9aa5-0d28dd5a46ac">
+ <description>generated admin permission</description>
<resourceName>locations</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.401</createdAt>
</permission>
- <permission csid="934a970c-221e-41b5-92be-6ba22276bd7a">
+ <permission csid="37e00906-0fa5-4d20-be21-739f66bcac52">
+ <description>generated admin permission</description>
<resourceName>acquisitions</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.401</createdAt>
</permission>
- <permission csid="61a10a62-4f23-4427-b262-f978a3b03806">
+ <permission csid="1ebea466-ab70-4368-8965-aa9305661d50">
+ <description>generated admin permission</description>
<resourceName>
/acquisitions/*/authorityrefs/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.402</createdAt>
</permission>
- <permission csid="463dc11d-8324-4fb9-9d07-7c134c68eb47">
+ <permission csid="c48e8d4a-7972-469f-a2bc-1bca201cd772">
+ <description>generated admin permission</description>
<resourceName>relations</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.402</createdAt>
</permission>
- <permission csid="3c536b47-b851-4dca-bbd2-12d0fc20f713">
+ <permission csid="b2f182cb-61d7-4016-a2e2-075c13afefd0">
+ <description>generated admin permission</description>
<resourceName>
relations/subject/*/type/*/object/*
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.402</createdAt>
</permission>
- <permission csid="87c457d9-3bf4-40d4-a3e1-7a9aae90c5c9">
+ <permission csid="6ba014c0-80e1-456f-9c3c-de339391d254">
+ <description>generated admin permission</description>
<resourceName>accounts</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.403</createdAt>
</permission>
- <permission csid="5762278c-fceb-4d67-908d-af389ac309ba">
+ <permission csid="ee04f607-8e32-46dd-b5c9-b7657cdd290c">
+ <description>generated admin permission</description>
<resourceName>dimensions</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.403</createdAt>
</permission>
- <permission csid="bd9104e1-1931-4d0e-aff4-d06ec78f069f">
+ <permission csid="828327fc-7b3d-4bde-b6d6-e48c74c3f4fd">
+ <description>generated admin permission</description>
<resourceName>contacts</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.404</createdAt>
</permission>
- <permission csid="aa3c23d7-7d42-43f0-899a-3b8bc0c03c3a">
+ <permission csid="2d48d7a3-faba-4e8d-93a3-0863de7d92da">
+ <description>generated admin permission</description>
<resourceName>
/personauthorities/*/items/*/contacts
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.404</createdAt>
</permission>
- <permission csid="a0f846e4-343c-4479-831e-04cc40e51902">
+ <permission csid="7d8f835d-d9c0-4508-b279-eef890db247a">
+ <description>generated admin permission</description>
<resourceName>
/orgauthorities/*/items/*/contacts
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.404</createdAt>
</permission>
- <permission csid="b975509e-d1bd-42a2-98d4-bfde50a342c3">
+ <permission csid="ab92d994-29eb-4d64-bd49-b3cafd8f0a5b">
+ <description>generated admin permission</description>
<resourceName>notes</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.405</createdAt>
</permission>
- <permission csid="c9524c19-4819-4aea-aab3-341887d83b3f">
+ <permission csid="db65825c-50c3-49a8-af5f-68115f16537b">
+ <description>generated admin permission</description>
<resourceName>authorization/roles</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.405</createdAt>
</permission>
- <permission csid="eec11401-da9e-4a33-b68d-b3d4906c3329">
+ <permission csid="f7f41db6-f85f-4cd3-a2d6-d9185b6dd8e9">
+ <description>generated admin permission</description>
<resourceName>authorization/permissions</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.405</createdAt>
</permission>
- <permission csid="975a8e80-8a30-426c-9d5b-aa32f6813f6d">
+ <permission csid="074e7f98-2580-48d3-969d-4043f156eaa2">
+ <description>generated admin permission</description>
<resourceName>authorization/permissions/permroles</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.406</createdAt>
</permission>
- <permission csid="76ae1b26-9c42-4011-8130-178d90ff4c3b">
+ <permission csid="0cdd6f4e-58b6-4c11-bbbd-0984c30d6dbd">
+ <description>generated admin permission</description>
<resourceName>
/authorization/permissions/*/permroles/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.406</createdAt>
</permission>
- <permission csid="662f9c6c-f8f1-4a78-922e-9c4250237b36">
+ <permission csid="361c4bed-bd81-4f22-82df-f462111663a9">
+ <description>generated admin permission</description>
<resourceName>accounts/accountroles</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.407</createdAt>
</permission>
- <permission csid="e8cca9fb-a6cc-4944-a441-857d661280a9">
+ <permission csid="e272da20-719c-49d1-9584-c21cedcd3a65">
+ <description>generated admin permission</description>
<resourceName>
/accounts/*/accountroles/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.407</createdAt>
</permission>
- <permission csid="f771df0b-98c8-4f84-aaf3-ae62c113d4cb">
+ <permission csid="d7618a4f-d8be-45f6-b0f3-2816ecdca341">
+ <description>generated admin permission</description>
<resourceName>authorization/roles/permroles</resourceName>
<action>
<name>CREATE</name>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.407</createdAt>
</permission>
- <permission csid="937a7ab0-6c26-497b-a901-49f550987320">
+ <permission csid="3b6b0755-9044-46ee-8a85-4e44ac68dd0a">
+ <description>generated admin permission</description>
<resourceName>
/authorization/roles/*/permroles/
</resourceName>
</action>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.408</createdAt>
+ </permission>
+ <permission csid="da5253a4-471f-4ada-9d7d-8f1a9a747647">
+ <description>generated readonly permission</description>
+ <resourceName>idgenerators</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.408</createdAt>
+ </permission>
+ <permission csid="4d524373-a5df-45e2-aec6-2e214f08431e">
+ <description>generated readonly permission</description>
+ <resourceName>id</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.408</createdAt>
+ </permission>
+ <permission csid="c757f1c4-3282-4055-b0e1-2c818fec709b">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /idgenerators/*/ids
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.409</createdAt>
+ </permission>
+ <permission csid="e383a971-0335-41da-88e6-f7625303f186">
+ <description>generated readonly permission</description>
+ <resourceName>collectionobjects</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.409</createdAt>
+ </permission>
+ <permission csid="b2c49fb3-fb34-4425-86c7-73c48873a983">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /collectionobjects/*/authorityrefs/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.410</createdAt>
+ </permission>
+ <permission csid="2ac4ace4-20f8-4a5f-b984-4753e5452a87">
+ <description>generated readonly permission</description>
+ <resourceName>intakes</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.410</createdAt>
+ </permission>
+ <permission csid="64af5fcc-a57d-4fa6-820c-4ab857a46590">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /intakes/*/authorityrefs/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.410</createdAt>
+ </permission>
+ <permission csid="0258eabe-02d3-494c-b405-30e3463a2feb">
+ <description>generated readonly permission</description>
+ <resourceName>loansin</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.411</createdAt>
+ </permission>
+ <permission csid="ae5f5fab-7205-4b92-932f-857b68c5d4b5">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /loansin/*/authorityrefs/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.411</createdAt>
+ </permission>
+ <permission csid="9e8b0907-e262-42f9-a4da-6e0bf6493e5a">
+ <description>generated readonly permission</description>
+ <resourceName>loansout</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.411</createdAt>
+ </permission>
+ <permission csid="b46b29bc-1795-4e3e-a247-59e23742b705">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /loansout/*/authorityrefs/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.412</createdAt>
+ </permission>
+ <permission csid="f90c5454-58e9-4b32-a8e4-03b80ed6f58e">
+ <description>generated readonly permission</description>
+ <resourceName>movements</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.412</createdAt>
+ </permission>
+ <permission csid="e7c31362-9bb7-48a4-a324-63e84401df30">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /movements/*/authorityrefs/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.412</createdAt>
+ </permission>
+ <permission csid="90f3a12c-0ac1-417b-942e-88f2b11383b7">
+ <description>generated readonly permission</description>
+ <resourceName>vocabularies</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.413</createdAt>
+ </permission>
+ <permission csid="c961fc05-1a2c-4890-88b4-42757378e323">
+ <description>generated readonly permission</description>
+ <resourceName>vocabularyitems</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.413</createdAt>
+ </permission>
+ <permission csid="4d13ef59-1443-40ee-8e45-9892c83ec9a1">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /vocabularies/*/items/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.414</createdAt>
+ </permission>
+ <permission csid="6caa049b-25cc-486c-935f-bf215d550bcd">
+ <description>generated readonly permission</description>
+ <resourceName>orgauthorities</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.414</createdAt>
+ </permission>
+ <permission csid="08c36f8b-2432-44c4-a1dd-cba8c8ea53e5">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /orgauthorities/*/items/*/authorityrefs/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.414</createdAt>
+ </permission>
+ <permission csid="c0149cbb-a984-4e32-8302-c045a3e82bf2">
+ <description>generated readonly permission</description>
+ <resourceName>organizations</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.415</createdAt>
+ </permission>
+ <permission csid="b2e0c247-9e3b-4bf3-a956-8b98a8505263">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /orgauthorities/*/items/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.415</createdAt>
+ </permission>
+ <permission csid="35cb8d8b-4309-4177-9c1c-157dbeb36f5d">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /orgauthorities/*/items/*/refobjs
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.415</createdAt>
+ </permission>
+ <permission csid="c890f437-7356-4bcd-b5b1-0e36b13e6358">
+ <description>generated readonly permission</description>
+ <resourceName>personauthorities</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.416</createdAt>
+ </permission>
+ <permission csid="778904e1-8b67-4ace-af24-8b756385ce80">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /personauthorities/*/items/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.416</createdAt>
+ </permission>
+ <permission csid="d531417d-b61b-471c-90ff-f21969f00e4c">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /personauthorities/*/items/*/refobjs
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.417</createdAt>
+ </permission>
+ <permission csid="46581f00-1338-417d-9ff5-1250a8eb5e3c">
+ <description>generated readonly permission</description>
+ <resourceName>persons</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.417</createdAt>
+ </permission>
+ <permission csid="b707073a-6c2f-4bc5-b8b2-800be7cc17ec">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /personauthorities/*/items/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.417</createdAt>
+ </permission>
+ <permission csid="88832e9b-0f62-406e-8a64-ea61d53153ed">
+ <description>generated readonly permission</description>
+ <resourceName>locationauthorities</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.418</createdAt>
+ </permission>
+ <permission csid="5b8c3d7d-f027-4675-9edf-1f7733ce360d">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /locationauthorities/*/items/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.418</createdAt>
+ </permission>
+ <permission csid="a73bebb8-d109-4fbd-aa29-f71766eac61a">
+ <description>generated readonly permission</description>
+ <resourceName>locations</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.418</createdAt>
+ </permission>
+ <permission csid="7d6dcff6-167f-4634-a35d-ec635e34fc60">
+ <description>generated readonly permission</description>
+ <resourceName>acquisitions</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.419</createdAt>
+ </permission>
+ <permission csid="2007cc99-7208-4238-9792-bceb5df78733">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /acquisitions/*/authorityrefs/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.419</createdAt>
+ </permission>
+ <permission csid="94594f80-9ae2-4f51-b1f1-21e49bca2f5e">
+ <description>generated readonly permission</description>
+ <resourceName>relations</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.419</createdAt>
+ </permission>
+ <permission csid="e75b9dd6-737a-43cd-b847-c8effa3d6055">
+ <description>generated readonly permission</description>
+ <resourceName>
+ relations/subject/*/type/*/object/*
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.420</createdAt>
+ </permission>
+ <permission csid="da6da169-41d0-4f7f-a246-e7a9c96967de">
+ <description>generated readonly permission</description>
+ <resourceName>accounts</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.420</createdAt>
+ </permission>
+ <permission csid="8b1fc4c6-1610-490d-8972-17ac113b36d9">
+ <description>generated readonly permission</description>
+ <resourceName>dimensions</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.421</createdAt>
+ </permission>
+ <permission csid="97455f0e-2064-4667-9bfe-540a05b571ae">
+ <description>generated readonly permission</description>
+ <resourceName>contacts</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.421</createdAt>
+ </permission>
+ <permission csid="10655b0e-d168-4ac5-96fc-5ff88621aaee">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /personauthorities/*/items/*/contacts
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.421</createdAt>
+ </permission>
+ <permission csid="1209a058-b37e-438d-906a-03bc49a4928c">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /orgauthorities/*/items/*/contacts
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.422</createdAt>
+ </permission>
+ <permission csid="eb97ccdf-daaa-436e-bd40-f86e3d7dc8d0">
+ <description>generated readonly permission</description>
+ <resourceName>notes</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.422</createdAt>
+ </permission>
+ <permission csid="655fb068-d229-47e0-b636-48e53217d070">
+ <description>generated readonly permission</description>
+ <resourceName>authorization/roles</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.422</createdAt>
+ </permission>
+ <permission csid="556204b7-df13-40fe-8185-ac4e9924a033">
+ <description>generated readonly permission</description>
+ <resourceName>authorization/permissions</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.423</createdAt>
+ </permission>
+ <permission csid="3d5ecccd-37a5-4185-88b3-66aa1def43b5">
+ <description>generated readonly permission</description>
+ <resourceName>authorization/permissions/permroles</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.423</createdAt>
+ </permission>
+ <permission csid="049d792a-f1c7-42de-8d88-c09a1143340f">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /authorization/permissions/*/permroles/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.423</createdAt>
+ </permission>
+ <permission csid="b85355db-2c33-4469-bb27-bf4fb1ac4039">
+ <description>generated readonly permission</description>
+ <resourceName>accounts/accountroles</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.424</createdAt>
+ </permission>
+ <permission csid="ce37cf6c-a550-49de-9bdf-0ede7cafb617">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /accounts/*/accountroles/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.424</createdAt>
+ </permission>
+ <permission csid="e1af00a3-a7c9-441f-a48c-f9698f47298a">
+ <description>generated readonly permission</description>
+ <resourceName>authorization/roles/permroles</resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.424</createdAt>
+ </permission>
+ <permission csid="8fc74578-d253-4eb7-a0e3-43bc70a88a62">
+ <description>generated readonly permission</description>
+ <resourceName>
+ /authorization/roles/*/permroles/
+ </resourceName>
+ <action>
+ <name>READ</name>
+ </action>
+ <action>
+ <name>SEARCH</name>
+ </action>
+ <effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.424</createdAt>
</permission>
</ns2:permissions_list>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<ns2:roles_list xmlns:ns2="http://collectionspace.org/services/authorization">
+ <role csid="ad3a2b4c-ef74-47f0-bdb0-f6a906acd370">
+ <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+ <description>generated tenant admin role</description>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.372</createdAt>
+ </role>
+ <role csid="25f537c9-a213-41de-97f0-18524d5f4eb2">
+ <roleName>ROLE_TENANT_READER</roleName>
+ <description>generated tenant read only role</description>
+ <tenant_id>1</tenant_id>
+ <createdAt>2010-06-04T14:14:37.386</createdAt>
+ </role>
+</ns2:roles_list>
log4j.logger.org.apache=INFO\r
log4j.logger.httpclient=INFO\r
log4j.logger.org.jboss.resteasy=INFO\r
-log4j.logger.org.hibernate=INFO\r
+log4j.logger.org.hibernate=WARN\r
log4j.logger.org.hibernate.cfg=WARN\r
log4j.logger.org.springframework=INFO\r
} else {
//subject mismatch should have been checked during validation
}
- if (subject.equals(SubjectType.ROLE)) {
- //FIXME: potential index out of bounds exception...negative test needed
- PermissionValue pv = pr.getPermissions().get(0);
- for (RoleValue rv : pr.getRoles()) {
- PermissionRoleRel prr = buildPermissonRoleRel(pv, rv);
- prrl.add(prr);
- }
- } else if (SubjectType.PERMISSION.equals(subject)) {
- //FIXME: potential index out of bounds exception...negative test needed
- RoleValue rv = pr.getRoles().get(0);
- for (PermissionValue pv : pr.getPermissions()) {
- PermissionRoleRel prr = buildPermissonRoleRel(pv, rv);
- prrl.add(prr);
- }
- }
+ PermissionRoleUtil.buildPermissionRoleRel(pr, subject, prrl);
}
@Override
rv.setRoleName(prr.getRoleName());
return rv;
}
-
- private PermissionRoleRel buildPermissonRoleRel(PermissionValue pv, RoleValue rv) {
- PermissionRoleRel prr = new PermissionRoleRel();
- prr.setPermissionId(pv.getPermissionId());
- prr.setPermissionResource(pv.getResourceName());
- prr.setRoleId(rv.getRoleId());
- prr.setRoleName(rv.getRoleName());
- return prr;
- }
}
*/
package org.collectionspace.services.authorization.storage;
+import java.util.List;
import org.collectionspace.services.authorization.PermissionRole;
+import org.collectionspace.services.authorization.PermissionRoleRel;
+import org.collectionspace.services.authorization.PermissionValue;
+import org.collectionspace.services.authorization.RoleValue;
import org.collectionspace.services.authorization.SubjectType;
import org.collectionspace.services.common.context.ServiceContext;
import org.collectionspace.services.common.context.ServiceContextProperties;
static SubjectType getRelationSubject(ServiceContext ctx) {
Object o = ctx.getProperty(ServiceContextProperties.SUBJECT);
if (o == null) {
- throw new IllegalArgumentException(ServiceContextProperties.SUBJECT +
- " property is missing in context "
+ throw new IllegalArgumentException(ServiceContextProperties.SUBJECT
+ + " property is missing in context "
+ ctx.toString());
}
return (SubjectType) o;
}
-
static SubjectType getRelationSubject(ServiceContext ctx, PermissionRole pr) {
SubjectType subject = pr.getSubject();
if (subject == null) {
}
return subject;
}
+
+ /**
+ * buildPermissionRoleRel builds persistent relationship entities from given
+ * permissionrole
+ * @param pr permissionrole
+ * @param subject
+ * @param prrl persistent entities built are inserted into this list
+ */
+ static public void buildPermissionRoleRel(PermissionRole pr, SubjectType subject, List<PermissionRoleRel> prrl) {
+
+ if (subject.equals(SubjectType.ROLE)) {
+ //FIXME: potential index out of bounds exception...negative test needed
+ PermissionValue pv = pr.getPermissions().get(0);
+ for (RoleValue rv : pr.getRoles()) {
+ PermissionRoleRel prr = buildPermissonRoleRel(pv, rv);
+ prrl.add(prr);
+ }
+ } else if (SubjectType.PERMISSION.equals(subject)) {
+ //FIXME: potential index out of bounds exception...negative test needed
+ RoleValue rv = pr.getRoles().get(0);
+ for (PermissionValue pv : pr.getPermissions()) {
+ PermissionRoleRel prr = buildPermissonRoleRel(pv, rv);
+ prrl.add(prr);
+ }
+ }
+ }
+
+ static private PermissionRoleRel buildPermissonRoleRel(PermissionValue pv, RoleValue rv) {
+ PermissionRoleRel prr = new PermissionRoleRel();
+ prr.setPermissionId(pv.getPermissionId());
+ prr.setPermissionResource(pv.getResourceName());
+ prr.setRoleId(rv.getRoleId());
+ prr.setRoleName(rv.getRoleName());
+ return prr;
+ }
}
--\r
use cspace;\r
\r
-insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('1', 'ROLE_ADMINISTRATOR', 'admin', '2010-02-17 16:31:48', '0');\r
-insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('2', 'ROLE_USERS', 'collections', '2010-02-17 16:31:48', '1');\r
-insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('3', 'ROLE_COLLECTIONS_MANAGER', 'collections', '2010-02-17 16:31:48', '1');\r
-insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('4', 'ROLE_COLLECTIONS_REGISTRAR', 'collections', '2010-02-17 16:31:48', '1');\r
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('1', 'ROLE_ADMINISTRATOR', 'CollectionSpace Administrator', '2010-02-17 16:31:48', '0');\r
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('2', 'ROLE_USERS', 'a role for security testing', '2010-02-17 16:31:48', '1');\r
\r
insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('eeca40d7-dc77-4cc5-b489-16a53c75525a', 'test', '1', 'ROLE_ADMINISTRATOR', '2010-02-17 16:31:48');\r
insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('eeca40d7-dc77-4cc5-b489-16a53c75525a', 'test', '2', 'ROLE_USERS', '2010-02-17 16:31:48');\r
-insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('eeca40d7-dc77-4cc5-b489-16a53c75525a', 'test', '3', 'ROLE_COLLECTIONS_MANAGER', '2010-02-17 16:31:48');\r
\r
-- Additional account introduced during integration on release 0.6, and currently relied upon by the Application Layer.\r
insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('251f98f3-0292-4f3e-aa95-455314050e1b', 'test@collectionspace.org', '1', 'ROLE_ADMINISTRATOR', '2010-05-03 12:35:00');\r
-insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('251f98f3-0292-4f3e-aa95-455314050e1b', 'test@collectionspace.org', '2', 'ROLE_USERS', '2010-05-03 12:35:00');\r
-insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('251f98f3-0292-4f3e-aa95-455314050e1b', 'test@collectionspace.org', '3', 'ROLE_COLLECTIONS_MANAGER', '2010-05-03 12:35:00');\r
\r
-- todo: barney is created in security test but accountrole is not yet created there, so add fake account id\r
insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('1', 'barney', '2', 'ROLE_USERS', '2010-02-17 16:31:48');\r
-insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('1', 'barney', '3', 'ROLE_COLLECTIONS_MANAGER', '2010-02-17 16:31:48');\r
+\r
projects / tmp / jakarta-migration.git / commitdiff