CSPACE-595 first pass at the side-by-side tenant test, although not used concurrently yet

CSPACE-1035 nuxeo domain (for each tenant) is created at the startup time if it does not already exist
- added pahma-domain (hearstmuseum.berkeley.edu) to the tenant bindings in addition to the default-domain (movingimages.us) that is currently used. both bindings are similar in this first pass, i.e. both tenants use the same set of services with same service object bindings as well.
- each tenant binding now specifies repository domain(s) used
- each repository domain embodies information about the repository client needed
- tenantrepository uses repository javaclient instead of using nuxeo connector directly
- each service binding now specifies the repository domain used
- account factory on the client side now takes tenant id from new property cspace.tenant that is added to collection-space-client.properties
- removed deadwood from test-xxx.sql scripts
- role and permissions doc handlers now utilize tenant id if provided by the consumer at the time of creation, if not, they continue to use logged in user's tenant id
-

!!ATTENTION!!
-ant create_db from the trunk (to verify nuxeo domain is created)
-ant import from the trunk (no need to checkin import-*.xml files)
-ant undeploy deploy from the trunk

M    trunk/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java
M    trunk/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java
M    trunk/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationSeed.java
M    trunk/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml
M    trunk/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml
M    trunk/services/authorization-mgt/import/src/main/resources/import-data/import-roles.xml
M    trunk/services/authorization-mgt/import/src/main/resources/log4j.properties
M    trunk/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/RoleServiceTest.java
M    trunk/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionServiceTest.java
M    trunk/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql
M    trunk/services/authentication/pstore/src/main/resources/db/mysql/test_authentication.sql
M    trunk/services/common/src/main/java/org/collectionspace/services/common/repository/RepositoryClient.java
M    trunk/services/common/src/main/java/org/collectionspace/services/common/context/AbstractServiceContextImpl.java
M    trunk/services/common/src/main/java/org/collectionspace/services/common/ServiceMain.java
M    trunk/services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java
M    trunk/services/common/src/main/java/org/collectionspace/services/common/document/JaxbUtils.java
M    trunk/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RepositoryJavaClientImpl.java
M    trunk/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/TenantRepository.java
M    trunk/services/common/src/main/config/services/service-config.xml
M    trunk/services/common/src/main/config/services/tenant-bindings.xml
M    trunk/services/common/src/main/resources/tenant.xsd
M    trunk/services/common/src/main/resources/service.xsd
M    trunk/services/account/pstore/src/main/resources/db/mysql/test_account.sql
M    trunk/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountRoleServiceTest.java
M    trunk/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java
M    trunk/services/account/client/src/main/java/org/collectionspace/services/client/AccountFactory.java
M    trunk/services/account/client/src/main/java/org/collectionspace/services/client/AccountClient.java
M    trunk/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthenticationServiceTest.java
M    trunk/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthorizationServiceTest.java
M    trunk/services/client/src/main/java/org/collectionspace/services/client/AbstractServiceClientImpl.java
M    trunk/services/client/src/main/java/org/collectionspace/services/client/CollectionSpaceClient.java
M    trunk/services/client/src/main/resources/collectionspace-client.properties
D    trunk/src/main/resources/db/mysql/service-dump.sql

diff --git a/services/account/client/src/main/java/org/collectionspace/services/client/AccountClient.java b/services/account/client/src/main/java/org/collectionspace/services/client/AccountClient.java
index ade53c128d53aec335b2ae5ca188aad848998f22..efad64555befc6a725b28d06974ae7ba5fd82e72 100644 (file)
--- a/services/account/client/src/main/java/org/collectionspace/services/client/AccountClient.java
+++ b/services/account/client/src/main/java/org/collectionspace/services/client/AccountClient.java
@@ -69,9 +69,9 @@ public class AccountClient extends AbstractServiceClientImpl {
 
     @Override
     public CollectionSpaceProxy getProxy() {
-       return this.accountProxy;
+        return this.accountProxy;
     }
-    
+
     /**
      * allow to reset proxy as per security needs
      */
@@ -135,7 +135,12 @@ public class AccountClient extends AbstractServiceClientImpl {
      * @see org.collectionspace.hello.client.AccountProxy#deleteAccount(java.lang.Long)
      */
     @Override
-       public ClientResponse<Response> delete(String csid) {
+    public ClientResponse<Response> delete(String csid) {
         return accountProxy.delete(csid);
     }
+    
+    
+    public String getTenantId() {
+        return getProperty(AccountClient.TENANT_PROPERTY);
+    }
 }

diff --git a/services/account/client/src/main/java/org/collectionspace/services/client/AccountFactory.java b/services/account/client/src/main/java/org/collectionspace/services/client/AccountFactory.java
index 9b251c4ff9d9b9f88bf9225af431097e780265b8..e464c8ff4867aba9cb30369ead41d4d033e8373f 100644 (file)
--- a/services/account/client/src/main/java/org/collectionspace/services/client/AccountFactory.java
+++ b/services/account/client/src/main/java/org/collectionspace/services/client/AccountFactory.java
@@ -45,16 +45,17 @@ public class AccountFactory {
      * @param userName
      * @param passwd
      * @param email
+     * @param tenantId add non-null tenant id else let service take tenant id of
+     * the authenticated user
      * @param useScreenName
-     * @param addTenant
      * @param invalidTenant
      * @param useUser
      * @param usePassword
      * @return
      */
    public static AccountsCommon createAccountInstance(String screenName,
-            String userName, String passwd, String email,
-            boolean useScreenName, boolean addTenant, boolean invalidTenant,
+            String userName, String passwd, String email, String tenantId,
+            boolean useScreenName, boolean invalidTenant,
             boolean useUser, boolean usePassword) {
 
         AccountsCommon account = new AccountsCommon();
@@ -86,11 +87,10 @@ public class AccountFactory {
         if (!invalidTenant) {
             //tenant is not required to be added during create, service layer
             //picks up tenant from security context if needed
-            if (addTenant) {
-                at.setTenantId("1");
+            if (tenantId != null) {
+                at.setTenantId(tenantId);
                 atList.add(at);
                 account.setTenants(atList);
-                addTenant = !addTenant;
             }
         } else {
             //use invalid tenant id...called from validation test

diff --git a/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountRoleServiceTest.java b/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountRoleServiceTest.java
index dfb538e0fcdd724c544e5073af45266e936394f7..fb5ec81146614a2148f5688c1551da5f230fee95 100644 (file)
--- a/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountRoleServiceTest.java
+++ b/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountRoleServiceTest.java
@@ -580,8 +580,8 @@ public class AccountRoleServiceTest extends AbstractServiceTestImpl {
 
         AccountClient accClient = new AccountClient();
         AccountsCommon account = AccountFactory.createAccountInstance(
-                userName, userName, userName, email,
-                true, true, false, true, true);
+                userName, userName, userName, email, accClient.getTenantId(),
+                true, false, true, true);
         ClientResponse<Response> res = accClient.create(account);
         int statusCode = res.getStatus();
         if (logger.isDebugEnabled()) {

diff --git a/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java b/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java
index 94ed4c9a65a5419802d0915b849db47a36c8886f..f49a4db3e9c4133b5a96f9aeda8674fb742b4db6 100644 (file)
--- a/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java
+++ b/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java
@@ -56,11 +56,9 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
     /** The Constant logger. */
     private final String CLASS_NAME = AccountServiceTest.class.getName();
     private final Logger logger = LoggerFactory.getLogger(CLASS_NAME);
-    
     // Instance variables specific to this test.
     /** The known resource id. */
     private String knownResourceId = null;
-    
     /** The add tenant. */
     static boolean addTenant = true;
 
@@ -80,28 +78,28 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
      */
     @Override
     protected CollectionSpaceClient getClientInstance() {
-       return new AccountClient();
+        return new AccountClient();
     }
-    
+
     /* (non-Javadoc)
      * @see org.collectionspace.services.client.test.BaseServiceTest#getAbstractCommonList(org.jboss.resteasy.client.ClientResponse)
      */
     @Override
-       protected AbstractCommonList getAbstractCommonList(
-                       ClientResponse<AbstractCommonList> response) {
-       //FIXME: http://issues.collectionspace.org/browse/CSPACE-1697
-       throw new UnsupportedOperationException();
+    protected AbstractCommonList getAbstractCommonList(
+            ClientResponse<AbstractCommonList> response) {
+        //FIXME: http://issues.collectionspace.org/browse/CSPACE-1697
+        throw new UnsupportedOperationException();
     }
-    
-       /* (non-Javadoc)
-        * @see org.collectionspace.services.client.test.AbstractServiceTestImpl#readPaginatedList(java.lang.String)
-        */
-       @Test(dataProvider = "testName")
-       @Override
+
+    /* (non-Javadoc)
+     * @see org.collectionspace.services.client.test.AbstractServiceTestImpl#readPaginatedList(java.lang.String)
+     */
+    @Test(dataProvider = "testName")
+    @Override
     public void readPaginatedList(String testName) throws Exception {
-               //FIXME: http://issues.collectionspace.org/browse/CSPACE-1697
-       }    
-     
+        //FIXME: http://issues.collectionspace.org/browse/CSPACE-1697
+    }
+
     // ---------------------------------------------------------------
     // CRUD tests : CREATE tests
     // ---------------------------------------------------------------
@@ -121,11 +119,11 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         // its associated HTTP method name (e.g. POST, DELETE).
         setupCreate();
 
+        AccountClient client = new AccountClient();
         // Submit the request to the service and store the response.
         AccountsCommon account =
                 createAccountInstance("barney", "barney", "hithere08", "barney@dinoland.com",
-                true, false, true, true);
-        AccountClient client = new AccountClient();
+                client.getTenantId(), true, false, true, true);
         ClientResponse<Response> res = client.create(account);
         int statusCode = res.getStatus();
 
@@ -166,10 +164,11 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         setupCreate();
 
         // Submit the request to the service and store the response.
+        AccountClient client = new AccountClient();
         AccountsCommon account =
                 createAccountInstance("barney1", "barney", "hithere08", "barney@dinoland.com",
-                true, false, true, true);
-        AccountClient client = new AccountClient();
+                client.getTenantId(), true, false, true, true);
+
         ClientResponse<Response> res = client.create(account);
         int statusCode = res.getStatus();
         if (logger.isDebugEnabled()) {
@@ -196,10 +195,10 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         setupCreate();
 
         // Submit the request to the service and store the response.
+        AccountClient client = new AccountClient();
         AccountsCommon account =
                 createAccountInstance("babybop", "babybop", "hithere08", "babybop@dinoland.com",
-                true, true, true, true);
-        AccountClient client = new AccountClient();
+                client.getTenantId(), true, true, true, true);
         ClientResponse<Response> res = client.create(account);
         int statusCode = res.getStatus();
         // Does it exactly match the expected status code?
@@ -228,10 +227,10 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         setupCreate();
 
         // Submit the request to the service and store the response.
+        AccountClient client = new AccountClient();
         AccountsCommon account =
                 createAccountInstance("babybop", "babybop", "hithere08", "babybop@dinoland.com",
-                true, false, false, true);
-        AccountClient client = new AccountClient();
+                client.getTenantId(), true, false, false, true);
         ClientResponse<Response> res = client.create(account);
         int statusCode = res.getStatus();
         // Does it exactly match the expected status code?
@@ -259,10 +258,10 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         setupCreate();
 
         // Submit the request to the service and store the response.
+        AccountClient client = new AccountClient();
         AccountsCommon account =
                 createAccountInstance("babybop", "babybop", "hithere08", "babybop.dinoland.com",
-                true, false, true, true);
-        AccountClient client = new AccountClient();
+                client.getTenantId(), true, false, true, true);
         ClientResponse<Response> res = client.create(account);
         int statusCode = res.getStatus();
         // Does it exactly match the expected status code?
@@ -290,10 +289,10 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         setupCreate();
 
         // Submit the request to the service and store the response.
+        AccountClient client = new AccountClient();
         AccountsCommon account =
                 createAccountInstance("babybop", "babybop", "hithere08", "babybop@dinoland.com",
-                false, false, true, true);
-        AccountClient client = new AccountClient();
+                client.getTenantId(), false, false, true, true);
         ClientResponse<Response> res = client.create(account);
         int statusCode = res.getStatus();
         // Does it exactly match the expected status code?
@@ -321,10 +320,10 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         setupCreate();
 
         // Submit the request to the service and store the response.
+        AccountClient client = new AccountClient();
         AccountsCommon account =
                 createAccountInstance("babybop", "babybop", "shpswd", "babybop@dinoland.com",
-                true, false, true, true);
-        AccountClient client = new AccountClient();
+                client.getTenantId(), true, false, true, true);
         ClientResponse<Response> res = client.create(account);
         int statusCode = res.getStatus();
         // Does it exactly match the expected status code?
@@ -336,13 +335,13 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         Assert.assertEquals(statusCode, Response.Status.BAD_REQUEST.getStatusCode());
     }
 
-        /**
-         * Creates the with most invalid.
-         *
-         * @param testName the test name
-         * @throws Exception the exception
-         */
-        @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
+    /**
+     * Creates the with most invalid.
+     *
+     * @param testName the test name
+     * @throws Exception the exception
+     */
+    @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
     dependsOnMethods = {"create"})
     public void createWithMostInvalid(String testName) throws Exception {
 
@@ -352,10 +351,10 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         setupCreate();
 
         // Submit the request to the service and store the response.
+        AccountClient client = new AccountClient();
         AccountsCommon account =
                 createAccountInstance("babybop", "babybop", "hithere08", "babybop/dinoland.com",
-                false, true, false, false);
-        AccountClient client = new AccountClient();
+                client.getTenantId(), false, true, false, false);
         ClientResponse<Response> res = client.create(account);
         int statusCode = res.getStatus();
         // Does it exactly match the expected status code?
@@ -381,10 +380,10 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         }
         setupCreate();
         // Submit the request to the service and store the response.
+        AccountClient client = new AccountClient();
         AccountsCommon account1 =
                 createAccountInstance("curious", "curious", "hithere08", "curious@george.com",
-                true, false, true, true);
-        AccountClient client = new AccountClient();
+                client.getTenantId(), true, false, true, true);
         ClientResponse<Response> res = client.create(account1);
         int statusCode = res.getStatus();
         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
@@ -394,7 +393,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
 
         AccountsCommon account2 =
                 createAccountInstance("tom", "tom", "hithere09", "tom@jerry.com",
-                true, false, true, true);
+                client.getTenantId(), true, false, true, true);
         res = client.create(account2);
         statusCode = res.getStatus();
         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
@@ -405,7 +404,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
 
         AccountsCommon account3 =
                 createAccountInstance("mj", "mj", "hithere10", "mj@dinoland.com",
-                true, false, true, true);
+                client.getTenantId(), true, false, true, true);
         res = client.create(account3);
         statusCode = res.getStatus();
         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
@@ -423,7 +422,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
      */
     @Override
     public void createWithEmptyEntityBody(String testName) throws Exception {
-       //FIXME: Should this test really be empty?  If so, please comment accordingly.
+        //FIXME: Should this test really be empty?  If so, please comment accordingly.
     }
 
     /* (non-Javadoc)
@@ -431,7 +430,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
      */
     @Override
     public void createWithMalformedXml(String testName) throws Exception {
-       //FIXME: Should this test really be empty?  If so, please comment accordingly.
+        //FIXME: Should this test really be empty?  If so, please comment accordingly.
     }
 
     /* (non-Javadoc)
@@ -439,7 +438,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
      */
     @Override
     public void createWithWrongXmlSchema(String testName) throws Exception {
-       //FIXME: Should this test really be empty?  If so, please comment accordingly.
+        //FIXME: Should this test really be empty?  If so, please comment accordingly.
     }
 
     // ---------------------------------------------------------------
@@ -994,7 +993,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
      */
     @Override
     public void updateWithEmptyEntityBody(String testName) throws Exception {
-       //FIXME: Should this test really be empty?  If so, please comment accordingly.
+        //FIXME: Should this test really be empty?  If so, please comment accordingly.
     }
 
     /* (non-Javadoc)
@@ -1002,7 +1001,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
      */
     @Override
     public void updateWithMalformedXml(String testName) throws Exception {
-       //FIXME: Should this test really be empty?  If so, please comment accordingly.
+        //FIXME: Should this test really be empty?  If so, please comment accordingly.
     }
 
     /* (non-Javadoc)
@@ -1010,7 +1009,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
      */
     @Override
     public void updateWithWrongXmlSchema(String testName) throws Exception {
-       //FIXME: Should this test really be empty?  If so, please comment accordingly.
+        //FIXME: Should this test really be empty?  If so, please comment accordingly.
     }
 
     /* (non-Javadoc)
@@ -1034,7 +1033,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
         AccountClient client = new AccountClient();
         AccountsCommon account =
                 createAccountInstance("simba", "simba", "tiger", "simba@lionking.com",
-                true, false, true, true);
+                client.getTenantId(), true, false, true, true);
         ClientResponse<AccountsCommon> res =
                 client.update(NON_EXISTENT_ID, account);
         int statusCode = res.getStatus();
@@ -1209,13 +1208,12 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
      * @return
      */
     AccountsCommon createAccountInstance(String screenName,
-            String userName, String passwd, String email,
+            String userName, String passwd, String email, String tenantId,
             boolean useScreenName, boolean invalidTenant, boolean useUser, boolean usePassword) {
 
         AccountsCommon account = AccountFactory.createAccountInstance(screenName,
-                userName, passwd, email, useScreenName,
-                addTenant, invalidTenant, useUser, usePassword);
-
+                userName, passwd, email, tenantId, useScreenName,
+                invalidTenant, useUser, usePassword);
         if (logger.isDebugEnabled()) {
             logger.debug("to be created, account common");
             logger.debug(objectAsXmlString(account,
@@ -1225,6 +1223,7 @@ public class AccountServiceTest extends AbstractServiceTestImpl {
 
     }
 
+
     /**
      * Prints the list.
      *

diff --git a/services/account/pstore/src/main/resources/db/mysql/test_account.sql b/services/account/pstore/src/main/resources/db/mysql/test_account.sql
index 52f5f431830aa316acf2ad855d92b4ac247af7ff..8d85d4bc99c6f9dc6ac963a95a31cb73558bdcab 100644 (file)
--- a/services/account/pstore/src/main/resources/db/mysql/test_account.sql
+++ b/services/account/pstore/src/main/resources/db/mysql/test_account.sql
@@ -6,13 +6,20 @@
 use cspace;
 
 -- Tenants
-INSERT INTO `cspace`.`tenants` (`id`, `name`, `created_at`) VALUES  ('1','movingimages.us', '2010-02-17 16:31:48');
+-- movingimages --
+INSERT INTO `cspace`.`tenants` (`id`, `name`, `created_at`) VALUES  ('1','movingimages.us', now());
+-- pahma --
+INSERT INTO `cspace`.`tenants` (`id`, `name`, `created_at`) VALUES  ('2','hearstmuseum.berkeley.edu', now());
 
 -- Accounts
-INSERT INTO `cspace`.`accounts_common` (`csid`, `email`, `phone`, `mobile`, `userid`, `status`, `screen_name`, `created_at`) VALUES  ('eeca40d7-dc77-4cc5-b489-16a53c75525a','test.test@berkeley.edu',NULL,NULL,'test','ACTIVE','test', '2010-02-17 16:31:48');
+-- default test account --
+INSERT INTO `cspace`.`accounts_common` (`csid`, `email`, `phone`, `mobile`, `userid`, `status`, `screen_name`, `created_at`) VALUES  ('eeca40d7-dc77-4cc5-b489-16a53c75525a','test.test@berkeley.edu',NULL,NULL,'test','ACTIVE','test', now());
 -- Additional account introduced during integration on release 0.6, and currently relied upon by the Application Layer.
-INSERT INTO `cspace`.`accounts_common` (`csid`, `email`, `phone`, `mobile`, `userid`, `status`, `screen_name`, `created_at`) VALUES  ('251f98f3-0292-4f3e-aa95-455314050e1b','test@collectionspace.org',NULL,NULL,'test@collectionspace.org','ACTIVE','test@collectionspace.org', '2010-05-03 12:35:00');
+INSERT INTO `cspace`.`accounts_common` (`csid`, `email`, `phone`, `mobile`, `userid`, `status`, `screen_name`, `created_at`) VALUES  ('251f98f3-0292-4f3e-aa95-455314050e1b','test@collectionspace.org',NULL,NULL,'test@collectionspace.org','ACTIVE','test@collectionspace.org', now());
+-- PAHMA test account --
+INSERT INTO `cspace`.`accounts_common` (`csid`, `email`, `phone`, `mobile`, `userid`, `status`, `screen_name`, `created_at`) VALUES  ('ff2b4440-ed0d-4892-adb4-b6999eba3ae7','test@hearstmuseum.berkeley.edu',NULL,NULL,'test-pahma','ACTIVE','test-pahma', now());
 
 -- Association of accounts with tenants
 INSERT INTO `cspace`.`accounts_tenants` (`TENANTS_ACCOUNTSCOMMON_CSID`, `tenant_id`) VALUES ('eeca40d7-dc77-4cc5-b489-16a53c75525a', '1');
-INSERT INTO `cspace`.`accounts_tenants` (`TENANTS_ACCOUNTSCOMMON_CSID`, `tenant_id`) VALUES ('251f98f3-0292-4f3e-aa95-455314050e1b', '1');
\ No newline at end of file
+INSERT INTO `cspace`.`accounts_tenants` (`TENANTS_ACCOUNTSCOMMON_CSID`, `tenant_id`) VALUES ('251f98f3-0292-4f3e-aa95-455314050e1b', '1');
+INSERT INTO `cspace`.`accounts_tenants` (`TENANTS_ACCOUNTSCOMMON_CSID`, `tenant_id`) VALUES ('ff2b4440-ed0d-4892-adb4-b6999eba3ae7', '2');
\ No newline at end of file

diff --git a/services/authentication/pstore/src/main/resources/db/mysql/test_authentication.sql b/services/authentication/pstore/src/main/resources/db/mysql/test_authentication.sql
index 63ce9d3a37987cf6b02ed667d313e4df3bd2f52e..26bb0bb16e0d35d8a4880c4dcf2644b170e35e6d 100644 (file)
--- a/services/authentication/pstore/src/main/resources/db/mysql/test_authentication.sql
+++ b/services/authentication/pstore/src/main/resources/db/mysql/test_authentication.sql
@@ -5,6 +5,9 @@
 --\r
 use cspace;\r
 \r
-insert into `users` (`username`,`passwd`, `created_at`) VALUES ('test','n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=', '2010-02-17 16:31:48');\r
+-- default test user --\r
+insert into `users` (`username`,`passwd`, `created_at`) VALUES ('test','n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=', now());\r
 -- Additional account introduced during integration on release 0.6, and currently relied upon by the Application Layer.\r
-insert into `users` (`username`,`passwd`, `created_at`) VALUES ('test@collectionspace.org','NyaDNd1pMQRb3N+SYj/4GaZCRLU9DnRtQ4eXNJ1NpXg=', '2010-05-03 12:35:00');\r
+insert into `users` (`username`,`passwd`, `created_at`) VALUES ('test@collectionspace.org','NyaDNd1pMQRb3N+SYj/4GaZCRLU9DnRtQ4eXNJ1NpXg=', now());\r
+-- user for testing pahma deployment --\r
+insert into `users` (`username`,`passwd`, `created_at`) VALUES ('test-pahma','n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=', now());\r

diff --git a/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionServiceTest.java b/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionServiceTest.java
index 167e5d41f1b46474d7551c4cc2069d117231893e..0923f22d0c7c23125f9565e1d55e31f6f11c03cf 100644 (file)
--- a/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionServiceTest.java
+++ b/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/PermissionServiceTest.java
@@ -62,8 +62,6 @@ public class PermissionServiceTest extends AbstractServiceTestImpl {
     /** The known resource id. */
     private String knownResourceId = null;
     private String knownResource = "accounts-test";
-    /** The add tenant. */
-    boolean addTenant = true;
     /*
      * This method is called only by the parent class, AbstractServiceTestImpl
      */
@@ -413,7 +411,7 @@ public class PermissionServiceTest extends AbstractServiceTestImpl {
         Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
                 invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
         Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
-        int EXPECTED_ITEMS = 5; //seeded permissions
+        int EXPECTED_ITEMS = 9; //seeded permissions
         if (logger.isDebugEnabled()) {
             logger.debug(testName + ": received = " + list.getPermissions().size()
                     + " expected=" + EXPECTED_ITEMS);

diff --git a/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/RoleServiceTest.java b/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/RoleServiceTest.java
index 9818eda81fa25e590fca0addb241b50921a83eb8..41dfe180097832bf3389cd86b0a84aa6c0d4d79a 100644 (file)
--- a/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/RoleServiceTest.java
+++ b/services/authorization-mgt/client/src/test/java/org/collectionspace/services/authorization/client/test/RoleServiceTest.java
@@ -62,8 +62,7 @@ public class RoleServiceTest extends AbstractServiceTestImpl {
     private String verifyResourceId = null;
     private String verifyRoleName = "collections_manager_test";
 //    private List<String> allResourceIdsCreated = new ArrayList<String>();
-    /** The add tenant. */
-    boolean addTenant = true;
+
     /*
      * This method is called only by the parent class, AbstractServiceTestImpl
      */
@@ -168,7 +167,7 @@ public class RoleServiceTest extends AbstractServiceTestImpl {
 
         // Submit the request to the service and store the response.
         RoleClient client = new RoleClient();
-        Role role = createRoleInstance("ROLE_USERS",
+        Role role = createRoleInstance(knownRoleName,
                 "role users",
                 true);
         ClientResponse<Response> res = client.create(role);
@@ -199,7 +198,7 @@ public class RoleServiceTest extends AbstractServiceTestImpl {
 
         // Submit the request to the service and store the response.
         RoleClient client = new RoleClient();
-        Role role = createRoleInstance("ROLE_USERS",
+        Role role = createRoleInstance("",
                 "role for users",
                 false);
         ClientResponse<Response> res = client.create(role);
@@ -301,7 +300,7 @@ public class RoleServiceTest extends AbstractServiceTestImpl {
      */
     @Override
     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class,
-    dependsOnMethods = {"create"})
+    dependsOnMethods = {"createForUniqueRole"})
     public void read(String testName) throws Exception {
 
         if (logger.isDebugEnabled()) {

diff --git a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationSeed.java b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationSeed.java
index 8954b3e87270c28e991f1e7a24f0baeaabf04768..895b1162b0149acd5f6ff1186bc83b33b836b476 100644 (file)
--- a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationSeed.java
+++ b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationSeed.java
@@ -86,7 +86,8 @@ public class AuthorizationSeed {
             throws Exception {
         for (Permission p : permList.getPermissions()) {
             if (logger.isDebugEnabled()) {
-                logger.debug("adding permission for res=" + p.getResourceName());
+                logger.debug("adding permission for res=" + p.getResourceName() +
+                        " for tenant=" + p.getTenantId());
             }
             for (PermissionRole pr : permRoleList.getPermissionRoles()) {
                 if (pr.getPermissions().get(0).getPermissionId().equals(p.getCsid())) {

diff --git a/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml b/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml
index 5f10e8ba1e6b6afa73e81740a226dd19761e3665..b9254aa3c5d02597d7d855c1e1c76d79f8c56277 100644 (file)
--- a/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml
+++ b/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml
@@ -3,18 +3,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>de3657a1-99f8-46b6-b4bb-2e28f9def87f</permissionId>
+            <permissionId>d44f77d4-52cd-4025-b292-c227aa73d6fc</permissionId>
             <resourceName>idgenerators</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>de3657a1-99f8-46b6-b4bb-2e28f9def87f</permissionId>
+            <permissionId>d44f77d4-52cd-4025-b292-c227aa73d6fc</permissionId>
             <resourceName>idgenerators</resourceName>
         </permission>
         <role>
@@ -25,18 +29,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b6644980-aeef-4d8f-a048-338057f9d973</permissionId>
+            <permissionId>89231998-14d1-440e-a402-38f2f53a1e57</permissionId>
             <resourceName>id</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b6644980-aeef-4d8f-a048-338057f9d973</permissionId>
+            <permissionId>89231998-14d1-440e-a402-38f2f53a1e57</permissionId>
             <resourceName>id</resourceName>
         </permission>
         <role>
@@ -47,20 +55,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ddcdcc15-7f5a-49d8-8354-82c2e52d4727</permissionId>
+            <permissionId>ada701c6-649f-481f-afd5-2d192c483b6a</permissionId>
             <resourceName>
                 /idgenerators/*/ids
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ddcdcc15-7f5a-49d8-8354-82c2e52d4727</permissionId>
+            <permissionId>ada701c6-649f-481f-afd5-2d192c483b6a</permissionId>
             <resourceName>
                 /idgenerators/*/ids
             </resourceName>
@@ -73,18 +85,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b203fb49-56c3-4662-b4bd-4008a6462364</permissionId>
+            <permissionId>ad4921b1-6968-4028-99e1-7edbfed46ead</permissionId>
             <resourceName>collectionobjects</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b203fb49-56c3-4662-b4bd-4008a6462364</permissionId>
+            <permissionId>ad4921b1-6968-4028-99e1-7edbfed46ead</permissionId>
             <resourceName>collectionobjects</resourceName>
         </permission>
         <role>
@@ -95,20 +111,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>2dde10d0-2ce9-471b-9c66-c67a6e7c511f</permissionId>
+            <permissionId>dbd45393-f610-4a0d-81ed-03475aeacde3</permissionId>
             <resourceName>
                 /collectionobjects/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>2dde10d0-2ce9-471b-9c66-c67a6e7c511f</permissionId>
+            <permissionId>dbd45393-f610-4a0d-81ed-03475aeacde3</permissionId>
             <resourceName>
                 /collectionobjects/*/authorityrefs/
             </resourceName>
@@ -121,18 +141,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b8323642-cd0a-491f-a952-cf36d2b32134</permissionId>
+            <permissionId>3185e6b7-7248-4bfa-afeb-1e14b206afeb</permissionId>
             <resourceName>intakes</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b8323642-cd0a-491f-a952-cf36d2b32134</permissionId>
+            <permissionId>3185e6b7-7248-4bfa-afeb-1e14b206afeb</permissionId>
             <resourceName>intakes</resourceName>
         </permission>
         <role>
@@ -143,20 +167,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3c3e7ff6-7ecd-4643-b662-3fcb54e62abe</permissionId>
+            <permissionId>9f067bc0-0aaf-4499-986e-424b112f6ef2</permissionId>
             <resourceName>
                 /intakes/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3c3e7ff6-7ecd-4643-b662-3fcb54e62abe</permissionId>
+            <permissionId>9f067bc0-0aaf-4499-986e-424b112f6ef2</permissionId>
             <resourceName>
                 /intakes/*/authorityrefs/
             </resourceName>
@@ -169,18 +197,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e248b5af-6eb3-4063-8816-6c2b0c55537c</permissionId>
+            <permissionId>021de06c-f386-42ad-b18e-fdd32496d521</permissionId>
             <resourceName>loansin</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e248b5af-6eb3-4063-8816-6c2b0c55537c</permissionId>
+            <permissionId>021de06c-f386-42ad-b18e-fdd32496d521</permissionId>
             <resourceName>loansin</resourceName>
         </permission>
         <role>
@@ -191,20 +223,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>6529cf6d-34ae-4bab-a6e2-ab19973620fb</permissionId>
+            <permissionId>7339e77d-638e-4d78-a707-e094c9af29b5</permissionId>
             <resourceName>
                 /loansin/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>6529cf6d-34ae-4bab-a6e2-ab19973620fb</permissionId>
+            <permissionId>7339e77d-638e-4d78-a707-e094c9af29b5</permissionId>
             <resourceName>
                 /loansin/*/authorityrefs/
             </resourceName>
@@ -217,18 +253,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>1145d28d-269a-41fd-806f-b0d6511cf273</permissionId>
+            <permissionId>4ce5feca-958e-47e2-a1f5-7a3dbd28bcd9</permissionId>
             <resourceName>loansout</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>1145d28d-269a-41fd-806f-b0d6511cf273</permissionId>
+            <permissionId>4ce5feca-958e-47e2-a1f5-7a3dbd28bcd9</permissionId>
             <resourceName>loansout</resourceName>
         </permission>
         <role>
@@ -239,20 +279,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>8773ed3b-9432-44e8-900e-1bc3908e7911</permissionId>
+            <permissionId>871a9263-bf27-4aee-a287-e489e3421e98</permissionId>
             <resourceName>
                 /loansout/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>8773ed3b-9432-44e8-900e-1bc3908e7911</permissionId>
+            <permissionId>871a9263-bf27-4aee-a287-e489e3421e98</permissionId>
             <resourceName>
                 /loansout/*/authorityrefs/
             </resourceName>
@@ -265,18 +309,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>21786a64-02e0-4359-9c61-47cf821f2362</permissionId>
+            <permissionId>907f0d70-294f-42a3-b433-b084cdd800e5</permissionId>
             <resourceName>movements</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>21786a64-02e0-4359-9c61-47cf821f2362</permissionId>
+            <permissionId>907f0d70-294f-42a3-b433-b084cdd800e5</permissionId>
             <resourceName>movements</resourceName>
         </permission>
         <role>
@@ -287,20 +335,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>d501423e-9425-4c99-bf6f-478a2a9f971e</permissionId>
+            <permissionId>959f2186-4279-4828-9850-f2bf8939324b</permissionId>
             <resourceName>
                 /movements/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>d501423e-9425-4c99-bf6f-478a2a9f971e</permissionId>
+            <permissionId>959f2186-4279-4828-9850-f2bf8939324b</permissionId>
             <resourceName>
                 /movements/*/authorityrefs/
             </resourceName>
@@ -313,18 +365,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>88075c4c-d5ed-420a-a767-1ab662066feb</permissionId>
+            <permissionId>4e9fe80c-1751-4f71-9ba4-9befdf0d6afb</permissionId>
             <resourceName>vocabularies</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>88075c4c-d5ed-420a-a767-1ab662066feb</permissionId>
+            <permissionId>4e9fe80c-1751-4f71-9ba4-9befdf0d6afb</permissionId>
             <resourceName>vocabularies</resourceName>
         </permission>
         <role>
@@ -335,18 +391,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>2444d28d-883f-4566-a378-f03b95d100b9</permissionId>
+            <permissionId>2bf629ea-66c7-4974-802e-852d9ce04a57</permissionId>
             <resourceName>vocabularyitems</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>2444d28d-883f-4566-a378-f03b95d100b9</permissionId>
+            <permissionId>2bf629ea-66c7-4974-802e-852d9ce04a57</permissionId>
             <resourceName>vocabularyitems</resourceName>
         </permission>
         <role>
@@ -357,20 +417,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>80a57584-6438-4df3-95df-bba1d7d9a275</permissionId>
+            <permissionId>00ffa49c-d778-45a0-b504-35bdd4ffc24f</permissionId>
             <resourceName>
                 /vocabularies/*/items/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>80a57584-6438-4df3-95df-bba1d7d9a275</permissionId>
+            <permissionId>00ffa49c-d778-45a0-b504-35bdd4ffc24f</permissionId>
             <resourceName>
                 /vocabularies/*/items/
             </resourceName>
@@ -383,18 +447,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>812a71ed-0dfe-4371-a390-4776ab5519f2</permissionId>
+            <permissionId>8d50e134-45a3-4b27-aee2-c3df1c073008</permissionId>
             <resourceName>orgauthorities</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>812a71ed-0dfe-4371-a390-4776ab5519f2</permissionId>
+            <permissionId>8d50e134-45a3-4b27-aee2-c3df1c073008</permissionId>
             <resourceName>orgauthorities</resourceName>
         </permission>
         <role>
@@ -405,20 +473,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>a9aeff96-179f-4b1d-8e74-25358185fdae</permissionId>
+            <permissionId>b8131f3c-ac19-49ad-8301-3fc588e31dfb</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>a9aeff96-179f-4b1d-8e74-25358185fdae</permissionId>
+            <permissionId>b8131f3c-ac19-49ad-8301-3fc588e31dfb</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/authorityrefs/
             </resourceName>
@@ -431,18 +503,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>23897bf4-c727-4737-a70c-dc446519e1d5</permissionId>
+            <permissionId>e35cc564-b021-4ad2-8075-e8f7b53c1ee2</permissionId>
             <resourceName>organizations</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>23897bf4-c727-4737-a70c-dc446519e1d5</permissionId>
+            <permissionId>e35cc564-b021-4ad2-8075-e8f7b53c1ee2</permissionId>
             <resourceName>organizations</resourceName>
         </permission>
         <role>
@@ -453,20 +529,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>64f48448-c5ed-4096-acc8-17daebf2924f</permissionId>
+            <permissionId>4ca834a1-834b-46d1-ab17-8e313c3a9980</permissionId>
             <resourceName>
                 /orgauthorities/*/items/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>64f48448-c5ed-4096-acc8-17daebf2924f</permissionId>
+            <permissionId>4ca834a1-834b-46d1-ab17-8e313c3a9980</permissionId>
             <resourceName>
                 /orgauthorities/*/items/
             </resourceName>
@@ -479,20 +559,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>90bea796-bf38-46a6-8a9e-fc9a1eed157d</permissionId>
+            <permissionId>57b32d7b-db0e-48db-980f-2c4ff1e1476b</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/refobjs
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>90bea796-bf38-46a6-8a9e-fc9a1eed157d</permissionId>
+            <permissionId>57b32d7b-db0e-48db-980f-2c4ff1e1476b</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/refobjs
             </resourceName>
@@ -505,18 +589,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e61b8b12-3db0-499a-b074-79afec3f141a</permissionId>
+            <permissionId>04d87e96-d1a1-4891-beca-5be5929dffbe</permissionId>
             <resourceName>personauthorities</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e61b8b12-3db0-499a-b074-79afec3f141a</permissionId>
+            <permissionId>04d87e96-d1a1-4891-beca-5be5929dffbe</permissionId>
             <resourceName>personauthorities</resourceName>
         </permission>
         <role>
@@ -527,20 +615,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ce34076c-83b0-409c-b2b8-2d3805af9056</permissionId>
+            <permissionId>1caacc4d-b5a8-464f-b9bf-8638511f7999</permissionId>
             <resourceName>
                 /personauthorities/*/items/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ce34076c-83b0-409c-b2b8-2d3805af9056</permissionId>
+            <permissionId>1caacc4d-b5a8-464f-b9bf-8638511f7999</permissionId>
             <resourceName>
                 /personauthorities/*/items/
             </resourceName>
@@ -553,20 +645,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>acac0886-627b-43e6-810c-f62c928b99bf</permissionId>
+            <permissionId>52ab1350-8a01-478a-b459-ddc29ac4edbb</permissionId>
             <resourceName>
                 /personauthorities/*/items/*/refobjs
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>acac0886-627b-43e6-810c-f62c928b99bf</permissionId>
+            <permissionId>52ab1350-8a01-478a-b459-ddc29ac4edbb</permissionId>
             <resourceName>
                 /personauthorities/*/items/*/refobjs
             </resourceName>
@@ -579,18 +675,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>1aa13e33-4b21-4e6f-b670-2fc13f8fd2b4</permissionId>
+            <permissionId>efbfc241-02a4-4758-b546-2e10e44a88c2</permissionId>
             <resourceName>persons</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>1aa13e33-4b21-4e6f-b670-2fc13f8fd2b4</permissionId>
+            <permissionId>efbfc241-02a4-4758-b546-2e10e44a88c2</permissionId>
             <resourceName>persons</resourceName>
         </permission>
         <role>
@@ -601,20 +701,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>cbb98b91-25ed-4e8b-af4d-48f11e981e19</permissionId>
+            <permissionId>d15b3fd7-ee37-4490-bc4d-2701ffbdedb7</permissionId>
             <resourceName>
                 /personauthorities/*/items/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>cbb98b91-25ed-4e8b-af4d-48f11e981e19</permissionId>
+            <permissionId>d15b3fd7-ee37-4490-bc4d-2701ffbdedb7</permissionId>
             <resourceName>
                 /personauthorities/*/items/
             </resourceName>
@@ -627,18 +731,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>7c9e5c9a-8eb7-4579-ad94-e6d4f90c9ae8</permissionId>
+            <permissionId>9b19311b-b3b4-42a4-9fd1-592998f0ca88</permissionId>
             <resourceName>locationauthorities</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>7c9e5c9a-8eb7-4579-ad94-e6d4f90c9ae8</permissionId>
+            <permissionId>9b19311b-b3b4-42a4-9fd1-592998f0ca88</permissionId>
             <resourceName>locationauthorities</resourceName>
         </permission>
         <role>
@@ -649,20 +757,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ce653183-2722-46c9-8f19-2e719c9cb06c</permissionId>
+            <permissionId>9b6f3483-3c36-412e-8ed4-19d48597313d</permissionId>
             <resourceName>
                 /locationauthorities/*/items/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ce653183-2722-46c9-8f19-2e719c9cb06c</permissionId>
+            <permissionId>9b6f3483-3c36-412e-8ed4-19d48597313d</permissionId>
             <resourceName>
                 /locationauthorities/*/items/
             </resourceName>
@@ -675,18 +787,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>59b8de3a-9b1d-4e82-9aa5-0d28dd5a46ac</permissionId>
+            <permissionId>a26945bf-9e2e-41a0-967b-febb4c33aa2e</permissionId>
             <resourceName>locations</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>59b8de3a-9b1d-4e82-9aa5-0d28dd5a46ac</permissionId>
+            <permissionId>a26945bf-9e2e-41a0-967b-febb4c33aa2e</permissionId>
             <resourceName>locations</resourceName>
         </permission>
         <role>
@@ -697,18 +813,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>37e00906-0fa5-4d20-be21-739f66bcac52</permissionId>
+            <permissionId>983bff7f-8ba2-4d6e-98d6-b8de4724249e</permissionId>
             <resourceName>acquisitions</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>37e00906-0fa5-4d20-be21-739f66bcac52</permissionId>
+            <permissionId>983bff7f-8ba2-4d6e-98d6-b8de4724249e</permissionId>
             <resourceName>acquisitions</resourceName>
         </permission>
         <role>
@@ -719,20 +839,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>1ebea466-ab70-4368-8965-aa9305661d50</permissionId>
+            <permissionId>b3418175-6fd0-448f-82c3-d52714b83c17</permissionId>
             <resourceName>
                 /acquisitions/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>1ebea466-ab70-4368-8965-aa9305661d50</permissionId>
+            <permissionId>b3418175-6fd0-448f-82c3-d52714b83c17</permissionId>
             <resourceName>
                 /acquisitions/*/authorityrefs/
             </resourceName>
@@ -745,18 +869,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>c48e8d4a-7972-469f-a2bc-1bca201cd772</permissionId>
+            <permissionId>20b460ef-b528-46a9-8975-8f7e34437696</permissionId>
             <resourceName>relations</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>c48e8d4a-7972-469f-a2bc-1bca201cd772</permissionId>
+            <permissionId>20b460ef-b528-46a9-8975-8f7e34437696</permissionId>
             <resourceName>relations</resourceName>
         </permission>
         <role>
@@ -767,20 +895,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b2f182cb-61d7-4016-a2e2-075c13afefd0</permissionId>
+            <permissionId>e9c3b077-4384-4349-bb4c-b5e21e2b4aef</permissionId>
             <resourceName>
                 relations/subject/*/type/*/object/*
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b2f182cb-61d7-4016-a2e2-075c13afefd0</permissionId>
+            <permissionId>e9c3b077-4384-4349-bb4c-b5e21e2b4aef</permissionId>
             <resourceName>
                 relations/subject/*/type/*/object/*
             </resourceName>
@@ -793,18 +925,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>6ba014c0-80e1-456f-9c3c-de339391d254</permissionId>
+            <permissionId>f5b2e004-16f3-4b6b-882c-82bf101a864e</permissionId>
             <resourceName>accounts</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>6ba014c0-80e1-456f-9c3c-de339391d254</permissionId>
+            <permissionId>f5b2e004-16f3-4b6b-882c-82bf101a864e</permissionId>
             <resourceName>accounts</resourceName>
         </permission>
         <role>
@@ -815,18 +951,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ee04f607-8e32-46dd-b5c9-b7657cdd290c</permissionId>
+            <permissionId>b4a69d0e-cedf-4218-91fa-d4e38f125207</permissionId>
             <resourceName>dimensions</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ee04f607-8e32-46dd-b5c9-b7657cdd290c</permissionId>
+            <permissionId>b4a69d0e-cedf-4218-91fa-d4e38f125207</permissionId>
             <resourceName>dimensions</resourceName>
         </permission>
         <role>
@@ -837,18 +977,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>828327fc-7b3d-4bde-b6d6-e48c74c3f4fd</permissionId>
+            <permissionId>516ec6a0-0f75-48c9-8efe-6c3a409f0a0d</permissionId>
             <resourceName>contacts</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>828327fc-7b3d-4bde-b6d6-e48c74c3f4fd</permissionId>
+            <permissionId>516ec6a0-0f75-48c9-8efe-6c3a409f0a0d</permissionId>
             <resourceName>contacts</resourceName>
         </permission>
         <role>
@@ -859,20 +1003,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>2d48d7a3-faba-4e8d-93a3-0863de7d92da</permissionId>
+            <permissionId>a4ec2332-0f57-4cc1-b48c-e500f329a8c2</permissionId>
             <resourceName>
                 /personauthorities/*/items/*/contacts
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>2d48d7a3-faba-4e8d-93a3-0863de7d92da</permissionId>
+            <permissionId>a4ec2332-0f57-4cc1-b48c-e500f329a8c2</permissionId>
             <resourceName>
                 /personauthorities/*/items/*/contacts
             </resourceName>
@@ -885,20 +1033,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>7d8f835d-d9c0-4508-b279-eef890db247a</permissionId>
+            <permissionId>efcc4e68-5f2f-43cf-aa86-c3df54af8f44</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/contacts
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>7d8f835d-d9c0-4508-b279-eef890db247a</permissionId>
+            <permissionId>efcc4e68-5f2f-43cf-aa86-c3df54af8f44</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/contacts
             </resourceName>
@@ -911,18 +1063,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ab92d994-29eb-4d64-bd49-b3cafd8f0a5b</permissionId>
+            <permissionId>e01bc5b4-c359-42ba-80a8-6920c704622b</permissionId>
             <resourceName>notes</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ab92d994-29eb-4d64-bd49-b3cafd8f0a5b</permissionId>
+            <permissionId>e01bc5b4-c359-42ba-80a8-6920c704622b</permissionId>
             <resourceName>notes</resourceName>
         </permission>
         <role>
@@ -933,18 +1089,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>db65825c-50c3-49a8-af5f-68115f16537b</permissionId>
+            <permissionId>41df9971-887c-4686-aec7-94fd86079a93</permissionId>
             <resourceName>authorization/roles</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>db65825c-50c3-49a8-af5f-68115f16537b</permissionId>
+            <permissionId>41df9971-887c-4686-aec7-94fd86079a93</permissionId>
             <resourceName>authorization/roles</resourceName>
         </permission>
         <role>
@@ -955,18 +1115,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>f7f41db6-f85f-4cd3-a2d6-d9185b6dd8e9</permissionId>
+            <permissionId>d2a4b854-3123-4cb1-a109-f1a519a7b2a4</permissionId>
             <resourceName>authorization/permissions</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>f7f41db6-f85f-4cd3-a2d6-d9185b6dd8e9</permissionId>
+            <permissionId>d2a4b854-3123-4cb1-a109-f1a519a7b2a4</permissionId>
             <resourceName>authorization/permissions</resourceName>
         </permission>
         <role>
@@ -977,18 +1141,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>074e7f98-2580-48d3-969d-4043f156eaa2</permissionId>
+            <permissionId>24e6142e-56d7-4312-ac0d-d68f1deb21b8</permissionId>
             <resourceName>authorization/permissions/permroles</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>074e7f98-2580-48d3-969d-4043f156eaa2</permissionId>
+            <permissionId>24e6142e-56d7-4312-ac0d-d68f1deb21b8</permissionId>
             <resourceName>authorization/permissions/permroles</resourceName>
         </permission>
         <role>
@@ -999,20 +1167,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>0cdd6f4e-58b6-4c11-bbbd-0984c30d6dbd</permissionId>
+            <permissionId>6ce06e7f-e471-410c-a7a9-ec50b0bc11be</permissionId>
             <resourceName>
                 /authorization/permissions/*/permroles/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>0cdd6f4e-58b6-4c11-bbbd-0984c30d6dbd</permissionId>
+            <permissionId>6ce06e7f-e471-410c-a7a9-ec50b0bc11be</permissionId>
             <resourceName>
                 /authorization/permissions/*/permroles/
             </resourceName>
@@ -1025,18 +1197,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>361c4bed-bd81-4f22-82df-f462111663a9</permissionId>
+            <permissionId>22059d92-f298-49fc-80c0-55c34d966836</permissionId>
             <resourceName>accounts/accountroles</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>361c4bed-bd81-4f22-82df-f462111663a9</permissionId>
+            <permissionId>22059d92-f298-49fc-80c0-55c34d966836</permissionId>
             <resourceName>accounts/accountroles</resourceName>
         </permission>
         <role>
@@ -1047,20 +1223,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e272da20-719c-49d1-9584-c21cedcd3a65</permissionId>
+            <permissionId>ca0acf6a-fc55-426b-8717-b5da0e764cd3</permissionId>
             <resourceName>
                 /accounts/*/accountroles/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e272da20-719c-49d1-9584-c21cedcd3a65</permissionId>
+            <permissionId>ca0acf6a-fc55-426b-8717-b5da0e764cd3</permissionId>
             <resourceName>
                 /accounts/*/accountroles/
             </resourceName>
@@ -1073,18 +1253,22 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>d7618a4f-d8be-45f6-b0f3-2816ecdca341</permissionId>
+            <permissionId>0d7965c9-559f-4a31-ac20-fabca081247b</permissionId>
             <resourceName>authorization/roles/permroles</resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>d7618a4f-d8be-45f6-b0f3-2816ecdca341</permissionId>
+            <permissionId>0d7965c9-559f-4a31-ac20-fabca081247b</permissionId>
             <resourceName>authorization/roles/permroles</resourceName>
         </permission>
         <role>
@@ -1095,20 +1279,24 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3b6b0755-9044-46ee-8a85-4e44ac68dd0a</permissionId>
+            <permissionId>df29890b-f7dd-4cb2-bf20-4873915ec149</permissionId>
             <resourceName>
                 /authorization/roles/*/permroles/
             </resourceName>
         </permission>
         <role>
-            <roleId>ad3a2b4c-ef74-47f0-bdb0-f6a906acd370</roleId>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
             <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3b6b0755-9044-46ee-8a85-4e44ac68dd0a</permissionId>
+            <permissionId>df29890b-f7dd-4cb2-bf20-4873915ec149</permissionId>
             <resourceName>
                 /authorization/roles/*/permroles/
             </resourceName>
@@ -1121,559 +1309,2800 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>da5253a4-471f-4ada-9d7d-8f1a9a747647</permissionId>
+            <permissionId>24ca9b10-db58-4f83-9270-48d31e439930</permissionId>
             <resourceName>idgenerators</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>4d524373-a5df-45e2-aec6-2e214f08431e</permissionId>
-            <resourceName>id</resourceName>
+            <permissionId>24ca9b10-db58-4f83-9270-48d31e439930</permissionId>
+            <resourceName>idgenerators</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>c757f1c4-3282-4055-b0e1-2c818fec709b</permissionId>
-            <resourceName>
-                /idgenerators/*/ids
-            </resourceName>
+            <permissionId>cce6d084-4686-4786-90cb-bc816ef7f489</permissionId>
+            <resourceName>id</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e383a971-0335-41da-88e6-f7625303f186</permissionId>
-            <resourceName>collectionobjects</resourceName>
+            <permissionId>cce6d084-4686-4786-90cb-bc816ef7f489</permissionId>
+            <resourceName>id</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b2c49fb3-fb34-4425-86c7-73c48873a983</permissionId>
+            <permissionId>43b43275-7ef5-4f3f-a549-acaae5a26ef7</permissionId>
             <resourceName>
-                /collectionobjects/*/authorityrefs/
+                /idgenerators/*/ids
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
-    </permissionRole>
-    <permissionRole>
-        <subject>ROLE</subject>
-        <permission>
-            <permissionId>2ac4ace4-20f8-4a5f-b984-4753e5452a87</permissionId>
-            <resourceName>intakes</resourceName>
-        </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>64af5fcc-a57d-4fa6-820c-4ab857a46590</permissionId>
+            <permissionId>43b43275-7ef5-4f3f-a549-acaae5a26ef7</permissionId>
             <resourceName>
-                /intakes/*/authorityrefs/
+                /idgenerators/*/ids
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>0258eabe-02d3-494c-b405-30e3463a2feb</permissionId>
-            <resourceName>loansin</resourceName>
+            <permissionId>122cbe8f-076c-4803-b1b0-7c493c444215</permissionId>
+            <resourceName>collectionobjects</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
-    </permissionRole>
-    <permissionRole>
-        <subject>ROLE</subject>
-        <permission>
-            <permissionId>ae5f5fab-7205-4b92-932f-857b68c5d4b5</permissionId>
-            <resourceName>
-                /loansin/*/authorityrefs/
-            </resourceName>
-        </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>9e8b0907-e262-42f9-a4da-6e0bf6493e5a</permissionId>
-            <resourceName>loansout</resourceName>
+            <permissionId>122cbe8f-076c-4803-b1b0-7c493c444215</permissionId>
+            <resourceName>collectionobjects</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b46b29bc-1795-4e3e-a247-59e23742b705</permissionId>
+            <permissionId>4ba3ee15-f527-4b11-9341-771ef3af24a3</permissionId>
             <resourceName>
-                /loansout/*/authorityrefs/
+                /collectionobjects/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
-    </permissionRole>
-    <permissionRole>
-        <subject>ROLE</subject>
-        <permission>
-            <permissionId>f90c5454-58e9-4b32-a8e4-03b80ed6f58e</permissionId>
-            <resourceName>movements</resourceName>
-        </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e7c31362-9bb7-48a4-a324-63e84401df30</permissionId>
+            <permissionId>4ba3ee15-f527-4b11-9341-771ef3af24a3</permissionId>
             <resourceName>
-                /movements/*/authorityrefs/
+                /collectionobjects/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>90f3a12c-0ac1-417b-942e-88f2b11383b7</permissionId>
-            <resourceName>vocabularies</resourceName>
+            <permissionId>df4c1540-5210-4b41-a735-18b8f71ad14b</permissionId>
+            <resourceName>intakes</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>c961fc05-1a2c-4890-88b4-42757378e323</permissionId>
-            <resourceName>vocabularyitems</resourceName>
+            <permissionId>df4c1540-5210-4b41-a735-18b8f71ad14b</permissionId>
+            <resourceName>intakes</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>4d13ef59-1443-40ee-8e45-9892c83ec9a1</permissionId>
+            <permissionId>43af6eab-fc37-4c48-8f87-2e6f80afda7d</permissionId>
             <resourceName>
-                /vocabularies/*/items/
+                /intakes/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
-    </permissionRole>
-    <permissionRole>
-        <subject>ROLE</subject>
-        <permission>
-            <permissionId>6caa049b-25cc-486c-935f-bf215d550bcd</permissionId>
-            <resourceName>orgauthorities</resourceName>
-        </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>08c36f8b-2432-44c4-a1dd-cba8c8ea53e5</permissionId>
+            <permissionId>43af6eab-fc37-4c48-8f87-2e6f80afda7d</permissionId>
             <resourceName>
-                /orgauthorities/*/items/*/authorityrefs/
+                /intakes/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>c0149cbb-a984-4e32-8302-c045a3e82bf2</permissionId>
-            <resourceName>organizations</resourceName>
+            <permissionId>29953599-287c-4b67-826d-df72d1c1266d</permissionId>
+            <resourceName>loansin</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
-            <roleName>ROLE_TENANT_READER</roleName>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b2e0c247-9e3b-4bf3-a956-8b98a8505263</permissionId>
-            <resourceName>
-                /orgauthorities/*/items/
+            <permissionId>29953599-287c-4b67-826d-df72d1c1266d</permissionId>
+            <resourceName>loansin</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>447f5a41-46a4-4e9d-9b15-62d7fc2466c7</permissionId>
+            <resourceName>
+                /loansin/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>447f5a41-46a4-4e9d-9b15-62d7fc2466c7</permissionId>
+            <resourceName>
+                /loansin/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>62a72a0a-d028-46c4-8fa5-951746e4c4a5</permissionId>
+            <resourceName>loansout</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>62a72a0a-d028-46c4-8fa5-951746e4c4a5</permissionId>
+            <resourceName>loansout</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>6da07854-0d46-493b-b6cf-47af8fef81b4</permissionId>
+            <resourceName>
+                /loansout/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>6da07854-0d46-493b-b6cf-47af8fef81b4</permissionId>
+            <resourceName>
+                /loansout/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>9807f421-1587-4720-9f60-60087a974302</permissionId>
+            <resourceName>movements</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>9807f421-1587-4720-9f60-60087a974302</permissionId>
+            <resourceName>movements</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>041f517a-b58b-4df6-ab7e-57fe6bbbaef5</permissionId>
+            <resourceName>
+                /movements/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>041f517a-b58b-4df6-ab7e-57fe6bbbaef5</permissionId>
+            <resourceName>
+                /movements/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>3580ae91-4035-49cd-89a7-0eeeb2cb6b7c</permissionId>
+            <resourceName>vocabularies</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>3580ae91-4035-49cd-89a7-0eeeb2cb6b7c</permissionId>
+            <resourceName>vocabularies</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>8e936e74-7dcb-4508-b727-0a33344b5453</permissionId>
+            <resourceName>vocabularyitems</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>8e936e74-7dcb-4508-b727-0a33344b5453</permissionId>
+            <resourceName>vocabularyitems</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>e450ee2f-35eb-45bc-b718-caddbcf4dc98</permissionId>
+            <resourceName>
+                /vocabularies/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>e450ee2f-35eb-45bc-b718-caddbcf4dc98</permissionId>
+            <resourceName>
+                /vocabularies/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>dba4f5cb-4647-4c5f-a4ae-22ffa2cd441c</permissionId>
+            <resourceName>orgauthorities</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>dba4f5cb-4647-4c5f-a4ae-22ffa2cd441c</permissionId>
+            <resourceName>orgauthorities</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>3832f8d9-6d84-4e38-9f4a-8aa6a7bf3999</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>3832f8d9-6d84-4e38-9f4a-8aa6a7bf3999</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>0e6e1b2c-5b85-4d20-ab17-e31924e97927</permissionId>
+            <resourceName>organizations</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>0e6e1b2c-5b85-4d20-ab17-e31924e97927</permissionId>
+            <resourceName>organizations</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>aae5e62b-5841-4a85-b90a-f65f06d61f04</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>aae5e62b-5841-4a85-b90a-f65f06d61f04</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>34ab8a6c-3b92-4faf-891b-01686eb7c71d</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/*/refobjs
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>34ab8a6c-3b92-4faf-891b-01686eb7c71d</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/*/refobjs
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>679509a8-4d68-4ba6-a11f-1411b82d417f</permissionId>
+            <resourceName>personauthorities</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>679509a8-4d68-4ba6-a11f-1411b82d417f</permissionId>
+            <resourceName>personauthorities</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>5a1dab9b-fea0-4b2d-b141-a64bbf01658f</permissionId>
+            <resourceName>
+                /personauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>5a1dab9b-fea0-4b2d-b141-a64bbf01658f</permissionId>
+            <resourceName>
+                /personauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>e714cf45-5e1d-4b5f-86bb-5f9ec4f39eaf</permissionId>
+            <resourceName>
+                /personauthorities/*/items/*/refobjs
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>e714cf45-5e1d-4b5f-86bb-5f9ec4f39eaf</permissionId>
+            <resourceName>
+                /personauthorities/*/items/*/refobjs
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>0349216f-65cd-4a68-8907-66dc151c5911</permissionId>
+            <resourceName>persons</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>0349216f-65cd-4a68-8907-66dc151c5911</permissionId>
+            <resourceName>persons</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>38a54418-3ca7-4e65-8373-f1822c2f808f</permissionId>
+            <resourceName>
+                /personauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>38a54418-3ca7-4e65-8373-f1822c2f808f</permissionId>
+            <resourceName>
+                /personauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>1b0e6e9e-a65e-4d08-92e8-dc38408d2f27</permissionId>
+            <resourceName>locationauthorities</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>1b0e6e9e-a65e-4d08-92e8-dc38408d2f27</permissionId>
+            <resourceName>locationauthorities</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>6584ed70-b21e-47be-b244-ff844f872780</permissionId>
+            <resourceName>
+                /locationauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>6584ed70-b21e-47be-b244-ff844f872780</permissionId>
+            <resourceName>
+                /locationauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>7e350767-a7d7-4105-b1c8-934e3f8daa1a</permissionId>
+            <resourceName>locations</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>7e350767-a7d7-4105-b1c8-934e3f8daa1a</permissionId>
+            <resourceName>locations</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>689c4855-d032-4cef-8960-f42ff2994ef4</permissionId>
+            <resourceName>acquisitions</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>689c4855-d032-4cef-8960-f42ff2994ef4</permissionId>
+            <resourceName>acquisitions</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>92cfdc09-dd6a-45cd-a2c3-1de5cb1f336b</permissionId>
+            <resourceName>
+                /acquisitions/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>92cfdc09-dd6a-45cd-a2c3-1de5cb1f336b</permissionId>
+            <resourceName>
+                /acquisitions/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>754b4802-19b1-4185-a6fb-83ecadabff06</permissionId>
+            <resourceName>relations</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>754b4802-19b1-4185-a6fb-83ecadabff06</permissionId>
+            <resourceName>relations</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>628b4acf-bd52-4a77-824c-5b657da3608a</permissionId>
+            <resourceName>
+                relations/subject/*/type/*/object/*
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>628b4acf-bd52-4a77-824c-5b657da3608a</permissionId>
+            <resourceName>
+                relations/subject/*/type/*/object/*
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>7de123a3-8e10-4fa7-b8ae-74a684acd569</permissionId>
+            <resourceName>accounts</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>7de123a3-8e10-4fa7-b8ae-74a684acd569</permissionId>
+            <resourceName>accounts</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>cb5f541b-c592-4fb5-9e0a-c88dfc3f9301</permissionId>
+            <resourceName>dimensions</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>cb5f541b-c592-4fb5-9e0a-c88dfc3f9301</permissionId>
+            <resourceName>dimensions</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>80a53f0e-6571-4195-ad9f-18cc5ba65b0c</permissionId>
+            <resourceName>contacts</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>80a53f0e-6571-4195-ad9f-18cc5ba65b0c</permissionId>
+            <resourceName>contacts</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>90fee1ba-1706-4500-8222-17614b69b4cb</permissionId>
+            <resourceName>
+                /personauthorities/*/items/*/contacts
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>90fee1ba-1706-4500-8222-17614b69b4cb</permissionId>
+            <resourceName>
+                /personauthorities/*/items/*/contacts
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>f56cd470-75fb-4994-9172-2244e139c9db</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/*/contacts
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>f56cd470-75fb-4994-9172-2244e139c9db</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/*/contacts
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>47b4dd62-3247-4414-b19a-4624ba7c5228</permissionId>
+            <resourceName>notes</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>47b4dd62-3247-4414-b19a-4624ba7c5228</permissionId>
+            <resourceName>notes</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>c2aee301-5540-4e56-ad1f-03e5ce0d28a8</permissionId>
+            <resourceName>authorization/roles</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>c2aee301-5540-4e56-ad1f-03e5ce0d28a8</permissionId>
+            <resourceName>authorization/roles</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>1ad9339c-200e-4d0c-af7f-394d578a45ca</permissionId>
+            <resourceName>authorization/permissions</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>1ad9339c-200e-4d0c-af7f-394d578a45ca</permissionId>
+            <resourceName>authorization/permissions</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>3b4cf91b-3851-44ad-97c1-b23f3788d617</permissionId>
+            <resourceName>authorization/permissions/permroles</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>3b4cf91b-3851-44ad-97c1-b23f3788d617</permissionId>
+            <resourceName>authorization/permissions/permroles</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>417f1755-0645-4508-b9f1-f7380b897146</permissionId>
+            <resourceName>
+                /authorization/permissions/*/permroles/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>417f1755-0645-4508-b9f1-f7380b897146</permissionId>
+            <resourceName>
+                /authorization/permissions/*/permroles/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>7817cfa9-bdd5-4cf2-bc6b-e0ff102cd434</permissionId>
+            <resourceName>accounts/accountroles</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>7817cfa9-bdd5-4cf2-bc6b-e0ff102cd434</permissionId>
+            <resourceName>accounts/accountroles</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>fe176181-6e43-4525-8c5e-f43b16f7132e</permissionId>
+            <resourceName>
+                /accounts/*/accountroles/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>fe176181-6e43-4525-8c5e-f43b16f7132e</permissionId>
+            <resourceName>
+                /accounts/*/accountroles/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>4a7d9a48-2dc7-41ee-8af3-b2965eb25afb</permissionId>
+            <resourceName>authorization/roles/permroles</resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>4a7d9a48-2dc7-41ee-8af3-b2965eb25afb</permissionId>
+            <resourceName>authorization/roles/permroles</resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>eac699a7-e863-4798-bb19-6718d6faa36c</permissionId>
+            <resourceName>
+                /authorization/roles/*/permroles/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>01b70ec2-e1f7-4700-91a4-0c425585031a</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+        <role>
+            <roleId>5addeec3-3206-43db-a164-9e529471cf91</roleId>
+            <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>eac699a7-e863-4798-bb19-6718d6faa36c</permissionId>
+            <resourceName>
+                /authorization/roles/*/permroles/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>0</roleId>
+            <roleName>ROLE_ADMINISTRATOR</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>497b6528-fe1e-4fec-89cf-7b17c499bbac</permissionId>
+            <resourceName>idgenerators</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>d5a2400d-f7fd-4eff-ab5e-fbc1457fce32</permissionId>
+            <resourceName>id</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>62181818-1275-4861-9251-a9c172add296</permissionId>
+            <resourceName>
+                /idgenerators/*/ids
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>eb6dff1c-d73d-4874-ac31-e379f246b09a</permissionId>
+            <resourceName>collectionobjects</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>0ce7c405-9c9d-424e-b72e-51d9b88db92c</permissionId>
+            <resourceName>
+                /collectionobjects/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>37586285-faf9-4bc6-8518-2481d242a22c</permissionId>
+            <resourceName>intakes</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>22a4e320-9bbc-4922-9244-dc418d813e03</permissionId>
+            <resourceName>
+                /intakes/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>e31f96b3-c694-4981-8b05-6ed69c508161</permissionId>
+            <resourceName>loansin</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>084aff5f-82b8-499c-ad77-4a169fd80138</permissionId>
+            <resourceName>
+                /loansin/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>e9b1bed8-1f2e-49dd-97be-2094688485ec</permissionId>
+            <resourceName>loansout</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>ff9c7503-8d0a-434c-8e16-7b6511211648</permissionId>
+            <resourceName>
+                /loansout/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>cabb3eda-b0e7-4255-b25c-193f79e191f2</permissionId>
+            <resourceName>movements</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>1d7067d4-f229-4ea9-9fce-a661bd324ebf</permissionId>
+            <resourceName>
+                /movements/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>37b90e54-ae34-49ed-b790-4da18077ceb7</permissionId>
+            <resourceName>vocabularies</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>3dec89f9-179c-4537-bdd7-913ed431b97b</permissionId>
+            <resourceName>vocabularyitems</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>b98c1deb-f425-432e-b5e0-53612e6ef4d6</permissionId>
+            <resourceName>
+                /vocabularies/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>6080c67c-32ab-4245-8b75-ad42bba6dcb6</permissionId>
+            <resourceName>orgauthorities</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>5b4d0845-ef49-46eb-b451-13cdae375b73</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>3242d512-b992-4721-8717-a88947d54afc</permissionId>
+            <resourceName>organizations</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>7ff3a896-37b9-4cd8-9011-eb168d192446</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>638f36e9-0f9c-4961-98ee-2e7fb710efae</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/*/refobjs
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>809a5cba-379b-41fe-aaf5-d61301ec4fe7</permissionId>
+            <resourceName>personauthorities</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>c69b057d-230a-466d-8038-e4b1324d41c2</permissionId>
+            <resourceName>
+                /personauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>bcbb0602-6e00-4518-9960-3e36f9ac6094</permissionId>
+            <resourceName>
+                /personauthorities/*/items/*/refobjs
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>801faebf-e2f2-4717-a525-fa4dfa63caf8</permissionId>
+            <resourceName>persons</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>c0bef2ce-625f-4bea-b337-1269af2fdea8</permissionId>
+            <resourceName>
+                /personauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>eba34232-cdac-42ad-9b88-2aa9492ec802</permissionId>
+            <resourceName>locationauthorities</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>b9ae3884-8b18-467b-8caf-aaddfe87f968</permissionId>
+            <resourceName>
+                /locationauthorities/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>6401c854-599a-4564-8097-d0ec9c58af3b</permissionId>
+            <resourceName>locations</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>e505a806-30fd-48e4-a1b0-3345291561a3</permissionId>
+            <resourceName>acquisitions</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>236a919f-8e24-43bd-b3d5-f58640f24490</permissionId>
+            <resourceName>
+                /acquisitions/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>6701f7a9-5021-43e2-a5ca-62ccf523809c</permissionId>
+            <resourceName>relations</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>62ca97b4-15e6-4008-b656-c0d92126d6d8</permissionId>
+            <resourceName>
+                relations/subject/*/type/*/object/*
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>dbc19509-8d72-4f1b-8532-9d81969c2f3a</permissionId>
+            <resourceName>accounts</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>cf88e815-051d-42ca-b443-5fbc3e3e8e65</permissionId>
+            <resourceName>dimensions</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>bf943992-5e0f-48c8-848d-b024452b69c7</permissionId>
+            <resourceName>contacts</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>89db9711-8197-48ec-9355-560263b01863</permissionId>
+            <resourceName>
+                /personauthorities/*/items/*/contacts
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>ce012cfd-51a2-4f4b-a26e-8fcc9da79ee4</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/*/contacts
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>790576d7-7870-4989-8084-b2e7acfe568b</permissionId>
+            <resourceName>notes</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>63d9ee17-a98e-455a-9bc6-c8f4e3237850</permissionId>
+            <resourceName>authorization/roles</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>14696853-077b-4396-a27d-7fdf229f2848</permissionId>
+            <resourceName>authorization/permissions</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>b0b79cce-a76b-441d-ba79-eaea8793e1eb</permissionId>
+            <resourceName>authorization/permissions/permroles</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>b6e31c70-cf71-429a-b286-5c5f331dce8d</permissionId>
+            <resourceName>
+                /authorization/permissions/*/permroles/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>6c232793-eb79-4144-a7b6-a3a817777406</permissionId>
+            <resourceName>accounts/accountroles</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>08714948-5e03-412b-8ad6-01cbf422dc67</permissionId>
+            <resourceName>
+                /accounts/*/accountroles/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>7ca1de99-c776-4f7a-a111-474d97dc6a7d</permissionId>
+            <resourceName>authorization/roles/permroles</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>d4b21996-d23a-4311-9058-f9fab6295dcf</permissionId>
+            <resourceName>
+                /authorization/roles/*/permroles/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>f57b3714-0f15-49c6-8f9c-5d6546aed9fe</permissionId>
+            <resourceName>idgenerators</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>feb6a75f-e192-4a8f-9104-f66feabece26</permissionId>
+            <resourceName>id</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>868d985f-ffed-4696-a617-633a4deff71d</permissionId>
+            <resourceName>
+                /idgenerators/*/ids
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>e0410bfd-8d52-4a84-a095-52dcc3dc0c3b</permissionId>
+            <resourceName>collectionobjects</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>6520ad4c-8684-4e00-878b-6df751a3c7bd</permissionId>
+            <resourceName>
+                /collectionobjects/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>c193854c-7f5f-42ea-ada1-4a2b2e3e2ff1</permissionId>
+            <resourceName>intakes</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>135ad3f1-723a-44b6-9944-7bc05b3f11bf</permissionId>
+            <resourceName>
+                /intakes/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>9e1d52c2-655d-412d-a596-071bd1ebab23</permissionId>
+            <resourceName>loansin</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>8232653e-e330-4761-b1af-b29feb4c15c9</permissionId>
+            <resourceName>
+                /loansin/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>d2673bf9-f3f5-419f-b317-a7b6198fe397</permissionId>
+            <resourceName>loansout</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>cd7ffe2f-c0c2-4b56-87ed-4bb48816af01</permissionId>
+            <resourceName>
+                /loansout/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>82ac6bf4-2477-4e40-acef-86437520cb0c</permissionId>
+            <resourceName>movements</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>6740393d-3d35-4563-9a57-841b5d34d71e</permissionId>
+            <resourceName>
+                /movements/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>8542668f-4e4c-41c2-abb3-49c5ae219e7e</permissionId>
+            <resourceName>vocabularies</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>18e6b306-3777-4a5e-a7a6-c22f3c5cb4a4</permissionId>
+            <resourceName>vocabularyitems</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>67a1bca5-1ba1-48a9-8687-78fe37c9d1aa</permissionId>
+            <resourceName>
+                /vocabularies/*/items/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>318a9d0c-56c7-43fc-8813-bf365fe05a3e</permissionId>
+            <resourceName>orgauthorities</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>b40ab1e0-b3bc-4508-9876-4d6cf749c015</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/*/authorityrefs/
+            </resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>8cd27f28-e78d-426c-8de3-13c1c094e233</permissionId>
+            <resourceName>organizations</resourceName>
+        </permission>
+        <role>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+    </permissionRole>
+    <permissionRole>
+        <subject>ROLE</subject>
+        <permission>
+            <permissionId>5db30553-7d72-486a-bd40-81300ea9a2c4</permissionId>
+            <resourceName>
+                /orgauthorities/*/items/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>35cb8d8b-4309-4177-9c1c-157dbeb36f5d</permissionId>
+            <permissionId>36f8ae51-bf94-4e83-8f32-d6d1e4c9bb8d</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/refobjs
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>c890f437-7356-4bcd-b5b1-0e36b13e6358</permissionId>
+            <permissionId>478f0ebb-3a5f-489d-91b0-aa1f55a40a39</permissionId>
             <resourceName>personauthorities</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>778904e1-8b67-4ace-af24-8b756385ce80</permissionId>
+            <permissionId>5e3e98ed-61bb-41f5-abee-ad71c019f5bc</permissionId>
             <resourceName>
                 /personauthorities/*/items/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>d531417d-b61b-471c-90ff-f21969f00e4c</permissionId>
+            <permissionId>ede401ec-4976-4304-a1ba-d79e87fc37eb</permissionId>
             <resourceName>
                 /personauthorities/*/items/*/refobjs
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>46581f00-1338-417d-9ff5-1250a8eb5e3c</permissionId>
+            <permissionId>837272f1-c53e-4c92-b27d-3c669b054bbd</permissionId>
             <resourceName>persons</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b707073a-6c2f-4bc5-b8b2-800be7cc17ec</permissionId>
+            <permissionId>bf13ee0d-09fa-4311-9ccf-9a353577fe8b</permissionId>
             <resourceName>
                 /personauthorities/*/items/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>88832e9b-0f62-406e-8a64-ea61d53153ed</permissionId>
+            <permissionId>e8679b1f-857a-463f-a1f3-4cc8c4103061</permissionId>
             <resourceName>locationauthorities</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>5b8c3d7d-f027-4675-9edf-1f7733ce360d</permissionId>
+            <permissionId>8d56f355-564d-432a-8bda-82bebb55e55a</permissionId>
             <resourceName>
                 /locationauthorities/*/items/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>a73bebb8-d109-4fbd-aa29-f71766eac61a</permissionId>
+            <permissionId>39530279-1540-4768-8def-6a3b1cee4990</permissionId>
             <resourceName>locations</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>7d6dcff6-167f-4634-a35d-ec635e34fc60</permissionId>
+            <permissionId>06cca12d-2a18-4303-a972-e4ce3d094d30</permissionId>
             <resourceName>acquisitions</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>2007cc99-7208-4238-9792-bceb5df78733</permissionId>
+            <permissionId>65b4803b-8697-4669-995b-d1f5eba17a86</permissionId>
             <resourceName>
                 /acquisitions/*/authorityrefs/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>94594f80-9ae2-4f51-b1f1-21e49bca2f5e</permissionId>
+            <permissionId>1d87e6a3-d770-4f63-8e29-ecb312f91157</permissionId>
             <resourceName>relations</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e75b9dd6-737a-43cd-b847-c8effa3d6055</permissionId>
+            <permissionId>39ed698e-3474-4f7d-83d5-0105078cb21f</permissionId>
             <resourceName>
                 relations/subject/*/type/*/object/*
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>da6da169-41d0-4f7f-a246-e7a9c96967de</permissionId>
+            <permissionId>d4b62feb-53f4-4aac-bc50-e30e5130ec98</permissionId>
             <resourceName>accounts</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>8b1fc4c6-1610-490d-8972-17ac113b36d9</permissionId>
+            <permissionId>0a047c4c-1c78-47fb-b951-70912934cab7</permissionId>
             <resourceName>dimensions</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>97455f0e-2064-4667-9bfe-540a05b571ae</permissionId>
+            <permissionId>50ee8add-45ef-4643-8aa7-1d144d0d4cb9</permissionId>
             <resourceName>contacts</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>10655b0e-d168-4ac5-96fc-5ff88621aaee</permissionId>
+            <permissionId>b015754f-2d5d-454a-8403-b3e49f51cc5b</permissionId>
             <resourceName>
                 /personauthorities/*/items/*/contacts
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>1209a058-b37e-438d-906a-03bc49a4928c</permissionId>
+            <permissionId>430e88e1-cae6-4dea-82bd-34b17fda7ae3</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/contacts
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>eb97ccdf-daaa-436e-bd40-f86e3d7dc8d0</permissionId>
+            <permissionId>fc1db1b6-1fd9-439e-871d-bcb6f41bb5ca</permissionId>
             <resourceName>notes</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>655fb068-d229-47e0-b636-48e53217d070</permissionId>
+            <permissionId>beea8fd0-de64-40ab-a620-f8fb571e39b4</permissionId>
             <resourceName>authorization/roles</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>556204b7-df13-40fe-8185-ac4e9924a033</permissionId>
+            <permissionId>87eb9947-f5e7-47fd-8972-dc24cf9d2ae1</permissionId>
             <resourceName>authorization/permissions</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3d5ecccd-37a5-4185-88b3-66aa1def43b5</permissionId>
+            <permissionId>38b681d4-1090-474a-addc-43b03f2fdd1b</permissionId>
             <resourceName>authorization/permissions/permroles</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>049d792a-f1c7-42de-8d88-c09a1143340f</permissionId>
+            <permissionId>dd6497fb-e4af-4732-b39e-27c8f8cf5b89</permissionId>
             <resourceName>
                 /authorization/permissions/*/permroles/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b85355db-2c33-4469-bb27-bf4fb1ac4039</permissionId>
+            <permissionId>538889df-13ce-4df5-a204-a0c58db6a544</permissionId>
             <resourceName>accounts/accountroles</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ce37cf6c-a550-49de-9bdf-0ede7cafb617</permissionId>
+            <permissionId>7f9ba507-8419-4227-86af-9819a568a56b</permissionId>
             <resourceName>
                 /accounts/*/accountroles/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e1af00a3-a7c9-441f-a48c-f9698f47298a</permissionId>
+            <permissionId>c3e42f4f-a2f5-4cd8-afb5-7872f218fa18</permissionId>
             <resourceName>authorization/roles/permroles</resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>8fc74578-d253-4eb7-a0e3-43bc70a88a62</permissionId>
+            <permissionId>17df84a4-d06d-4b57-bb75-15e84a04bf10</permissionId>
             <resourceName>
                 /authorization/roles/*/permroles/
             </resourceName>
         </permission>
         <role>
-            <roleId>25f537c9-a213-41de-97f0-18524d5f4eb2</roleId>
+            <roleId>5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6</roleId>
+            <roleName>ROLE_TENANT_READER</roleName>
+        </role>
+        <role>
+            <roleId>73eb01c2-fde2-46c3-8032-1803db242575</roleId>
             <roleName>ROLE_TENANT_READER</roleName>
         </role>
     </permissionRole>

diff --git a/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml b/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml
index 29cf9465a16d2b57a05ec425c385df14066a88d1..2ceed9cc6e547058f1a5e9df6f142711e9a0d243 100644 (file)
--- a/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml
+++ b/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <ns2:permissions_list xmlns:ns2="http://collectionspace.org/services/authorization">
-    <permission csid="de3657a1-99f8-46b6-b4bb-2e28f9def87f">
+    <permission csid="d44f77d4-52cd-4025-b292-c227aa73d6fc">
         <description>generated admin permission</description>
         <resourceName>idgenerators</resourceName>
         <action>
@@ -19,10 +19,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.388</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.559</createdAt>
     </permission>
-    <permission csid="b6644980-aeef-4d8f-a048-338057f9d973">
+    <permission csid="89231998-14d1-440e-a402-38f2f53a1e57">
         <description>generated admin permission</description>
         <resourceName>id</resourceName>
         <action>
@@ -41,10 +41,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.390</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.561</createdAt>
     </permission>
-    <permission csid="ddcdcc15-7f5a-49d8-8354-82c2e52d4727">
+    <permission csid="ada701c6-649f-481f-afd5-2d192c483b6a">
         <description>generated admin permission</description>
         <resourceName>
                 /idgenerators/*/ids
@@ -65,10 +65,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.390</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.561</createdAt>
     </permission>
-    <permission csid="b203fb49-56c3-4662-b4bd-4008a6462364">
+    <permission csid="ad4921b1-6968-4028-99e1-7edbfed46ead">
         <description>generated admin permission</description>
         <resourceName>collectionobjects</resourceName>
         <action>
@@ -87,10 +87,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.391</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.561</createdAt>
     </permission>
-    <permission csid="2dde10d0-2ce9-471b-9c66-c67a6e7c511f">
+    <permission csid="dbd45393-f610-4a0d-81ed-03475aeacde3">
         <description>generated admin permission</description>
         <resourceName>
                 /collectionobjects/*/authorityrefs/
@@ -111,10 +111,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.391</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.562</createdAt>
     </permission>
-    <permission csid="b8323642-cd0a-491f-a952-cf36d2b32134">
+    <permission csid="3185e6b7-7248-4bfa-afeb-1e14b206afeb">
         <description>generated admin permission</description>
         <resourceName>intakes</resourceName>
         <action>
@@ -133,10 +133,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.391</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.562</createdAt>
     </permission>
-    <permission csid="3c3e7ff6-7ecd-4643-b662-3fcb54e62abe">
+    <permission csid="9f067bc0-0aaf-4499-986e-424b112f6ef2">
         <description>generated admin permission</description>
         <resourceName>
                 /intakes/*/authorityrefs/
@@ -157,10 +157,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.392</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.562</createdAt>
     </permission>
-    <permission csid="e248b5af-6eb3-4063-8816-6c2b0c55537c">
+    <permission csid="021de06c-f386-42ad-b18e-fdd32496d521">
         <description>generated admin permission</description>
         <resourceName>loansin</resourceName>
         <action>
@@ -179,10 +179,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.392</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.562</createdAt>
     </permission>
-    <permission csid="6529cf6d-34ae-4bab-a6e2-ab19973620fb">
+    <permission csid="7339e77d-638e-4d78-a707-e094c9af29b5">
         <description>generated admin permission</description>
         <resourceName>
                 /loansin/*/authorityrefs/
@@ -203,10 +203,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.393</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.563</createdAt>
     </permission>
-    <permission csid="1145d28d-269a-41fd-806f-b0d6511cf273">
+    <permission csid="4ce5feca-958e-47e2-a1f5-7a3dbd28bcd9">
         <description>generated admin permission</description>
         <resourceName>loansout</resourceName>
         <action>
@@ -225,10 +225,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.393</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.563</createdAt>
     </permission>
-    <permission csid="8773ed3b-9432-44e8-900e-1bc3908e7911">
+    <permission csid="871a9263-bf27-4aee-a287-e489e3421e98">
         <description>generated admin permission</description>
         <resourceName>
                 /loansout/*/authorityrefs/
@@ -249,10 +249,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.393</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.564</createdAt>
     </permission>
-    <permission csid="21786a64-02e0-4359-9c61-47cf821f2362">
+    <permission csid="907f0d70-294f-42a3-b433-b084cdd800e5">
         <description>generated admin permission</description>
         <resourceName>movements</resourceName>
         <action>
@@ -271,10 +271,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.394</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.564</createdAt>
     </permission>
-    <permission csid="d501423e-9425-4c99-bf6f-478a2a9f971e">
+    <permission csid="959f2186-4279-4828-9850-f2bf8939324b">
         <description>generated admin permission</description>
         <resourceName>
                 /movements/*/authorityrefs/
@@ -295,10 +295,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.394</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.565</createdAt>
     </permission>
-    <permission csid="88075c4c-d5ed-420a-a767-1ab662066feb">
+    <permission csid="4e9fe80c-1751-4f71-9ba4-9befdf0d6afb">
         <description>generated admin permission</description>
         <resourceName>vocabularies</resourceName>
         <action>
@@ -317,10 +317,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.395</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.565</createdAt>
     </permission>
-    <permission csid="2444d28d-883f-4566-a378-f03b95d100b9">
+    <permission csid="2bf629ea-66c7-4974-802e-852d9ce04a57">
         <description>generated admin permission</description>
         <resourceName>vocabularyitems</resourceName>
         <action>
@@ -339,10 +339,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.395</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.565</createdAt>
     </permission>
-    <permission csid="80a57584-6438-4df3-95df-bba1d7d9a275">
+    <permission csid="00ffa49c-d778-45a0-b504-35bdd4ffc24f">
         <description>generated admin permission</description>
         <resourceName>
                 /vocabularies/*/items/
@@ -363,10 +363,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.396</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.566</createdAt>
     </permission>
-    <permission csid="812a71ed-0dfe-4371-a390-4776ab5519f2">
+    <permission csid="8d50e134-45a3-4b27-aee2-c3df1c073008">
         <description>generated admin permission</description>
         <resourceName>orgauthorities</resourceName>
         <action>
@@ -385,10 +385,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.396</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.566</createdAt>
     </permission>
-    <permission csid="a9aeff96-179f-4b1d-8e74-25358185fdae">
+    <permission csid="b8131f3c-ac19-49ad-8301-3fc588e31dfb">
         <description>generated admin permission</description>
         <resourceName>
                 /orgauthorities/*/items/*/authorityrefs/
@@ -409,10 +409,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.397</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.566</createdAt>
     </permission>
-    <permission csid="23897bf4-c727-4737-a70c-dc446519e1d5">
+    <permission csid="e35cc564-b021-4ad2-8075-e8f7b53c1ee2">
         <description>generated admin permission</description>
         <resourceName>organizations</resourceName>
         <action>
@@ -431,10 +431,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.397</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.567</createdAt>
     </permission>
-    <permission csid="64f48448-c5ed-4096-acc8-17daebf2924f">
+    <permission csid="4ca834a1-834b-46d1-ab17-8e313c3a9980">
         <description>generated admin permission</description>
         <resourceName>
                 /orgauthorities/*/items/
@@ -455,10 +455,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.397</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.567</createdAt>
     </permission>
-    <permission csid="90bea796-bf38-46a6-8a9e-fc9a1eed157d">
+    <permission csid="57b32d7b-db0e-48db-980f-2c4ff1e1476b">
         <description>generated admin permission</description>
         <resourceName>
                 /orgauthorities/*/items/*/refobjs
@@ -479,10 +479,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.398</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.567</createdAt>
     </permission>
-    <permission csid="e61b8b12-3db0-499a-b074-79afec3f141a">
+    <permission csid="04d87e96-d1a1-4891-beca-5be5929dffbe">
         <description>generated admin permission</description>
         <resourceName>personauthorities</resourceName>
         <action>
@@ -501,10 +501,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.398</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.567</createdAt>
     </permission>
-    <permission csid="ce34076c-83b0-409c-b2b8-2d3805af9056">
+    <permission csid="1caacc4d-b5a8-464f-b9bf-8638511f7999">
         <description>generated admin permission</description>
         <resourceName>
                 /personauthorities/*/items/
@@ -525,10 +525,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.398</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.568</createdAt>
     </permission>
-    <permission csid="acac0886-627b-43e6-810c-f62c928b99bf">
+    <permission csid="52ab1350-8a01-478a-b459-ddc29ac4edbb">
         <description>generated admin permission</description>
         <resourceName>
                 /personauthorities/*/items/*/refobjs
@@ -549,10 +549,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.399</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.568</createdAt>
     </permission>
-    <permission csid="1aa13e33-4b21-4e6f-b670-2fc13f8fd2b4">
+    <permission csid="efbfc241-02a4-4758-b546-2e10e44a88c2">
         <description>generated admin permission</description>
         <resourceName>persons</resourceName>
         <action>
@@ -571,10 +571,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.399</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.568</createdAt>
     </permission>
-    <permission csid="cbb98b91-25ed-4e8b-af4d-48f11e981e19">
+    <permission csid="d15b3fd7-ee37-4490-bc4d-2701ffbdedb7">
         <description>generated admin permission</description>
         <resourceName>
                 /personauthorities/*/items/
@@ -595,10 +595,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.400</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.568</createdAt>
     </permission>
-    <permission csid="7c9e5c9a-8eb7-4579-ad94-e6d4f90c9ae8">
+    <permission csid="9b19311b-b3b4-42a4-9fd1-592998f0ca88">
         <description>generated admin permission</description>
         <resourceName>locationauthorities</resourceName>
         <action>
@@ -617,10 +617,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.400</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.569</createdAt>
     </permission>
-    <permission csid="ce653183-2722-46c9-8f19-2e719c9cb06c">
+    <permission csid="9b6f3483-3c36-412e-8ed4-19d48597313d">
         <description>generated admin permission</description>
         <resourceName>
                 /locationauthorities/*/items/
@@ -641,10 +641,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.401</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.569</createdAt>
     </permission>
-    <permission csid="59b8de3a-9b1d-4e82-9aa5-0d28dd5a46ac">
+    <permission csid="a26945bf-9e2e-41a0-967b-febb4c33aa2e">
         <description>generated admin permission</description>
         <resourceName>locations</resourceName>
         <action>
@@ -663,10 +663,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.401</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.569</createdAt>
     </permission>
-    <permission csid="37e00906-0fa5-4d20-be21-739f66bcac52">
+    <permission csid="983bff7f-8ba2-4d6e-98d6-b8de4724249e">
         <description>generated admin permission</description>
         <resourceName>acquisitions</resourceName>
         <action>
@@ -685,10 +685,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.401</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.570</createdAt>
     </permission>
-    <permission csid="1ebea466-ab70-4368-8965-aa9305661d50">
+    <permission csid="b3418175-6fd0-448f-82c3-d52714b83c17">
         <description>generated admin permission</description>
         <resourceName>
                 /acquisitions/*/authorityrefs/
@@ -709,10 +709,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.402</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.570</createdAt>
     </permission>
-    <permission csid="c48e8d4a-7972-469f-a2bc-1bca201cd772">
+    <permission csid="20b460ef-b528-46a9-8975-8f7e34437696">
         <description>generated admin permission</description>
         <resourceName>relations</resourceName>
         <action>
@@ -731,10 +731,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.402</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.570</createdAt>
     </permission>
-    <permission csid="b2f182cb-61d7-4016-a2e2-075c13afefd0">
+    <permission csid="e9c3b077-4384-4349-bb4c-b5e21e2b4aef">
         <description>generated admin permission</description>
         <resourceName>
                 relations/subject/*/type/*/object/*
@@ -755,10 +755,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.402</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.571</createdAt>
     </permission>
-    <permission csid="6ba014c0-80e1-456f-9c3c-de339391d254">
+    <permission csid="f5b2e004-16f3-4b6b-882c-82bf101a864e">
         <description>generated admin permission</description>
         <resourceName>accounts</resourceName>
         <action>
@@ -777,10 +777,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.403</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.571</createdAt>
     </permission>
-    <permission csid="ee04f607-8e32-46dd-b5c9-b7657cdd290c">
+    <permission csid="b4a69d0e-cedf-4218-91fa-d4e38f125207">
         <description>generated admin permission</description>
         <resourceName>dimensions</resourceName>
         <action>
@@ -799,10 +799,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.403</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.571</createdAt>
     </permission>
-    <permission csid="828327fc-7b3d-4bde-b6d6-e48c74c3f4fd">
+    <permission csid="516ec6a0-0f75-48c9-8efe-6c3a409f0a0d">
         <description>generated admin permission</description>
         <resourceName>contacts</resourceName>
         <action>
@@ -821,10 +821,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.404</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.571</createdAt>
     </permission>
-    <permission csid="2d48d7a3-faba-4e8d-93a3-0863de7d92da">
+    <permission csid="a4ec2332-0f57-4cc1-b48c-e500f329a8c2">
         <description>generated admin permission</description>
         <resourceName>
                 /personauthorities/*/items/*/contacts
@@ -845,10 +845,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.404</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.574</createdAt>
     </permission>
-    <permission csid="7d8f835d-d9c0-4508-b279-eef890db247a">
+    <permission csid="efcc4e68-5f2f-43cf-aa86-c3df54af8f44">
         <description>generated admin permission</description>
         <resourceName>
                 /orgauthorities/*/items/*/contacts
@@ -869,10 +869,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.404</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.574</createdAt>
     </permission>
-    <permission csid="ab92d994-29eb-4d64-bd49-b3cafd8f0a5b">
+    <permission csid="e01bc5b4-c359-42ba-80a8-6920c704622b">
         <description>generated admin permission</description>
         <resourceName>notes</resourceName>
         <action>
@@ -891,10 +891,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.405</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.575</createdAt>
     </permission>
-    <permission csid="db65825c-50c3-49a8-af5f-68115f16537b">
+    <permission csid="41df9971-887c-4686-aec7-94fd86079a93">
         <description>generated admin permission</description>
         <resourceName>authorization/roles</resourceName>
         <action>
@@ -913,10 +913,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.405</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.575</createdAt>
     </permission>
-    <permission csid="f7f41db6-f85f-4cd3-a2d6-d9185b6dd8e9">
+    <permission csid="d2a4b854-3123-4cb1-a109-f1a519a7b2a4">
         <description>generated admin permission</description>
         <resourceName>authorization/permissions</resourceName>
         <action>
@@ -935,10 +935,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.405</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.575</createdAt>
     </permission>
-    <permission csid="074e7f98-2580-48d3-969d-4043f156eaa2">
+    <permission csid="24e6142e-56d7-4312-ac0d-d68f1deb21b8">
         <description>generated admin permission</description>
         <resourceName>authorization/permissions/permroles</resourceName>
         <action>
@@ -957,10 +957,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.406</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.575</createdAt>
     </permission>
-    <permission csid="0cdd6f4e-58b6-4c11-bbbd-0984c30d6dbd">
+    <permission csid="6ce06e7f-e471-410c-a7a9-ec50b0bc11be">
         <description>generated admin permission</description>
         <resourceName>
                 /authorization/permissions/*/permroles/
@@ -981,10 +981,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.406</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.576</createdAt>
     </permission>
-    <permission csid="361c4bed-bd81-4f22-82df-f462111663a9">
+    <permission csid="22059d92-f298-49fc-80c0-55c34d966836">
         <description>generated admin permission</description>
         <resourceName>accounts/accountroles</resourceName>
         <action>
@@ -1003,10 +1003,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.407</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.576</createdAt>
     </permission>
-    <permission csid="e272da20-719c-49d1-9584-c21cedcd3a65">
+    <permission csid="ca0acf6a-fc55-426b-8717-b5da0e764cd3">
         <description>generated admin permission</description>
         <resourceName>
                 /accounts/*/accountroles/
@@ -1027,10 +1027,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.407</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.576</createdAt>
     </permission>
-    <permission csid="d7618a4f-d8be-45f6-b0f3-2816ecdca341">
+    <permission csid="0d7965c9-559f-4a31-ac20-fabca081247b">
         <description>generated admin permission</description>
         <resourceName>authorization/roles/permroles</resourceName>
         <action>
@@ -1049,10 +1049,10 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
-        <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.407</createdAt>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.577</createdAt>
     </permission>
-    <permission csid="3b6b0755-9044-46ee-8a85-4e44ac68dd0a">
+    <permission csid="df29890b-f7dd-4cb2-bf20-4873915ec149">
         <description>generated admin permission</description>
         <resourceName>
                 /authorization/roles/*/permroles/
@@ -1073,10 +1073,1739 @@
             <name>SEARCH</name>
         </action>
         <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.577</createdAt>
+    </permission>
+    <permission csid="24ca9b10-db58-4f83-9270-48d31e439930">
+        <description>generated admin permission</description>
+        <resourceName>idgenerators</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.591</createdAt>
+    </permission>
+    <permission csid="cce6d084-4686-4786-90cb-bc816ef7f489">
+        <description>generated admin permission</description>
+        <resourceName>id</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.591</createdAt>
+    </permission>
+    <permission csid="43b43275-7ef5-4f3f-a549-acaae5a26ef7">
+        <description>generated admin permission</description>
+        <resourceName>
+                /idgenerators/*/ids
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.591</createdAt>
+    </permission>
+    <permission csid="122cbe8f-076c-4803-b1b0-7c493c444215">
+        <description>generated admin permission</description>
+        <resourceName>collectionobjects</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.592</createdAt>
+    </permission>
+    <permission csid="4ba3ee15-f527-4b11-9341-771ef3af24a3">
+        <description>generated admin permission</description>
+        <resourceName>
+                /collectionobjects/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.592</createdAt>
+    </permission>
+    <permission csid="df4c1540-5210-4b41-a735-18b8f71ad14b">
+        <description>generated admin permission</description>
+        <resourceName>intakes</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.592</createdAt>
+    </permission>
+    <permission csid="43af6eab-fc37-4c48-8f87-2e6f80afda7d">
+        <description>generated admin permission</description>
+        <resourceName>
+                /intakes/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.593</createdAt>
+    </permission>
+    <permission csid="29953599-287c-4b67-826d-df72d1c1266d">
+        <description>generated admin permission</description>
+        <resourceName>loansin</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.593</createdAt>
+    </permission>
+    <permission csid="447f5a41-46a4-4e9d-9b15-62d7fc2466c7">
+        <description>generated admin permission</description>
+        <resourceName>
+                /loansin/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.593</createdAt>
+    </permission>
+    <permission csid="62a72a0a-d028-46c4-8fa5-951746e4c4a5">
+        <description>generated admin permission</description>
+        <resourceName>loansout</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.408</createdAt>
+        <createdAt>2010-06-07T16:22:53.594</createdAt>
+    </permission>
+    <permission csid="6da07854-0d46-493b-b6cf-47af8fef81b4">
+        <description>generated admin permission</description>
+        <resourceName>
+                /loansout/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.594</createdAt>
+    </permission>
+    <permission csid="9807f421-1587-4720-9f60-60087a974302">
+        <description>generated admin permission</description>
+        <resourceName>movements</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.594</createdAt>
+    </permission>
+    <permission csid="041f517a-b58b-4df6-ab7e-57fe6bbbaef5">
+        <description>generated admin permission</description>
+        <resourceName>
+                /movements/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.594</createdAt>
+    </permission>
+    <permission csid="3580ae91-4035-49cd-89a7-0eeeb2cb6b7c">
+        <description>generated admin permission</description>
+        <resourceName>vocabularies</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.595</createdAt>
+    </permission>
+    <permission csid="8e936e74-7dcb-4508-b727-0a33344b5453">
+        <description>generated admin permission</description>
+        <resourceName>vocabularyitems</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.595</createdAt>
+    </permission>
+    <permission csid="e450ee2f-35eb-45bc-b718-caddbcf4dc98">
+        <description>generated admin permission</description>
+        <resourceName>
+                /vocabularies/*/items/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.595</createdAt>
+    </permission>
+    <permission csid="dba4f5cb-4647-4c5f-a4ae-22ffa2cd441c">
+        <description>generated admin permission</description>
+        <resourceName>orgauthorities</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.595</createdAt>
+    </permission>
+    <permission csid="3832f8d9-6d84-4e38-9f4a-8aa6a7bf3999">
+        <description>generated admin permission</description>
+        <resourceName>
+                /orgauthorities/*/items/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.596</createdAt>
+    </permission>
+    <permission csid="0e6e1b2c-5b85-4d20-ab17-e31924e97927">
+        <description>generated admin permission</description>
+        <resourceName>organizations</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.596</createdAt>
+    </permission>
+    <permission csid="aae5e62b-5841-4a85-b90a-f65f06d61f04">
+        <description>generated admin permission</description>
+        <resourceName>
+                /orgauthorities/*/items/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.596</createdAt>
+    </permission>
+    <permission csid="34ab8a6c-3b92-4faf-891b-01686eb7c71d">
+        <description>generated admin permission</description>
+        <resourceName>
+                /orgauthorities/*/items/*/refobjs
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.596</createdAt>
+    </permission>
+    <permission csid="679509a8-4d68-4ba6-a11f-1411b82d417f">
+        <description>generated admin permission</description>
+        <resourceName>personauthorities</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.597</createdAt>
+    </permission>
+    <permission csid="5a1dab9b-fea0-4b2d-b141-a64bbf01658f">
+        <description>generated admin permission</description>
+        <resourceName>
+                /personauthorities/*/items/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.597</createdAt>
+    </permission>
+    <permission csid="e714cf45-5e1d-4b5f-86bb-5f9ec4f39eaf">
+        <description>generated admin permission</description>
+        <resourceName>
+                /personauthorities/*/items/*/refobjs
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.597</createdAt>
+    </permission>
+    <permission csid="0349216f-65cd-4a68-8907-66dc151c5911">
+        <description>generated admin permission</description>
+        <resourceName>persons</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.597</createdAt>
+    </permission>
+    <permission csid="38a54418-3ca7-4e65-8373-f1822c2f808f">
+        <description>generated admin permission</description>
+        <resourceName>
+                /personauthorities/*/items/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.598</createdAt>
+    </permission>
+    <permission csid="1b0e6e9e-a65e-4d08-92e8-dc38408d2f27">
+        <description>generated admin permission</description>
+        <resourceName>locationauthorities</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.598</createdAt>
+    </permission>
+    <permission csid="6584ed70-b21e-47be-b244-ff844f872780">
+        <description>generated admin permission</description>
+        <resourceName>
+                /locationauthorities/*/items/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.598</createdAt>
+    </permission>
+    <permission csid="7e350767-a7d7-4105-b1c8-934e3f8daa1a">
+        <description>generated admin permission</description>
+        <resourceName>locations</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.598</createdAt>
+    </permission>
+    <permission csid="689c4855-d032-4cef-8960-f42ff2994ef4">
+        <description>generated admin permission</description>
+        <resourceName>acquisitions</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.599</createdAt>
+    </permission>
+    <permission csid="92cfdc09-dd6a-45cd-a2c3-1de5cb1f336b">
+        <description>generated admin permission</description>
+        <resourceName>
+                /acquisitions/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.599</createdAt>
+    </permission>
+    <permission csid="754b4802-19b1-4185-a6fb-83ecadabff06">
+        <description>generated admin permission</description>
+        <resourceName>relations</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.599</createdAt>
+    </permission>
+    <permission csid="628b4acf-bd52-4a77-824c-5b657da3608a">
+        <description>generated admin permission</description>
+        <resourceName>
+                relations/subject/*/type/*/object/*
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.599</createdAt>
+    </permission>
+    <permission csid="7de123a3-8e10-4fa7-b8ae-74a684acd569">
+        <description>generated admin permission</description>
+        <resourceName>accounts</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.600</createdAt>
+    </permission>
+    <permission csid="cb5f541b-c592-4fb5-9e0a-c88dfc3f9301">
+        <description>generated admin permission</description>
+        <resourceName>dimensions</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.600</createdAt>
+    </permission>
+    <permission csid="80a53f0e-6571-4195-ad9f-18cc5ba65b0c">
+        <description>generated admin permission</description>
+        <resourceName>contacts</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.600</createdAt>
+    </permission>
+    <permission csid="90fee1ba-1706-4500-8222-17614b69b4cb">
+        <description>generated admin permission</description>
+        <resourceName>
+                /personauthorities/*/items/*/contacts
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.600</createdAt>
+    </permission>
+    <permission csid="f56cd470-75fb-4994-9172-2244e139c9db">
+        <description>generated admin permission</description>
+        <resourceName>
+                /orgauthorities/*/items/*/contacts
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.600</createdAt>
+    </permission>
+    <permission csid="47b4dd62-3247-4414-b19a-4624ba7c5228">
+        <description>generated admin permission</description>
+        <resourceName>notes</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.601</createdAt>
+    </permission>
+    <permission csid="c2aee301-5540-4e56-ad1f-03e5ce0d28a8">
+        <description>generated admin permission</description>
+        <resourceName>authorization/roles</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.601</createdAt>
+    </permission>
+    <permission csid="1ad9339c-200e-4d0c-af7f-394d578a45ca">
+        <description>generated admin permission</description>
+        <resourceName>authorization/permissions</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.601</createdAt>
+    </permission>
+    <permission csid="3b4cf91b-3851-44ad-97c1-b23f3788d617">
+        <description>generated admin permission</description>
+        <resourceName>authorization/permissions/permroles</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.601</createdAt>
+    </permission>
+    <permission csid="417f1755-0645-4508-b9f1-f7380b897146">
+        <description>generated admin permission</description>
+        <resourceName>
+                /authorization/permissions/*/permroles/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.602</createdAt>
+    </permission>
+    <permission csid="7817cfa9-bdd5-4cf2-bc6b-e0ff102cd434">
+        <description>generated admin permission</description>
+        <resourceName>accounts/accountroles</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.602</createdAt>
+    </permission>
+    <permission csid="fe176181-6e43-4525-8c5e-f43b16f7132e">
+        <description>generated admin permission</description>
+        <resourceName>
+                /accounts/*/accountroles/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.602</createdAt>
+    </permission>
+    <permission csid="4a7d9a48-2dc7-41ee-8af3-b2965eb25afb">
+        <description>generated admin permission</description>
+        <resourceName>authorization/roles/permroles</resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.603</createdAt>
+    </permission>
+    <permission csid="eac699a7-e863-4798-bb19-6718d6faa36c">
+        <description>generated admin permission</description>
+        <resourceName>
+                /authorization/roles/*/permroles/
+            </resourceName>
+        <action>
+            <name>CREATE</name>
+        </action>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>UPDATE</name>
+        </action>
+        <action>
+            <name>DELETE</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>1</tenant_id>
+        <createdAt>2010-06-07T16:22:53.603</createdAt>
+    </permission>
+    <permission csid="497b6528-fe1e-4fec-89cf-7b17c499bbac">
+        <description>generated readonly permission</description>
+        <resourceName>idgenerators</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.577</createdAt>
+    </permission>
+    <permission csid="d5a2400d-f7fd-4eff-ab5e-fbc1457fce32">
+        <description>generated readonly permission</description>
+        <resourceName>id</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.578</createdAt>
+    </permission>
+    <permission csid="62181818-1275-4861-9251-a9c172add296">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /idgenerators/*/ids
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.578</createdAt>
+    </permission>
+    <permission csid="eb6dff1c-d73d-4874-ac31-e379f246b09a">
+        <description>generated readonly permission</description>
+        <resourceName>collectionobjects</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.578</createdAt>
+    </permission>
+    <permission csid="0ce7c405-9c9d-424e-b72e-51d9b88db92c">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /collectionobjects/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.578</createdAt>
+    </permission>
+    <permission csid="37586285-faf9-4bc6-8518-2481d242a22c">
+        <description>generated readonly permission</description>
+        <resourceName>intakes</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.579</createdAt>
+    </permission>
+    <permission csid="22a4e320-9bbc-4922-9244-dc418d813e03">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /intakes/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.579</createdAt>
+    </permission>
+    <permission csid="e31f96b3-c694-4981-8b05-6ed69c508161">
+        <description>generated readonly permission</description>
+        <resourceName>loansin</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.579</createdAt>
+    </permission>
+    <permission csid="084aff5f-82b8-499c-ad77-4a169fd80138">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /loansin/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.580</createdAt>
+    </permission>
+    <permission csid="e9b1bed8-1f2e-49dd-97be-2094688485ec">
+        <description>generated readonly permission</description>
+        <resourceName>loansout</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.580</createdAt>
+    </permission>
+    <permission csid="ff9c7503-8d0a-434c-8e16-7b6511211648">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /loansout/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.580</createdAt>
+    </permission>
+    <permission csid="cabb3eda-b0e7-4255-b25c-193f79e191f2">
+        <description>generated readonly permission</description>
+        <resourceName>movements</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.580</createdAt>
+    </permission>
+    <permission csid="1d7067d4-f229-4ea9-9fce-a661bd324ebf">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /movements/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.581</createdAt>
+    </permission>
+    <permission csid="37b90e54-ae34-49ed-b790-4da18077ceb7">
+        <description>generated readonly permission</description>
+        <resourceName>vocabularies</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.581</createdAt>
+    </permission>
+    <permission csid="3dec89f9-179c-4537-bdd7-913ed431b97b">
+        <description>generated readonly permission</description>
+        <resourceName>vocabularyitems</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.581</createdAt>
+    </permission>
+    <permission csid="b98c1deb-f425-432e-b5e0-53612e6ef4d6">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /vocabularies/*/items/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.582</createdAt>
+    </permission>
+    <permission csid="6080c67c-32ab-4245-8b75-ad42bba6dcb6">
+        <description>generated readonly permission</description>
+        <resourceName>orgauthorities</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.582</createdAt>
+    </permission>
+    <permission csid="5b4d0845-ef49-46eb-b451-13cdae375b73">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /orgauthorities/*/items/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.582</createdAt>
+    </permission>
+    <permission csid="3242d512-b992-4721-8717-a88947d54afc">
+        <description>generated readonly permission</description>
+        <resourceName>organizations</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.582</createdAt>
+    </permission>
+    <permission csid="7ff3a896-37b9-4cd8-9011-eb168d192446">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /orgauthorities/*/items/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.583</createdAt>
+    </permission>
+    <permission csid="638f36e9-0f9c-4961-98ee-2e7fb710efae">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /orgauthorities/*/items/*/refobjs
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.583</createdAt>
+    </permission>
+    <permission csid="809a5cba-379b-41fe-aaf5-d61301ec4fe7">
+        <description>generated readonly permission</description>
+        <resourceName>personauthorities</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.583</createdAt>
+    </permission>
+    <permission csid="c69b057d-230a-466d-8038-e4b1324d41c2">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /personauthorities/*/items/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.584</createdAt>
+    </permission>
+    <permission csid="bcbb0602-6e00-4518-9960-3e36f9ac6094">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /personauthorities/*/items/*/refobjs
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.584</createdAt>
+    </permission>
+    <permission csid="801faebf-e2f2-4717-a525-fa4dfa63caf8">
+        <description>generated readonly permission</description>
+        <resourceName>persons</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.584</createdAt>
+    </permission>
+    <permission csid="c0bef2ce-625f-4bea-b337-1269af2fdea8">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /personauthorities/*/items/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.584</createdAt>
+    </permission>
+    <permission csid="eba34232-cdac-42ad-9b88-2aa9492ec802">
+        <description>generated readonly permission</description>
+        <resourceName>locationauthorities</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.585</createdAt>
+    </permission>
+    <permission csid="b9ae3884-8b18-467b-8caf-aaddfe87f968">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /locationauthorities/*/items/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.585</createdAt>
+    </permission>
+    <permission csid="6401c854-599a-4564-8097-d0ec9c58af3b">
+        <description>generated readonly permission</description>
+        <resourceName>locations</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.585</createdAt>
+    </permission>
+    <permission csid="e505a806-30fd-48e4-a1b0-3345291561a3">
+        <description>generated readonly permission</description>
+        <resourceName>acquisitions</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.586</createdAt>
+    </permission>
+    <permission csid="236a919f-8e24-43bd-b3d5-f58640f24490">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /acquisitions/*/authorityrefs/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.586</createdAt>
+    </permission>
+    <permission csid="6701f7a9-5021-43e2-a5ca-62ccf523809c">
+        <description>generated readonly permission</description>
+        <resourceName>relations</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.586</createdAt>
+    </permission>
+    <permission csid="62ca97b4-15e6-4008-b656-c0d92126d6d8">
+        <description>generated readonly permission</description>
+        <resourceName>
+                relations/subject/*/type/*/object/*
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.586</createdAt>
+    </permission>
+    <permission csid="dbc19509-8d72-4f1b-8532-9d81969c2f3a">
+        <description>generated readonly permission</description>
+        <resourceName>accounts</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.587</createdAt>
+    </permission>
+    <permission csid="cf88e815-051d-42ca-b443-5fbc3e3e8e65">
+        <description>generated readonly permission</description>
+        <resourceName>dimensions</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.587</createdAt>
+    </permission>
+    <permission csid="bf943992-5e0f-48c8-848d-b024452b69c7">
+        <description>generated readonly permission</description>
+        <resourceName>contacts</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.587</createdAt>
+    </permission>
+    <permission csid="89db9711-8197-48ec-9355-560263b01863">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /personauthorities/*/items/*/contacts
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.588</createdAt>
+    </permission>
+    <permission csid="ce012cfd-51a2-4f4b-a26e-8fcc9da79ee4">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /orgauthorities/*/items/*/contacts
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.588</createdAt>
+    </permission>
+    <permission csid="790576d7-7870-4989-8084-b2e7acfe568b">
+        <description>generated readonly permission</description>
+        <resourceName>notes</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.588</createdAt>
+    </permission>
+    <permission csid="63d9ee17-a98e-455a-9bc6-c8f4e3237850">
+        <description>generated readonly permission</description>
+        <resourceName>authorization/roles</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.588</createdAt>
+    </permission>
+    <permission csid="14696853-077b-4396-a27d-7fdf229f2848">
+        <description>generated readonly permission</description>
+        <resourceName>authorization/permissions</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.589</createdAt>
+    </permission>
+    <permission csid="b0b79cce-a76b-441d-ba79-eaea8793e1eb">
+        <description>generated readonly permission</description>
+        <resourceName>authorization/permissions/permroles</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.589</createdAt>
+    </permission>
+    <permission csid="b6e31c70-cf71-429a-b286-5c5f331dce8d">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /authorization/permissions/*/permroles/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.589</createdAt>
+    </permission>
+    <permission csid="6c232793-eb79-4144-a7b6-a3a817777406">
+        <description>generated readonly permission</description>
+        <resourceName>accounts/accountroles</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.589</createdAt>
+    </permission>
+    <permission csid="08714948-5e03-412b-8ad6-01cbf422dc67">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /accounts/*/accountroles/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.590</createdAt>
+    </permission>
+    <permission csid="7ca1de99-c776-4f7a-a111-474d97dc6a7d">
+        <description>generated readonly permission</description>
+        <resourceName>authorization/roles/permroles</resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.590</createdAt>
+    </permission>
+    <permission csid="d4b21996-d23a-4311-9058-f9fab6295dcf">
+        <description>generated readonly permission</description>
+        <resourceName>
+                /authorization/roles/*/permroles/
+            </resourceName>
+        <action>
+            <name>READ</name>
+        </action>
+        <action>
+            <name>SEARCH</name>
+        </action>
+        <effect>PERMIT</effect>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.590</createdAt>
     </permission>
-    <permission csid="da5253a4-471f-4ada-9d7d-8f1a9a747647">
+    <permission csid="f57b3714-0f15-49c6-8f9c-5d6546aed9fe">
         <description>generated readonly permission</description>
         <resourceName>idgenerators</resourceName>
         <action>
@@ -1087,9 +2816,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.408</createdAt>
+        <createdAt>2010-06-07T16:22:53.603</createdAt>
     </permission>
-    <permission csid="4d524373-a5df-45e2-aec6-2e214f08431e">
+    <permission csid="feb6a75f-e192-4a8f-9104-f66feabece26">
         <description>generated readonly permission</description>
         <resourceName>id</resourceName>
         <action>
@@ -1100,9 +2829,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.408</createdAt>
+        <createdAt>2010-06-07T16:22:53.603</createdAt>
     </permission>
-    <permission csid="c757f1c4-3282-4055-b0e1-2c818fec709b">
+    <permission csid="868d985f-ffed-4696-a617-633a4deff71d">
         <description>generated readonly permission</description>
         <resourceName>
                 /idgenerators/*/ids
@@ -1115,9 +2844,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.409</createdAt>
+        <createdAt>2010-06-07T16:22:53.604</createdAt>
     </permission>
-    <permission csid="e383a971-0335-41da-88e6-f7625303f186">
+    <permission csid="e0410bfd-8d52-4a84-a095-52dcc3dc0c3b">
         <description>generated readonly permission</description>
         <resourceName>collectionobjects</resourceName>
         <action>
@@ -1128,9 +2857,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.409</createdAt>
+        <createdAt>2010-06-07T16:22:53.604</createdAt>
     </permission>
-    <permission csid="b2c49fb3-fb34-4425-86c7-73c48873a983">
+    <permission csid="6520ad4c-8684-4e00-878b-6df751a3c7bd">
         <description>generated readonly permission</description>
         <resourceName>
                 /collectionobjects/*/authorityrefs/
@@ -1143,9 +2872,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.410</createdAt>
+        <createdAt>2010-06-07T16:22:53.604</createdAt>
     </permission>
-    <permission csid="2ac4ace4-20f8-4a5f-b984-4753e5452a87">
+    <permission csid="c193854c-7f5f-42ea-ada1-4a2b2e3e2ff1">
         <description>generated readonly permission</description>
         <resourceName>intakes</resourceName>
         <action>
@@ -1156,9 +2885,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.410</createdAt>
+        <createdAt>2010-06-07T16:22:53.604</createdAt>
     </permission>
-    <permission csid="64af5fcc-a57d-4fa6-820c-4ab857a46590">
+    <permission csid="135ad3f1-723a-44b6-9944-7bc05b3f11bf">
         <description>generated readonly permission</description>
         <resourceName>
                 /intakes/*/authorityrefs/
@@ -1171,9 +2900,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.410</createdAt>
+        <createdAt>2010-06-07T16:22:53.605</createdAt>
     </permission>
-    <permission csid="0258eabe-02d3-494c-b405-30e3463a2feb">
+    <permission csid="9e1d52c2-655d-412d-a596-071bd1ebab23">
         <description>generated readonly permission</description>
         <resourceName>loansin</resourceName>
         <action>
@@ -1184,9 +2913,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.411</createdAt>
+        <createdAt>2010-06-07T16:22:53.605</createdAt>
     </permission>
-    <permission csid="ae5f5fab-7205-4b92-932f-857b68c5d4b5">
+    <permission csid="8232653e-e330-4761-b1af-b29feb4c15c9">
         <description>generated readonly permission</description>
         <resourceName>
                 /loansin/*/authorityrefs/
@@ -1199,9 +2928,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.411</createdAt>
+        <createdAt>2010-06-07T16:22:53.605</createdAt>
     </permission>
-    <permission csid="9e8b0907-e262-42f9-a4da-6e0bf6493e5a">
+    <permission csid="d2673bf9-f3f5-419f-b317-a7b6198fe397">
         <description>generated readonly permission</description>
         <resourceName>loansout</resourceName>
         <action>
@@ -1212,9 +2941,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.411</createdAt>
+        <createdAt>2010-06-07T16:22:53.605</createdAt>
     </permission>
-    <permission csid="b46b29bc-1795-4e3e-a247-59e23742b705">
+    <permission csid="cd7ffe2f-c0c2-4b56-87ed-4bb48816af01">
         <description>generated readonly permission</description>
         <resourceName>
                 /loansout/*/authorityrefs/
@@ -1227,9 +2956,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.412</createdAt>
+        <createdAt>2010-06-07T16:22:53.606</createdAt>
     </permission>
-    <permission csid="f90c5454-58e9-4b32-a8e4-03b80ed6f58e">
+    <permission csid="82ac6bf4-2477-4e40-acef-86437520cb0c">
         <description>generated readonly permission</description>
         <resourceName>movements</resourceName>
         <action>
@@ -1240,9 +2969,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.412</createdAt>
+        <createdAt>2010-06-07T16:22:53.606</createdAt>
     </permission>
-    <permission csid="e7c31362-9bb7-48a4-a324-63e84401df30">
+    <permission csid="6740393d-3d35-4563-9a57-841b5d34d71e">
         <description>generated readonly permission</description>
         <resourceName>
                 /movements/*/authorityrefs/
@@ -1255,9 +2984,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.412</createdAt>
+        <createdAt>2010-06-07T16:22:53.606</createdAt>
     </permission>
-    <permission csid="90f3a12c-0ac1-417b-942e-88f2b11383b7">
+    <permission csid="8542668f-4e4c-41c2-abb3-49c5ae219e7e">
         <description>generated readonly permission</description>
         <resourceName>vocabularies</resourceName>
         <action>
@@ -1268,9 +2997,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.413</createdAt>
+        <createdAt>2010-06-07T16:22:53.606</createdAt>
     </permission>
-    <permission csid="c961fc05-1a2c-4890-88b4-42757378e323">
+    <permission csid="18e6b306-3777-4a5e-a7a6-c22f3c5cb4a4">
         <description>generated readonly permission</description>
         <resourceName>vocabularyitems</resourceName>
         <action>
@@ -1281,9 +3010,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.413</createdAt>
+        <createdAt>2010-06-07T16:22:53.606</createdAt>
     </permission>
-    <permission csid="4d13ef59-1443-40ee-8e45-9892c83ec9a1">
+    <permission csid="67a1bca5-1ba1-48a9-8687-78fe37c9d1aa">
         <description>generated readonly permission</description>
         <resourceName>
                 /vocabularies/*/items/
@@ -1296,9 +3025,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.414</createdAt>
+        <createdAt>2010-06-07T16:22:53.607</createdAt>
     </permission>
-    <permission csid="6caa049b-25cc-486c-935f-bf215d550bcd">
+    <permission csid="318a9d0c-56c7-43fc-8813-bf365fe05a3e">
         <description>generated readonly permission</description>
         <resourceName>orgauthorities</resourceName>
         <action>
@@ -1309,9 +3038,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.414</createdAt>
+        <createdAt>2010-06-07T16:22:53.607</createdAt>
     </permission>
-    <permission csid="08c36f8b-2432-44c4-a1dd-cba8c8ea53e5">
+    <permission csid="b40ab1e0-b3bc-4508-9876-4d6cf749c015">
         <description>generated readonly permission</description>
         <resourceName>
                 /orgauthorities/*/items/*/authorityrefs/
@@ -1324,9 +3053,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.414</createdAt>
+        <createdAt>2010-06-07T16:22:53.607</createdAt>
     </permission>
-    <permission csid="c0149cbb-a984-4e32-8302-c045a3e82bf2">
+    <permission csid="8cd27f28-e78d-426c-8de3-13c1c094e233">
         <description>generated readonly permission</description>
         <resourceName>organizations</resourceName>
         <action>
@@ -1337,9 +3066,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.415</createdAt>
+        <createdAt>2010-06-07T16:22:53.608</createdAt>
     </permission>
-    <permission csid="b2e0c247-9e3b-4bf3-a956-8b98a8505263">
+    <permission csid="5db30553-7d72-486a-bd40-81300ea9a2c4">
         <description>generated readonly permission</description>
         <resourceName>
                 /orgauthorities/*/items/
@@ -1352,9 +3081,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.415</createdAt>
+        <createdAt>2010-06-07T16:22:53.608</createdAt>
     </permission>
-    <permission csid="35cb8d8b-4309-4177-9c1c-157dbeb36f5d">
+    <permission csid="36f8ae51-bf94-4e83-8f32-d6d1e4c9bb8d">
         <description>generated readonly permission</description>
         <resourceName>
                 /orgauthorities/*/items/*/refobjs
@@ -1367,9 +3096,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.415</createdAt>
+        <createdAt>2010-06-07T16:22:53.608</createdAt>
     </permission>
-    <permission csid="c890f437-7356-4bcd-b5b1-0e36b13e6358">
+    <permission csid="478f0ebb-3a5f-489d-91b0-aa1f55a40a39">
         <description>generated readonly permission</description>
         <resourceName>personauthorities</resourceName>
         <action>
@@ -1380,9 +3109,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.416</createdAt>
+        <createdAt>2010-06-07T16:22:53.608</createdAt>
     </permission>
-    <permission csid="778904e1-8b67-4ace-af24-8b756385ce80">
+    <permission csid="5e3e98ed-61bb-41f5-abee-ad71c019f5bc">
         <description>generated readonly permission</description>
         <resourceName>
                 /personauthorities/*/items/
@@ -1395,9 +3124,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.416</createdAt>
+        <createdAt>2010-06-07T16:22:53.608</createdAt>
     </permission>
-    <permission csid="d531417d-b61b-471c-90ff-f21969f00e4c">
+    <permission csid="ede401ec-4976-4304-a1ba-d79e87fc37eb">
         <description>generated readonly permission</description>
         <resourceName>
                 /personauthorities/*/items/*/refobjs
@@ -1410,9 +3139,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.417</createdAt>
+        <createdAt>2010-06-07T16:22:53.609</createdAt>
     </permission>
-    <permission csid="46581f00-1338-417d-9ff5-1250a8eb5e3c">
+    <permission csid="837272f1-c53e-4c92-b27d-3c669b054bbd">
         <description>generated readonly permission</description>
         <resourceName>persons</resourceName>
         <action>
@@ -1423,9 +3152,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.417</createdAt>
+        <createdAt>2010-06-07T16:22:53.609</createdAt>
     </permission>
-    <permission csid="b707073a-6c2f-4bc5-b8b2-800be7cc17ec">
+    <permission csid="bf13ee0d-09fa-4311-9ccf-9a353577fe8b">
         <description>generated readonly permission</description>
         <resourceName>
                 /personauthorities/*/items/
@@ -1438,9 +3167,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.417</createdAt>
+        <createdAt>2010-06-07T16:22:53.609</createdAt>
     </permission>
-    <permission csid="88832e9b-0f62-406e-8a64-ea61d53153ed">
+    <permission csid="e8679b1f-857a-463f-a1f3-4cc8c4103061">
         <description>generated readonly permission</description>
         <resourceName>locationauthorities</resourceName>
         <action>
@@ -1451,9 +3180,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.418</createdAt>
+        <createdAt>2010-06-07T16:22:53.610</createdAt>
     </permission>
-    <permission csid="5b8c3d7d-f027-4675-9edf-1f7733ce360d">
+    <permission csid="8d56f355-564d-432a-8bda-82bebb55e55a">
         <description>generated readonly permission</description>
         <resourceName>
                 /locationauthorities/*/items/
@@ -1466,9 +3195,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.418</createdAt>
+        <createdAt>2010-06-07T16:22:53.610</createdAt>
     </permission>
-    <permission csid="a73bebb8-d109-4fbd-aa29-f71766eac61a">
+    <permission csid="39530279-1540-4768-8def-6a3b1cee4990">
         <description>generated readonly permission</description>
         <resourceName>locations</resourceName>
         <action>
@@ -1479,9 +3208,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.418</createdAt>
+        <createdAt>2010-06-07T16:22:53.610</createdAt>
     </permission>
-    <permission csid="7d6dcff6-167f-4634-a35d-ec635e34fc60">
+    <permission csid="06cca12d-2a18-4303-a972-e4ce3d094d30">
         <description>generated readonly permission</description>
         <resourceName>acquisitions</resourceName>
         <action>
@@ -1492,9 +3221,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.419</createdAt>
+        <createdAt>2010-06-07T16:22:53.610</createdAt>
     </permission>
-    <permission csid="2007cc99-7208-4238-9792-bceb5df78733">
+    <permission csid="65b4803b-8697-4669-995b-d1f5eba17a86">
         <description>generated readonly permission</description>
         <resourceName>
                 /acquisitions/*/authorityrefs/
@@ -1507,9 +3236,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.419</createdAt>
+        <createdAt>2010-06-07T16:22:53.611</createdAt>
     </permission>
-    <permission csid="94594f80-9ae2-4f51-b1f1-21e49bca2f5e">
+    <permission csid="1d87e6a3-d770-4f63-8e29-ecb312f91157">
         <description>generated readonly permission</description>
         <resourceName>relations</resourceName>
         <action>
@@ -1520,9 +3249,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.419</createdAt>
+        <createdAt>2010-06-07T16:22:53.611</createdAt>
     </permission>
-    <permission csid="e75b9dd6-737a-43cd-b847-c8effa3d6055">
+    <permission csid="39ed698e-3474-4f7d-83d5-0105078cb21f">
         <description>generated readonly permission</description>
         <resourceName>
                 relations/subject/*/type/*/object/*
@@ -1535,9 +3264,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.420</createdAt>
+        <createdAt>2010-06-07T16:22:53.611</createdAt>
     </permission>
-    <permission csid="da6da169-41d0-4f7f-a246-e7a9c96967de">
+    <permission csid="d4b62feb-53f4-4aac-bc50-e30e5130ec98">
         <description>generated readonly permission</description>
         <resourceName>accounts</resourceName>
         <action>
@@ -1548,9 +3277,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.420</createdAt>
+        <createdAt>2010-06-07T16:22:53.611</createdAt>
     </permission>
-    <permission csid="8b1fc4c6-1610-490d-8972-17ac113b36d9">
+    <permission csid="0a047c4c-1c78-47fb-b951-70912934cab7">
         <description>generated readonly permission</description>
         <resourceName>dimensions</resourceName>
         <action>
@@ -1561,9 +3290,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.421</createdAt>
+        <createdAt>2010-06-07T16:22:53.612</createdAt>
     </permission>
-    <permission csid="97455f0e-2064-4667-9bfe-540a05b571ae">
+    <permission csid="50ee8add-45ef-4643-8aa7-1d144d0d4cb9">
         <description>generated readonly permission</description>
         <resourceName>contacts</resourceName>
         <action>
@@ -1574,9 +3303,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.421</createdAt>
+        <createdAt>2010-06-07T16:22:53.612</createdAt>
     </permission>
-    <permission csid="10655b0e-d168-4ac5-96fc-5ff88621aaee">
+    <permission csid="b015754f-2d5d-454a-8403-b3e49f51cc5b">
         <description>generated readonly permission</description>
         <resourceName>
                 /personauthorities/*/items/*/contacts
@@ -1589,9 +3318,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.421</createdAt>
+        <createdAt>2010-06-07T16:22:53.613</createdAt>
     </permission>
-    <permission csid="1209a058-b37e-438d-906a-03bc49a4928c">
+    <permission csid="430e88e1-cae6-4dea-82bd-34b17fda7ae3">
         <description>generated readonly permission</description>
         <resourceName>
                 /orgauthorities/*/items/*/contacts
@@ -1604,9 +3333,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.422</createdAt>
+        <createdAt>2010-06-07T16:22:53.613</createdAt>
     </permission>
-    <permission csid="eb97ccdf-daaa-436e-bd40-f86e3d7dc8d0">
+    <permission csid="fc1db1b6-1fd9-439e-871d-bcb6f41bb5ca">
         <description>generated readonly permission</description>
         <resourceName>notes</resourceName>
         <action>
@@ -1617,9 +3346,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.422</createdAt>
+        <createdAt>2010-06-07T16:22:53.613</createdAt>
     </permission>
-    <permission csid="655fb068-d229-47e0-b636-48e53217d070">
+    <permission csid="beea8fd0-de64-40ab-a620-f8fb571e39b4">
         <description>generated readonly permission</description>
         <resourceName>authorization/roles</resourceName>
         <action>
@@ -1630,9 +3359,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.422</createdAt>
+        <createdAt>2010-06-07T16:22:53.613</createdAt>
     </permission>
-    <permission csid="556204b7-df13-40fe-8185-ac4e9924a033">
+    <permission csid="87eb9947-f5e7-47fd-8972-dc24cf9d2ae1">
         <description>generated readonly permission</description>
         <resourceName>authorization/permissions</resourceName>
         <action>
@@ -1643,9 +3372,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.423</createdAt>
+        <createdAt>2010-06-07T16:22:53.614</createdAt>
     </permission>
-    <permission csid="3d5ecccd-37a5-4185-88b3-66aa1def43b5">
+    <permission csid="38b681d4-1090-474a-addc-43b03f2fdd1b">
         <description>generated readonly permission</description>
         <resourceName>authorization/permissions/permroles</resourceName>
         <action>
@@ -1656,9 +3385,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.423</createdAt>
+        <createdAt>2010-06-07T16:22:53.614</createdAt>
     </permission>
-    <permission csid="049d792a-f1c7-42de-8d88-c09a1143340f">
+    <permission csid="dd6497fb-e4af-4732-b39e-27c8f8cf5b89">
         <description>generated readonly permission</description>
         <resourceName>
                 /authorization/permissions/*/permroles/
@@ -1671,9 +3400,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.423</createdAt>
+        <createdAt>2010-06-07T16:22:53.614</createdAt>
     </permission>
-    <permission csid="b85355db-2c33-4469-bb27-bf4fb1ac4039">
+    <permission csid="538889df-13ce-4df5-a204-a0c58db6a544">
         <description>generated readonly permission</description>
         <resourceName>accounts/accountroles</resourceName>
         <action>
@@ -1684,9 +3413,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.424</createdAt>
+        <createdAt>2010-06-07T16:22:53.614</createdAt>
     </permission>
-    <permission csid="ce37cf6c-a550-49de-9bdf-0ede7cafb617">
+    <permission csid="7f9ba507-8419-4227-86af-9819a568a56b">
         <description>generated readonly permission</description>
         <resourceName>
                 /accounts/*/accountroles/
@@ -1699,9 +3428,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.424</createdAt>
+        <createdAt>2010-06-07T16:22:53.615</createdAt>
     </permission>
-    <permission csid="e1af00a3-a7c9-441f-a48c-f9698f47298a">
+    <permission csid="c3e42f4f-a2f5-4cd8-afb5-7872f218fa18">
         <description>generated readonly permission</description>
         <resourceName>authorization/roles/permroles</resourceName>
         <action>
@@ -1712,9 +3441,9 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.424</createdAt>
+        <createdAt>2010-06-07T16:22:53.615</createdAt>
     </permission>
-    <permission csid="8fc74578-d253-4eb7-a0e3-43bc70a88a62">
+    <permission csid="17df84a4-d06d-4b57-bb75-15e84a04bf10">
         <description>generated readonly permission</description>
         <resourceName>
                 /authorization/roles/*/permroles/
@@ -1727,6 +3456,6 @@
         </action>
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.424</createdAt>
+        <createdAt>2010-06-07T16:22:53.615</createdAt>
     </permission>
 </ns2:permissions_list>

diff --git a/services/authorization-mgt/import/src/main/resources/import-data/import-roles.xml b/services/authorization-mgt/import/src/main/resources/import-data/import-roles.xml
index 6f91dec3c6738510af7555e3b6caaa60b73f8d35..d09c502d8843611576f534483e3d6e2f588ae049 100644 (file)
--- a/services/authorization-mgt/import/src/main/resources/import-data/import-roles.xml
+++ b/services/authorization-mgt/import/src/main/resources/import-data/import-roles.xml
@@ -1,15 +1,27 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <ns2:roles_list xmlns:ns2="http://collectionspace.org/services/authorization">
-    <role csid="ad3a2b4c-ef74-47f0-bdb0-f6a906acd370">
+    <role csid="01b70ec2-e1f7-4700-91a4-0c425585031a">
+        <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
+        <description>generated tenant admin role</description>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.545</createdAt>
+    </role>
+    <role csid="5addeec3-3206-43db-a164-9e529471cf91">
         <roleName>ROLE_TENANT_ADMINISTRATOR</roleName>
         <description>generated tenant admin role</description>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.372</createdAt>
+        <createdAt>2010-06-07T16:22:53.558</createdAt>
+    </role>
+    <role csid="5ef01b97-7fe0-4c8d-a3e9-a8db8f530ec6">
+        <roleName>ROLE_TENANT_READER</roleName>
+        <description>generated tenant read only role</description>
+        <tenant_id>2</tenant_id>
+        <createdAt>2010-06-07T16:22:53.557</createdAt>
     </role>
-    <role csid="25f537c9-a213-41de-97f0-18524d5f4eb2">
+    <role csid="73eb01c2-fde2-46c3-8032-1803db242575">
         <roleName>ROLE_TENANT_READER</roleName>
         <description>generated tenant read only role</description>
         <tenant_id>1</tenant_id>
-        <createdAt>2010-06-04T14:14:37.386</createdAt>
+        <createdAt>2010-06-07T16:22:53.558</createdAt>
     </role>
 </ns2:roles_list>

diff --git a/services/authorization-mgt/import/src/main/resources/log4j.properties b/services/authorization-mgt/import/src/main/resources/log4j.properties
index 60709b206f07df462e6659033852824db4cd4e29..9963ddb4c093d57dd750d1d9540355e58ecddcf2 100644 (file)
--- a/services/authorization-mgt/import/src/main/resources/log4j.properties
+++ b/services/authorization-mgt/import/src/main/resources/log4j.properties
@@ -18,9 +18,11 @@ log4j.appender.R.layout.ConversionPattern=%d %-5p [%t] [%c:%L] %m%n
 \r
 #packages\r
 log4j.logger.org.collectionspace=DEBUG\r
+log4j.logger.org.collectionspace.services.authorization.spring=INFO\r
 log4j.logger.org.apache=INFO\r
 log4j.logger.httpclient=INFO\r
 log4j.logger.org.jboss.resteasy=INFO\r
+log4j.logger.hibernate=WARN\r
 log4j.logger.org.hibernate=WARN\r
 log4j.logger.org.hibernate.cfg=WARN\r
 log4j.logger.org.springframework=INFO\r

diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java
index fd80d8cd67658209b39ae9e760a6255305e363d7..d2b16e465ca162a45c684bfc78f48762f4e74e5d 100644 (file)
--- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java
+++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java
@@ -55,9 +55,7 @@ public class PermissionDocumentHandler
         String id = UUID.randomUUID().toString();
         Permission permission = wrapDoc.getWrappedObject();
         permission.setCsid(id);
-        //FIXME: if admin updating the permission is a CS admin rather than
-        //the tenant admin, tenant id should be retrieved from the request
-        permission.setTenantId(getServiceContext().getTenantId());
+        setTenant(permission);
     }
 
     @Override
@@ -201,4 +199,11 @@ public class PermissionDocumentHandler
     private void sanitize(Permission permission) {
         permission.setTenantId(null);
     }
+
+    private void setTenant(Permission permission) {
+        //set tenant only if not available from input
+        if (permission.getTenantId() == null || permission.getTenantId().isEmpty()) {
+            permission.setTenantId(getServiceContext().getTenantId());
+        }
+    }
 }

diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java
index 871e243274d54f6fe3d77bba9250aaa82621d37c..0171d0325752db8ca455f372a4e378638bc1eecd 100644 (file)
--- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java
+++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/RoleDocumentHandler.java
@@ -56,9 +56,7 @@ public class RoleDocumentHandler
         Role role = wrapDoc.getWrappedObject();
         role.setRoleName(fixRoleName(role.getRoleName()));
         role.setCsid(id);
-        //FIXME: if admin updating the role is a CS admin rather than
-        //the tenant admin, tenant id should be retrieved from the request
-        role.setTenantId(getServiceContext().getTenantId());
+        setTenant(role);
     }
 
     @Override
@@ -193,4 +191,11 @@ public class RoleDocumentHandler
         }
         return roleName;
     }
+
+    private void setTenant(Role role) {
+        //set tenant only if not available from input
+        if (role.getTenantId() == null || role.getTenantId().isEmpty()) {
+            role.setTenantId(getServiceContext().getTenantId());
+        }
+    }
 }

diff --git a/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql b/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql
index 8648e1fd488e016ed6c07e0082794bfc2bdc5d7a..226cf5f27d28018c7f908b8ef83cd913b010df8d 100644 (file)
--- a/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql
+++ b/services/authorization/pstore/src/main/resources/db/mysql/test_authorization.sql
@@ -5,15 +5,17 @@
 --\r
 use cspace;\r
 \r
-insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('1', 'ROLE_ADMINISTRATOR', 'CollectionSpace Administrator', '2010-02-17 16:31:48', '0');\r
-insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('2', 'ROLE_USERS', 'a role for security testing', '2010-02-17 16:31:48', '1');\r
+insert into `roles` (`csid`, `rolename`, `rolegroup`, `created_at`, `tenant_id`) values ('1', 'ROLE_ADMINISTRATOR', 'CollectionSpace Administrator', now(), '0');\r
 \r
-insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('eeca40d7-dc77-4cc5-b489-16a53c75525a', 'test', '1', 'ROLE_ADMINISTRATOR', '2010-02-17 16:31:48');\r
-insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('eeca40d7-dc77-4cc5-b489-16a53c75525a', 'test', '2', 'ROLE_USERS', '2010-02-17 16:31:48');\r
+-- for default test account --\r
+insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('eeca40d7-dc77-4cc5-b489-16a53c75525a', 'test', '1', 'ROLE_ADMINISTRATOR', now());\r
 \r
 -- Additional account introduced during integration on release 0.6, and currently relied upon by the Application Layer.\r
-insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('251f98f3-0292-4f3e-aa95-455314050e1b', 'test@collectionspace.org', '1', 'ROLE_ADMINISTRATOR', '2010-05-03 12:35:00');\r
+insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('251f98f3-0292-4f3e-aa95-455314050e1b', 'test@collectionspace.org', '1', 'ROLE_ADMINISTRATOR', now());\r
+\r
+-- test account for pahma --\r
+insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('ff2b4440-ed0d-4892-adb4-b6999eba3ae7', 'test-pahma', '1', 'ROLE_ADMINISTRATOR', now());\r
 \r
 -- todo: barney is created in security test but accountrole is not yet created there, so add fake account id\r
-insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('1', 'barney', '2', 'ROLE_USERS', '2010-02-17 16:31:48');\r
+insert into `accounts_roles`(`account_id`, `user_id`, `role_id`, `role_name`, `created_at`) values ('1', 'barney', '2', 'ROLE_USERS', now());\r
 \r

diff --git a/services/client/src/main/java/org/collectionspace/services/client/AbstractServiceClientImpl.java b/services/client/src/main/java/org/collectionspace/services/client/AbstractServiceClientImpl.java
index 1b5b5c369924b68b9f13582246dd52ac7d43b8df..d90f305b833606452b8fada283c934f23b52b205 100644 (file)
--- a/services/client/src/main/java/org/collectionspace/services/client/AbstractServiceClientImpl.java
+++ b/services/client/src/main/java/org/collectionspace/services/client/AbstractServiceClientImpl.java
@@ -232,6 +232,10 @@ public abstract class AbstractServiceClientImpl implements
             if (password != null && !"".equals(password)) {\r
                 properties.setProperty(PASSWORD_PROPERTY, password);\r
             }\r
+            String tenant = System.getProperty(TENANT_PROPERTY);\r
+            if (tenant != null && !"".equals(tenant)) {\r
+                properties.setProperty(TENANT_PROPERTY, tenant);\r
+            }\r
             if (logger.isDebugEnabled()) {\r
                 printProperties();\r
             }\r

diff --git a/services/client/src/main/java/org/collectionspace/services/client/CollectionSpaceClient.java b/services/client/src/main/java/org/collectionspace/services/client/CollectionSpaceClient.java
index d17653618bacc782915e175a3c1df7818f51f230..3932f5097f77f6133320d533ce34ad5ece4afaf7 100644 (file)
--- a/services/client/src/main/java/org/collectionspace/services/client/CollectionSpaceClient.java
+++ b/services/client/src/main/java/org/collectionspace/services/client/CollectionSpaceClient.java
@@ -33,16 +33,18 @@ import org.jboss.resteasy.client.ClientResponse;
  */
 public interface CollectionSpaceClient {
 
-    /** The AUT h_ property. */
+    /** The AUTH property. */
     String AUTH_PROPERTY = "cspace.auth";
-    /** The PASSWOR d_ property. */
+    /** The PASSWORD property. */
     String PASSWORD_PROPERTY = "cspace.password";
-    /** The SS l_ property. */
+    /** The SSL property. */
     String SSL_PROPERTY = "cspace.ssl";
-    /** The UR l_ property. */
+    /** The URL property. */
     String URL_PROPERTY = "cspace.url";
-    /** The USE r_ property. */
+    /** The USER property. */
     String USER_PROPERTY = "cspace.user";
+    /** The tenant property */
+    String TENANT_PROPERTY = "cspace.tenant";
 
     /**
      * Gets the proxy.
@@ -147,8 +149,8 @@ public interface CollectionSpaceClient {
      * @return the client response
      */
     public ClientResponse<AbstractCommonList> readList(String pageSize,
-               String pageNumber);
-    
+            String pageNumber);
+
     /**
      * Delete.
      *
@@ -156,5 +158,4 @@ public interface CollectionSpaceClient {
      * @return the client response
      */
     public ClientResponse<Response> delete(String csid);
-
 }

diff --git a/services/client/src/main/resources/collectionspace-client.properties b/services/client/src/main/resources/collectionspace-client.properties
index 28b7c103e484864025c11cebd05e221a6735fde3..96bbe181d5b712429999398ab29a439910f3a1ad 100644 (file)
--- a/services/client/src/main/resources/collectionspace-client.properties
+++ b/services/client/src/main/resources/collectionspace-client.properties
@@ -2,5 +2,9 @@
 cspace.url=http://localhost:8180/cspace-services/\r
 cspace.ssl=false\r
 cspace.auth=true\r
+# default user\r
 cspace.user=test\r
-cspace.password=test
\ No newline at end of file
+#cspace.user=test-pahma\r
+cspace.password=test\r
+# default tenant\r
+cspace.tenant=1
\ No newline at end of file

diff --git a/services/common/src/main/config/services/service-config.xml b/services/common/src/main/config/services/service-config.xml
index 910d50fa4814ae2964a941c3df158a8586fecff3..06b54323877e596ae324d66bdda57e62aa2f6947 100644 (file)
--- a/services/common/src/main/config/services/service-config.xml
+++ b/services/common/src/main/config/services/service-config.xml
@@ -10,9 +10,9 @@
 -->
 
 <svc:service-config  xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
-   xmlns:svc='http://collectionspace.org/services/common'
-        xmlns:types='http://collectionspace.org/services/common/types'
-   xsi:schemaLocation='http://collectionspace.org/services/common ../resources/common.xsd'>
+                     xmlns:svc='http://collectionspace.org/services/common'
+                     xmlns:types='http://collectionspace.org/services/common/types'
+                     xsi:schemaLocation='http://collectionspace.org/services/common ../resources/common.xsd'>
 
     <!-- name of the repository client is referred in each service binding -->
     <repository-client name="nuxeo-java" default="true">
@@ -24,9 +24,9 @@
         <password>Administrator</password>
         <client-type>java</client-type>
         <client-class>org.collectionspace.services.nuxeo.client.java.RepositoryJavaClientImpl</client-class>
-                               <properties>
-                                       <types:item><types:key>pageSizeDefault</types:key><types:value>40</types:value></types:item>
-                               </properties>           
+        <properties>
+            <types:item><types:key>pageSizeDefault</types:key><types:value>40</types:value></types:item>
+        </properties>
     </repository-client>
 
 

diff --git a/services/common/src/main/config/services/tenant-bindings.xml b/services/common/src/main/config/services/tenant-bindings.xml
index f4f82470bcdf6048cedc183151f414ff6cd9da3a..53834aef31b2f50374deefd277643213aff44a54 100644 (file)
--- a/services/common/src/main/config/services/tenant-bindings.xml
+++ b/services/common/src/main/config/services/tenant-bindings.xml
@@ -12,7 +12,8 @@
     >
     <!-- begin movingimages.us tenant meta-data -->
     <tenant:tenantBinding
-        id="1" name="movingimage.us" displayName="Museum of Moving Images" version="0.1" repositoryDomain="default-domain">
+        id="1" name="movingimage.us" displayName="Museum of Moving Images" version="0.1">
+        <tenant:repositoryDomain name="default-domain" repositoryClient="nuxeo-java"/>
         <!-- begin idgenerators service meta-data -->
         <tenant:serviceBindings name="idgenerators" version="0.1">
             <!-- other URI paths using which this service could be accessed -->
@@ -32,9 +33,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /collectionobjects/*/authorityrefs/
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.collectionobject.nuxeo.CollectionObjectDocumentModelHandler
             </service:documentHandler>
@@ -93,9 +94,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /intakes/*/authorityrefs/
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.intake.nuxeo.IntakeDocumentModelHandler
             </service:documentHandler>
@@ -146,9 +147,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /loansin/*/authorityrefs/
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.loanin.nuxeo.LoaninDocumentModelHandler
             </service:documentHandler>
@@ -197,9 +198,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /loansout/*/authorityrefs/
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.loanout.nuxeo.LoanoutDocumentModelHandler
             </service:documentHandler>
@@ -243,9 +244,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /movements/*/authorityrefs/
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.movement.nuxeo.MovementDocumentModelHandler
             </service:documentHandler>
@@ -286,9 +287,9 @@
         <tenant:serviceBindings name="Vocabularies" version="0.1">
             <!-- other URI paths using which this service could be accessed -->
 
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.vocabulary.nuxeo.VocabularyDocumentModelHandler
             </service:documentHandler>
@@ -327,9 +328,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /vocabularies/*/items/
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.vocabulary.nuxeo.VocabularyItemDocumentModelHandler
             </service:documentHandler>
@@ -367,9 +368,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /orgauthorities/*/items/*/authorityrefs/
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.organization.nuxeo.OrgAuthorityDocumentModelHandler
             </service:documentHandler>
@@ -410,9 +411,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /orgauthorities/*/items/*/refObjs
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.organization.nuxeo.OrganizationDocumentModelHandler
             </service:documentHandler>
@@ -457,9 +458,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /personauthorities/*/items/*/refObjs
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.person.nuxeo.PersonAuthorityDocumentModelHandler
             </service:documentHandler>
@@ -497,9 +498,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /personauthorities/*/items/
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.person.nuxeo.PersonDocumentModelHandler
             </service:documentHandler>
@@ -537,9 +538,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /locationauthorities/*/items/
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.location.nuxeo.LocationAuthorityDocumentModelHandler
             </service:documentHandler>
@@ -573,9 +574,9 @@
                         Repository workspace so we have to configure that.
         -->
         <tenant:serviceBindings name="Locations" version="0.1">
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.location.nuxeo.LocationDocumentModelHandler
             </service:documentHandler>
@@ -613,9 +614,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /acquisitions/*/authorityrefs/
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.acquisition.nuxeo.AcquisitionDocumentModelHandler
             </service:documentHandler>
@@ -664,9 +665,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 relations/subject/*/type/*/object/*
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.relation.nuxeo.RelationDocumentModelHandler
             </service:documentHandler>
@@ -737,9 +738,9 @@
         <tenant:serviceBindings name="Dimensions" version="0.1">
             <!-- other URI paths using which this service could be accessed -->
 
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.dimension.nuxeo.DimensionDocumentModelHandler
             </service:documentHandler>
@@ -777,9 +778,9 @@
             <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
                 /orgauthorities/*/items/*/contacts
             </service:uriPath>
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.contact.nuxeo.ContactDocumentModelHandler
             </service:documentHandler>
@@ -810,9 +811,9 @@
         <!-- end contact service meta-data -->
         <!-- begin note service meta-data -->
         <tenant:serviceBindings name="Notes" version="0.1">
-            <service:repositoryClient xmlns:service='http://collectionspace.org/services/common/service'>
-                nuxeo-java
-            </service:repositoryClient>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                default-domain
+            </service:repositoryDomain>
             <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
                 org.collectionspace.services.note.nuxeo.NoteDocumentModelHandler
             </service:documentHandler>
@@ -1028,4 +1029,1026 @@
         <!-- end role-permission service meta-data -->
     </tenant:tenantBinding>
     <!-- end movingimages.us tenant meta-data -->
+
+
+        <!-- begin hearstmuseum.berkeley.edu tenant meta-data -->
+    <tenant:tenantBinding
+        id="2" name="hearstmuseum.berkeley.edu" displayName="Phoebe A. Hearst Museum of Anthropology" version="0.1">
+        <tenant:repositoryDomain name="pahma-domain" repositoryClient="nuxeo-java"/>
+        <!-- begin idgenerators service meta-data -->
+        <tenant:serviceBindings name="idgenerators" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+
+        </tenant:serviceBindings>
+        <!-- end idgenerator service meta-data -->
+            <!-- begin id service meta-data -->
+        <tenant:serviceBindings name="id" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /idgenerators/*/ids
+            </service:uriPath>
+        </tenant:serviceBindings>
+        <tenant:serviceBindings name="CollectionObjects" type="object" version="0.1">
+            <!-- begin collectionobject service meta-data -->
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /collectionobjects/*/authorityrefs/
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.collectionobject.nuxeo.CollectionObjectDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.collectionobject.nuxeo.CollectionObjectValidatorHandler
+            </service:validatorHandler>
+            <service:properties xmlns:service='http://collectionspace.org/services/common/service'>
+                <types:item><types:key>objectNameProperty</types:key><types:value>objectName</types:value></types:item>
+                <types:item><types:key>objectNumberProperty</types:key><types:value>objectNumber</types:value></types:item>
+            </service:properties>
+            <!-- end id service meta-data -->
+            <service:object name="CollectionObject" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="collectionobjects-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="collectionobjects_common" updated="" order="1">
+                    <service:properties>
+                        <types:item><types:key>authRef</types:key><types:value>contentOrganization</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>contentPeople</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>contentPerson</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>inscriber</types:value></types:item>
+                    </service:properties>
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/collectionobject"
+                            schemaLocation="http://collectionspace.org/services/collectionobject http://services.collectionspace.org/collectionobject/collectionobjects_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="2" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="collectionobjects_naturalhistory" updated="" order="2">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/collectionobject/domain/naturalhistory"
+                            schemaLocation="http://collectionspace.org/services/collectionobject/domain/naturalhistory http://collectionspace.org/services/collectionobject/domain/collectionobjects_naturalhistory.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!--end collectionobject service meta-data -->
+        <!-- begin intake service meta-data -->
+        <tenant:serviceBindings name="Intakes" type="procedure" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /intakes/*/authorityrefs/
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.intake.nuxeo.IntakeDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.intake.nuxeo.IntakeValidatorHandler
+            </service:validatorHandler>
+            <service:properties xmlns:service='http://collectionspace.org/services/common/service'>
+                <!-- What to use for name???
+                                                        <types:item><types:key>objectNameProperty</types:key><types:value>objectName</types:value></types:item> -->
+                <types:item><types:key>objectNumberProperty</types:key><types:value>entryNumber</types:value></types:item>
+            </service:properties>
+            <service:object name="Intake" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="intakes-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="intakes_common" updated="" order="1">
+                    <service:properties>
+                        <types:item><types:key>authRef</types:key><types:value>currentOwner</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>depositor</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>conditionCheckAssesor</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>insurer</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>fieldCollector</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>valuer</types:value></types:item>
+                    </service:properties>
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/intake"
+                            schemaLocation="http://collectionspace.org/services/intake http://services.collectionspace.org/intake/intakes_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end intake service meta-data -->
+        <!-- begin loanin service meta-data -->
+        <tenant:serviceBindings name="Loansin" type="procedure" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /loansin/*/authorityrefs/
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.loanin.nuxeo.LoaninDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.loanin.nuxeo.LoaninValidatorHandler
+            </service:validatorHandler>
+            <service:properties xmlns:service='http://collectionspace.org/services/common/service'>
+                <!-- What to use for name???
+                                                        <types:item><types:key>objectNameProperty</types:key><types:value>objectName</types:value></types:item> -->
+                <types:item><types:key>objectNumberProperty</types:key><types:value>loanInNumber</types:value></types:item>
+            </service:properties>
+            <service:object name="Loanin" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="loansin-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="loansin_common" updated="" order="1">
+                    <service:properties>
+                        <!-- Need to handle repeating ref fields, like "lenders" -->
+                        <types:item><types:key>authRef</types:key><types:value>lendersAuthorizer</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>lendersContact</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>loanInContact</types:value></types:item>
+                    </service:properties>
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/loanin"
+                            schemaLocation="http://collectionspace.org/services/loanin http://services.collectionspace.org/loanin/loansin_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end loanin service meta-data -->
+        <!-- begin loanout service meta-data -->
+        <tenant:serviceBindings name="Loansout" type="procedure" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /loansout/*/authorityrefs/
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.loanout.nuxeo.LoanoutDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.loanout.nuxeo.LoanoutValidatorHandler
+            </service:validatorHandler>
+            <service:object name="Loanout" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="loansout-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="loansout_common" updated="" order="1">
+                    <service:properties>
+                        <types:item><types:key>authRef</types:key><types:value>borrower</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>borrowersContact</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>lendersAuthorizer</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>lendersContact</types:value></types:item>
+                    </service:properties>
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/loanout"
+                            schemaLocation="http://collectionspace.org/services/loanout http://services.collectionspace.org/loanout/loansout_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end loanout service meta-data -->
+        <!-- begin movement service meta-data -->
+        <tenant:serviceBindings name="Movements" type="procedure" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /movements/*/authorityrefs/
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.movement.nuxeo.MovementDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.movement.nuxeo.MovementValidatorHandler
+            </service:validatorHandler>
+            <service:object name="Movement" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="movements-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="movements_common" updated="" order="1">
+                    <service:properties>
+                        <types:item><types:key>authRef</types:key><types:value>currentLocation</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>normalLocation</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>movementContact</types:value></types:item>
+                    </service:properties>
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/movement"
+                            schemaLocation="http://collectionspace.org/services/movement http://services.collectionspace.org/movement/movements_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end movement service meta-data -->
+        <!-- begin vocabulary service meta-data -->
+        <tenant:serviceBindings name="Vocabularies" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.vocabulary.nuxeo.VocabularyDocumentModelHandler
+            </service:documentHandler>
+            <service:object name="Vocabulary" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="vocabularies-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="vocabularies_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/vocabulary"
+                            schemaLocation="http://collectionspace.org/services/vocabulary http://services.collectionspace.org/vocabulary/vocabularies_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end vocabulary service meta-data -->
+                <!--
+            begin vocabularyitem service meta-data.
+                        Note there is no Vocabularyitem service, but there is a
+                        Repository workspace so we have to configure that.
+        -->
+        <tenant:serviceBindings name="Vocabularyitems" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /vocabularies/*/items/
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.vocabulary.nuxeo.VocabularyItemDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.vocabulary.nuxeo.VocabularyItemValidatorHandler
+            </service:validatorHandler>
+            <service:object name="Vocabularyitem" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="vocabularyitems-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="vocabularyitems_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/vocabulary"
+                            schemaLocation="http://collectionspace.org/services/vocabulary http://services.collectionspace.org/vocabulary/vocabularyitems_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end vocabulary service meta-data -->
+        <!-- begin orgauthority service meta-data -->
+        <tenant:serviceBindings name="Orgauthorities" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /orgauthorities/*/items/*/authorityrefs/
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.organization.nuxeo.OrgAuthorityDocumentModelHandler
+            </service:documentHandler>
+            <service:object id="1" name="Orgauthority" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="orgauthorities-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="orgauthorities_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/organization"
+                            schemaLocation="http://collectionspace.org/services/organization http://services.collectionspace.org/organization/orgauthorities_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end orgauthority service meta-data -->
+                        <!-- begin organization service meta-data.
+                        Note there is no Organization service, but there is a
+                        Repository workspace so we have to configure that.
+        -->
+        <tenant:serviceBindings name="Organizations" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /orgauthorities/*/items/
+            </service:uriPath>
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /orgauthorities/*/items/*/refObjs
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.organization.nuxeo.OrganizationDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.organization.nuxeo.OrganizationValidatorHandler
+            </service:validatorHandler>
+            <service:object id="1" name="Organization" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="organizations-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="organizations_common" updated="" order="1">
+                    <service:properties>
+                        <types:item><types:key>authRef</types:key><types:value>contactName</types:value></types:item>
+                    </service:properties>
+
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/organization"
+                            schemaLocation="http://collectionspace.org/services/organization http://services.collectionspace.org/organization/organizations_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end organization service meta-data -->
+        <!-- begin personauthority service meta-data -->
+        <tenant:serviceBindings name="Personauthorities" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /personauthorities/*/items/
+            </service:uriPath>
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /personauthorities/*/items/*/refObjs
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.person.nuxeo.PersonAuthorityDocumentModelHandler
+            </service:documentHandler>
+            <service:object id="1" name="Personauthority" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="personauthorities-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="personauthorities_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/person"
+                            schemaLocation="http://collectionspace.org/services/person http://services.collectionspace.org/person/personauthorities_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end personauthority service meta-data -->
+                        <!-- begin person service meta-data.
+                        Note there is no Person service, but there is a
+                        Repository workspace so we have to configure that.
+        -->
+        <tenant:serviceBindings name="Persons" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /personauthorities/*/items/
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.person.nuxeo.PersonDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.person.nuxeo.PersonValidatorHandler
+            </service:validatorHandler>
+            <service:object id="1" name="Person" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="persons-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="persons_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/person"
+                            schemaLocation="http://collectionspace.org/services/person http://services.collectionspace.org/person/persons_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end person service meta-data -->
+        <!-- begin locationauthority service meta-data -->
+        <tenant:serviceBindings name="Locationauthorities" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /locationauthorities/*/items/
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.location.nuxeo.LocationAuthorityDocumentModelHandler
+            </service:documentHandler>
+            <service:object id="1" name="Locationauthority" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="locationauthorities-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="locationauthorities_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/location"
+                            schemaLocation="http://collectionspace.org/services/location http://services.collectionspace.org/location/locationauthorities_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end locationauthority service meta-data -->
+                        <!-- begin location service meta-data.
+                        Note there is no Location service, but there is a
+                        Repository workspace so we have to configure that.
+        -->
+        <tenant:serviceBindings name="Locations" version="0.1">
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.location.nuxeo.LocationDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.location.nuxeo.LocationValidatorHandler
+            </service:validatorHandler>
+            <service:object id="1" name="Locationitem" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="locations-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="locations_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/location"
+                            schemaLocation="http://collectionspace.org/services/location http://services.collectionspace.org/location/locations_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end location service meta-data -->
+        <!-- begin acquisition service meta-data -->
+        <tenant:serviceBindings name="Acquisitions" type="procedure" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /acquisitions/*/authorityrefs/
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.acquisition.nuxeo.AcquisitionDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.acquisition.nuxeo.AcquisitionValidatorHandler
+            </service:validatorHandler>
+            <service:properties xmlns:service='http://collectionspace.org/services/common/service'>
+                <!-- What to use for name???
+                                                        <types:item><types:key>objectNameProperty</types:key><types:value>objectName</types:value></types:item> -->
+                <types:item><types:key>objectNumberProperty</types:key><types:value>acquisitionReferenceNumber</types:value></types:item>
+            </service:properties>
+            <service:object name="Acquisition" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="acquisitions-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="acquisitions_common" updated="" order="1">
+                    <service:properties>
+                        <types:item><types:key>authRef</types:key><types:value>acquisitionAuthorizer</types:value></types:item>
+                        <types:item><types:key>authRef</types:key><types:value>acquisitionFundingSource</types:value></types:item>
+                        <!-- Need to handle repeating ref fields, like "acquisitionSources" -->
+                        <types:item><types:key>authRef</types:key><types:value>fieldCollector</types:value></types:item>
+                    </service:properties>
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/acquisition"
+                            schemaLocation="http://collectionspace.org/services/acquisition http://services.collectionspace.org/acquisition/acquisitions_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end acquisition service meta-data -->
+        <!-- begin relation service meta-data -->
+        <tenant:serviceBindings name="Relations" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->'
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                relations/subject/*/type/*/object/*
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.relation.nuxeo.RelationDocumentModelHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.relation.nuxeo.RelationValidatorHandler
+            </service:validatorHandler>
+            <service:object name="Relation" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="relations-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="relations_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/relation"
+                            schemaLocation="http://collectionspace.org/services/relation http://services.collectionspace.org/relation/relations_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end relation service meta-data -->
+        <!-- begin account service meta-data -->
+        <tenant:serviceBindings name="Accounts" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.account.storage.AccountDocumentHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.account.storage.AccountValidatorHandler
+            </service:validatorHandler>
+            <service:object name="Acccount" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accounts_system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accounts_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/account"
+                            schemaLocation="http://collectionspace.org/services/account http://collectionspace.org/services/account/accounts_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end account service meta-data -->
+        <!-- begin dimension service meta-data -->
+        <tenant:serviceBindings name="Dimensions" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.dimension.nuxeo.DimensionDocumentModelHandler
+            </service:documentHandler>
+            <service:object name="Dimension" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="dimensions-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="dimensions_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/dimension"
+                            schemaLocation="http://collectionspace.org/services/dimension http://services.collectionspace.org/dimension/dimensions_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end dimension service meta-data -->
+        <!-- begin contact service meta-data -->
+        <tenant:serviceBindings name="Contacts" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /personauthorities/*/items/*/contacts
+            </service:uriPath>
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /orgauthorities/*/items/*/contacts
+            </service:uriPath>
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.contact.nuxeo.ContactDocumentModelHandler
+            </service:documentHandler>
+            <service:object name="Contact" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="contacts-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="contacts_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/contact"
+                            schemaLocation="http://collectionspace.org/services/contact http://services.collectionspace.org/contact/contacts_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end contact service meta-data -->
+        <!-- begin note service meta-data -->
+        <tenant:serviceBindings name="Notes" version="0.1">
+            <service:repositoryDomain xmlns:service='http://collectionspace.org/services/common/service'>
+                pahma-domain
+            </service:repositoryDomain>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.note.nuxeo.NoteDocumentModelHandler
+            </service:documentHandler>
+            <service:object name="CSNote" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="notes-system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="notes_common" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/note"
+                            schemaLocation="http://collectionspace.org/services/note http://services.collectionspace.org/note/notes_common.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end note service meta-data -->
+        <!-- begin role service meta-data -->
+        <tenant:serviceBindings name="authorization/roles" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.RoleDocumentHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.RoleValidatorHandler
+            </service:validatorHandler>
+            <service:object name="Role" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="roles_system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="roles" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/authorization"
+                            schemaLocation="http://collectionspace.org/services/authorization http://services.collectionspace.org/authorization/roles.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end role service meta-data -->
+        <!-- begin permission service meta-data -->
+        <tenant:serviceBindings name="authorization/permissions" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.PermissionDocumentHandler
+            </service:documentHandler>
+            <service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.PermissionValidatorHandler
+            </service:validatorHandler>
+            <service:object name="Permission" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="permissions_system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="permissions" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/authorization"
+                            schemaLocation="http://collectionspace.org/services/authorization http://services.collectionspace.org/authorization/permissions.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end permission service meta-data -->
+        <!-- begin permission-role service meta-data -->
+        <!-- the following service is same as authorization/roles/permroles service -->
+        <!-- except that it is available as a sub resource of the permission service -->
+        <tenant:serviceBindings name="authorization/permissions/permroles" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /authorization/permissions/*/permroles/
+            </service:uriPath>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.PermissionRoleDocumentHandler
+            </service:documentHandler>
+            <!--service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.PermissionRoleValidatorHandler
+            </service:validatorHandler-->
+            <service:object name="PermissionRole" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="permroles_system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="permroles" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/authorization"
+                            schemaLocation="http://collectionspace.org/services/authorization http://services.collectionspace.org/authorization/permissions_roles.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end permission-role service meta-data -->
+        <!-- begin account-role service meta-data -->
+        <tenant:serviceBindings name="accounts/accountroles" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /accounts/*/accountroles/
+            </service:uriPath>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.account.storage.AccountRoleDocumentHandler
+            </service:documentHandler>
+            <!--service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.account.storage.AccountRoleDocumentHandler
+            </service:validatorHandler-->
+            <service:object name="AccountRole" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accountroles_system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="accountroles" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/authorization"
+                            schemaLocation="http://collectionspace.org/services/authorization http://services.collectionspace.org/authorization/accounts_roles.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end account-role service meta-data -->
+        <!-- begin role-permission service meta-data -->
+        <!-- the following service is same as authorization/permissions/permroles service -->
+        <!-- except that it is available as a sub resource of the role service -->
+        <tenant:serviceBindings name="authorization/roles/permroles" version="0.1">
+            <!-- other URI paths using which this service could be accessed -->
+            <service:uriPath xmlns:service='http://collectionspace.org/services/common/service'>
+                /authorization/roles/*/permroles/
+            </service:uriPath>
+            <service:documentHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.PermissionRoleDocumentHandler
+            </service:documentHandler>
+            <!--service:validatorHandler xmlns:service='http://collectionspace.org/services/common/service'>
+                org.collectionspace.services.authorization.storage.PermissionRoleValidatorHandler
+            </service:validatorHandler-->
+            <service:object name="PermissionRole" version="0.1"
+                            xmlns:service='http://collectionspace.org/services/common/service'>
+                <service:part id="0" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="permroles_system" updated="" order="0">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/common/system"
+                            schemaLocation="http://collectionspace.org/services/common/system http://collectionspace.org/services/common/system/system-response.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+                <service:part id="1" control_group="Managed"
+                              versionable="true" auditable="false"
+                              label="permroles" updated="" order="1">
+                    <service:content contentType="application/xml">
+                        <service:xmlContent
+                            namespaceURI="http://collectionspace.org/services/authorization"
+                            schemaLocation="http://collectionspace.org/services/authorization http://services.collectionspace.org/authorization/permissions_roles.xsd">
+                        </service:xmlContent>
+                    </service:content>
+                </service:part>
+            </service:object>
+        </tenant:serviceBindings>
+        <!-- end role-permission service meta-data -->
+    </tenant:tenantBinding>
+    <!-- end hearstmuseum.berkeley.edu tenant meta-data -->
+
 </tenant:TenantBindingConfig>

diff --git a/services/common/src/main/java/org/collectionspace/services/common/ServiceMain.java b/services/common/src/main/java/org/collectionspace/services/common/ServiceMain.java
index 186812191fe1bfda4e0e05a3f368db166a6efc60..f76dbb9d448500edc974f324fb222f151752ae75 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/ServiceMain.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/ServiceMain.java
@@ -114,7 +114,7 @@ public class ServiceMain {
         //all configs are read, connector is initialized, retrieve workspaceids
         Hashtable<String, TenantBindingType> tenantBindings =
                 getTenantBindingConfigReader().getTenantBindings();
-        TenantRepository.get().retrieveAllWorkspaceIds(tenantBindings);
+        TenantRepository.get().setup(tenantBindings);
     }
 
     /**

diff --git a/services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java b/services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java
index 38bd41569111b765315e016c300f6bf79b39c421..8c0d9d10efd5b5ea5627a248773318e35a7b3f7f 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/config/TenantBindingConfigReaderImpl.java
@@ -29,6 +29,7 @@ import java.util.Hashtable;
 import java.util.List;
 
 import org.collectionspace.services.common.service.ServiceBindingType;
+import org.collectionspace.services.common.tenant.RepositoryDomainType;
 import org.collectionspace.services.common.tenant.TenantBindingType;
 import org.collectionspace.services.common.tenant.TenantBindingConfig;
 import org.collectionspace.services.common.types.PropertyItemType;
@@ -50,6 +51,9 @@ public class TenantBindingConfigReaderImpl
     //tenant id, tenant binding
     private Hashtable<String, TenantBindingType> tenantBindings =
             new Hashtable<String, TenantBindingType>();
+    //repository domains
+    private Hashtable<String, RepositoryDomainType> domains =
+            new Hashtable<String, RepositoryDomainType>();
     //tenant-qualified servicename, service binding
     private Hashtable<String, ServiceBindingType> serviceBindings =
             new Hashtable<String, ServiceBindingType>();
@@ -83,6 +87,7 @@ public class TenantBindingConfigReaderImpl
         tenantBindingConfig = (TenantBindingConfig) parse(configFile, TenantBindingConfig.class);
         for (TenantBindingType tenantBinding : tenantBindingConfig.getTenantBinding()) {
             tenantBindings.put(tenantBinding.getId(), tenantBinding);
+            readDomains(tenantBinding);
             readServiceBindings(tenantBinding);
             if (logger.isDebugEnabled()) {
                 logger.debug("read() added tenant id=" + tenantBinding.getId()
@@ -91,6 +96,12 @@ public class TenantBindingConfigReaderImpl
         }
     }
 
+    private void readDomains(TenantBindingType tenantBinding) throws Exception {
+        for (RepositoryDomainType domain : tenantBinding.getRepositoryDomain()) {
+            domains.put(domain.getName(), domain);
+        }
+    }
+
     private void readServiceBindings(TenantBindingType tenantBinding) throws Exception {
         for (ServiceBindingType serviceBinding : tenantBinding.getServiceBindings()) {
             String key = getTenantQualifiedServiceName(tenantBinding.getId(),
@@ -127,6 +138,38 @@ public class TenantBindingConfigReaderImpl
         return tenantBindings.get(tenantId);
     }
 
+    /**
+     * getRepositoryDomain gets repository domain configuration for the given name
+     * @param domainName
+     * @return
+     */
+    public RepositoryDomainType getRepositoryDomain(String domainName) {
+        return domains.get(domainName.trim());
+    }
+
+    /**
+     * getRepositoryDomain gets repository domain configuration for the given service
+     * and given tenant id
+     * @param tenantId
+     * @param serviceName
+     * @return
+     */
+    public RepositoryDomainType getRepositoryDomain(String tenantId, String serviceName) {
+        ServiceBindingType serviceBinding = getServiceBinding(tenantId, serviceName);
+        if (serviceBinding == null) {
+            throw new IllegalArgumentException("no service binding found for " + serviceName
+                    + " of tenant with id=" + tenantId);
+        }
+        if (serviceBinding.getRepositoryDomain() == null) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("No repository domain configured for " + serviceName
+                        + " of tenant with id=" + tenantId);
+            }
+            return null;
+        }
+        return domains.get(serviceBinding.getRepositoryDomain().trim());
+    }
+
     /**
      * getServiceBinding gets service binding for given tenant for a given service
      * @param tenantId

diff --git a/services/common/src/main/java/org/collectionspace/services/common/context/AbstractServiceContextImpl.java b/services/common/src/main/java/org/collectionspace/services/common/context/AbstractServiceContextImpl.java
index 90b49250aa6c0f8c4138a39144aba488b649f960..54eeb9ecec98301178315f1c05369495c9aa1289 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/context/AbstractServiceContextImpl.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/context/AbstractServiceContextImpl.java
@@ -41,6 +41,7 @@ import org.collectionspace.services.common.security.SecurityContextImpl;
 import org.collectionspace.services.common.security.UnauthorizedException;
 import org.collectionspace.services.common.service.ObjectPartType;
 import org.collectionspace.services.common.service.ServiceBindingType;
+import org.collectionspace.services.common.tenant.RepositoryDomainType;
 import org.collectionspace.services.common.tenant.TenantBindingType;
 import org.collectionspace.services.common.types.PropertyItemType;
 import org.collectionspace.services.common.types.PropertyType;
@@ -78,6 +79,8 @@ public abstract class AbstractServiceContextImpl<IT, OT>
     private ServiceBindingType serviceBinding;
     /** The tenant binding. */
     private TenantBindingType tenantBinding;
+    /** repository domain used by the service */
+    private RepositoryDomainType repositoryDomain;
     /** The override document type. */
     private String overrideDocumentType = null;
     /** The val handlers. */
@@ -91,9 +94,8 @@ public abstract class AbstractServiceContextImpl<IT, OT>
      * Instantiates a new abstract service context impl.
      */
     private AbstractServiceContextImpl() {
-       // private constructor for singleton pattern
-    } 
-
+        // private constructor for singleton pattern
+    }
     // request query params
     /** The query params. */
     private MultivaluedMap<String, String> queryParams;
@@ -135,6 +137,13 @@ public abstract class AbstractServiceContextImpl<IT, OT>
             logger.debug("tenantId=" + tenantId
                     + " service binding=" + serviceBinding.getName());
         }
+        repositoryDomain = tReader.getRepositoryDomain(tenantId, serviceName);
+        if (repositoryDomain != null) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("tenantId=" + tenantId
+                        + " repository doamin=" + repositoryDomain.getName());
+            }
+        }
     }
 
     /* (non-Javadoc)
@@ -243,10 +252,10 @@ public abstract class AbstractServiceContextImpl<IT, OT>
      */
     @Override
     public String getRepositoryClientName() {
-        if (serviceBinding.getRepositoryClient() == null) {
+        if (repositoryDomain == null) {
             return null;
         }
-        return serviceBinding.getRepositoryClient().trim();
+        return repositoryDomain.getRepositoryClient();
     }
 
     /* (non-Javadoc)
@@ -263,7 +272,10 @@ public abstract class AbstractServiceContextImpl<IT, OT>
      */
     @Override
     public String getRepositoryDomainName() {
-        return tenantBinding.getRepositoryDomain();
+        if (repositoryDomain == null) {
+            return null;
+        }
+        return repositoryDomain.getName();
     }
 
     /* (non-Javadoc)
@@ -523,7 +535,9 @@ public abstract class AbstractServiceContextImpl<IT, OT>
         msg.append("tenant id=" + tenantBinding.getId() + " ");
         msg.append("tenant name=" + tenantBinding.getName() + " ");
         msg.append(tenantBinding.getDisplayName() + " ");
-        msg.append("tenant repository domain=" + tenantBinding.getRepositoryDomain());
+        if (repositoryDomain != null) {
+            msg.append("tenant repository domain=" + repositoryDomain.getName());
+        }
         for (Map.Entry<String, Object> entry : properties.entrySet()) {
             msg.append("property name=" + entry.getKey() + " value=" + entry.getValue().toString());
         }

diff --git a/services/common/src/main/java/org/collectionspace/services/common/document/JaxbUtils.java b/services/common/src/main/java/org/collectionspace/services/common/document/JaxbUtils.java
index fa987720e187b1118b8526bcce514dcb8e1e2f19..38a87161f1eea6f8d43479f62e05d4702184c041 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/document/JaxbUtils.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/document/JaxbUtils.java
@@ -120,10 +120,10 @@ public class JaxbUtils {
         Method m = c.getMethod(methodName);
 
         Object r = m.invoke(o);
-        if (logger.isDebugEnabled()) {
-            logger.debug("getValue returned value=" + r
-                    + " for " + c.getName());
-        }
+//        if (logger.isDebugEnabled()) {
+//            logger.debug("getValue returned value=" + r
+//                    + " for " + c.getName());
+//        }
         return r;
     }
 
@@ -154,10 +154,10 @@ public class JaxbUtils {
         Class c = o.getClass();
         Method m = c.getMethod(methodName, argType);
         Object r = m.invoke(o, argValue);
-        if (logger.isDebugEnabled()) {
-            logger.debug("completed invocation of " + methodName
-                    + " for " + c.getName());
-        }
+//        if (logger.isDebugEnabled()) {
+//            logger.debug("completed invocation of " + methodName
+//                    + " for " + c.getName());
+//        }
         return r;
     }
 }

diff --git a/services/common/src/main/java/org/collectionspace/services/common/repository/RepositoryClient.java b/services/common/src/main/java/org/collectionspace/services/common/repository/RepositoryClient.java
index 29a6a04793b73cdc69e39876169e3a586ae627b5..6edab673b675e626addd6e37318ee113738ba41a 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/repository/RepositoryClient.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/repository/RepositoryClient.java
@@ -23,6 +23,7 @@
  */
 package org.collectionspace.services.common.repository;
 
+import java.util.Hashtable;
 import java.util.List;
 
 import org.collectionspace.services.common.context.ServiceContext;
@@ -45,6 +46,30 @@ import org.nuxeo.ecm.core.api.DocumentModelList;
  */
 public interface RepositoryClient extends StorageClient {
 
+    /**
+     * createDomain creates a doamin in the default repository
+     * @param space name
+     * @return id of newly created domain space
+     * @throws java.lang.Exception
+     */
+    public String createDomain(String domainName) throws Exception;
+
+    /**
+     * getDomainSpaceId gets id of the given domain
+     * @param domainName
+     * @return
+     * @throws Exception
+     */
+    public String getDomainId(String domainName) throws Exception;
+
+    /**
+     * retrieveWorkspaceIds retrieve workspace ids for given domain
+     * @param domainName
+     * @return Hashtable<workspaceName, workspaceId>
+     * @throws Exception
+     */
+    public Hashtable<String, String> retrieveWorkspaceIds(String domainName) throws Exception;
+
     /**
      * createWorkspace creates a workspace in default repository under given domain
      * @param tenantDomain domain representing tenant
@@ -62,7 +87,7 @@ public interface RepositoryClient extends StorageClient {
      * @throws java.lang.Exception
      */
     public String getWorkspaceId(String tenantDomain, String workspaceName) throws Exception;
-    
+
     /**
      * get wrapped documentModel from the Nuxeo repository
      * @param ctx service context under which this method is invoked
@@ -71,7 +96,7 @@ public interface RepositoryClient extends StorageClient {
      * @throws DocumentException
      */
     public DocumentWrapper<DocumentModel> getDoc(
-               ServiceContext ctx, String id)
+            ServiceContext ctx, String id)
             throws DocumentNotFoundException, DocumentException;
 
     /**
@@ -82,7 +107,7 @@ public interface RepositoryClient extends StorageClient {
      * @throws DocumentException
      */
     public DocumentWrapper<DocumentModel> findDoc(
-               ServiceContext ctx, String where)
+            ServiceContext ctx, String where)
             throws DocumentNotFoundException, DocumentException;
 
     /**
@@ -93,7 +118,7 @@ public interface RepositoryClient extends StorageClient {
      * @throws DocumentException
      */
     public String findDocCSID(
-               ServiceContext ctx, String where)
+            ServiceContext ctx, String where)
             throws DocumentNotFoundException, DocumentException;
 
     /**
@@ -110,9 +135,9 @@ public interface RepositoryClient extends StorageClient {
      * @throws DocumentException 
      */
     public DocumentWrapper<DocumentModelList> findDocs(
-               ServiceContext ctx,
-               List<String> docTypes,
-               String where,
-               int pageSize, int pageNum, boolean computeTotal )
+            ServiceContext ctx,
+            List<String> docTypes,
+            String where,
+            int pageSize, int pageNum, boolean computeTotal)
             throws DocumentNotFoundException, DocumentException;
 }

diff --git a/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RepositoryJavaClientImpl.java b/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RepositoryJavaClientImpl.java
index 68a2a92fcfe6994bb1bfed6d130e3e1061c4e622..737dec28b535263372c72331757e97c85d5c9a1b 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RepositoryJavaClientImpl.java
+++ b/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/RepositoryJavaClientImpl.java
@@ -17,10 +17,10 @@
  */
 package org.collectionspace.services.nuxeo.client.java;
 
+import java.util.Hashtable;
 import java.util.UUID;
 import java.util.List;
 
-import org.collectionspace.services.common.ServiceMain;
 import org.collectionspace.services.common.context.ServiceContext;
 
 import org.collectionspace.services.common.document.BadRequestException;
@@ -35,7 +35,6 @@ import org.collectionspace.services.common.document.DocumentWrapperImpl;
 import org.collectionspace.services.nuxeo.util.NuxeoUtils;
 import org.collectionspace.services.common.query.IQueryManager;
 import org.collectionspace.services.common.repository.RepositoryClient;
-import org.collectionspace.services.nuxeo.client.java.DocumentModelHandler;
 
 import org.jboss.resteasy.plugins.providers.multipart.MultipartInput;
 import org.jboss.resteasy.plugins.providers.multipart.MultipartOutput;
@@ -61,90 +60,85 @@ import org.slf4j.LoggerFactory;
  * $LastChangedRevision: $ $LastChangedDate: $
  */
 public class RepositoryJavaClientImpl implements RepositoryClient {
-       
-       /**
-        * The Class QueryContext.
-        */
-       private class QueryContext {
-               
-               /** The doc type. */
-               String docType;
-               
-               /** The doc filter. */
-               DocumentFilter docFilter;
-               
-               /** The where clause. */
-               String whereClause;
-               
-               /** The domain. */
-               String domain;
-               
-               /** The tenant id. */
-               String tenantId;
-               
-               /**
-                * Instantiates a new query context.
-                *
-                * @param ctx the ctx
-                * @throws DocumentNotFoundException the document not found exception
-                * @throws DocumentException the document exception
-                */
-               QueryContext(ServiceContext<MultipartInput, MultipartOutput> ctx) throws DocumentNotFoundException, DocumentException {
-               docType = ctx.getDocumentType();
-               if (docType == null) {
-                   throw new DocumentNotFoundException(
-                           "Unable to find DocumentType for service " + ctx.getServiceName());
-               }
-               domain = ctx.getRepositoryDomainName();
-               if (domain == null) {
-                   throw new DocumentNotFoundException(
-                           "Unable to find Domain for service " + ctx.getServiceName());
-               }
-               tenantId = ctx.getTenantId();
-               if (tenantId == null) {
-                   throw new IllegalArgumentException(
-                       "Service context has no Tenant ID specified.");
-               }                       
-               }
-
-               /**
-                * Instantiates a new query context.
-                *
-                * @param ctx the ctx
-                * @param theWhereClause the the where clause
-                * @throws DocumentNotFoundException the document not found exception
-                * @throws DocumentException the document exception
-                */
-               QueryContext(ServiceContext<MultipartInput, MultipartOutput> ctx,
-                               String theWhereClause) throws DocumentNotFoundException, DocumentException {
-                       this(ctx);
-                       whereClause = theWhereClause;
-               }               
-               
-               /**
-                * Instantiates a new query context.
-                *
-                * @param ctx the ctx
-                * @param handler the handler
-                * @throws DocumentNotFoundException the document not found exception
-                * @throws DocumentException the document exception
-                */
-               QueryContext(ServiceContext<MultipartInput, MultipartOutput> ctx,
-                               DocumentHandler handler) throws DocumentNotFoundException, DocumentException {
-                       this(ctx);
-               if (handler == null) {
-                   throw new IllegalArgumentException(
-                           "Document handler is missing.");
-               }
-               docFilter = handler.getDocumentFilter();
-               if (docFilter == null) {
-                   throw new IllegalArgumentException(
-                           "Document handler has no Filter specified.");
-               }
-               whereClause = docFilter.getWhereClause();               
-               }
-       }
 
+    /**
+     * The Class QueryContext.
+     */
+    private class QueryContext {
+
+        /** The doc type. */
+        String docType;
+        /** The doc filter. */
+        DocumentFilter docFilter;
+        /** The where clause. */
+        String whereClause;
+        /** The domain. */
+        String domain;
+        /** The tenant id. */
+        String tenantId;
+
+        /**
+         * Instantiates a new query context.
+         *
+         * @param ctx the ctx
+         * @throws DocumentNotFoundException the document not found exception
+         * @throws DocumentException the document exception
+         */
+        QueryContext(ServiceContext<MultipartInput, MultipartOutput> ctx) throws DocumentNotFoundException, DocumentException {
+            docType = ctx.getDocumentType();
+            if (docType == null) {
+                throw new DocumentNotFoundException(
+                        "Unable to find DocumentType for service " + ctx.getServiceName());
+            }
+            domain = ctx.getRepositoryDomainName();
+            if (domain == null) {
+                throw new DocumentNotFoundException(
+                        "Unable to find Domain for service " + ctx.getServiceName());
+            }
+            tenantId = ctx.getTenantId();
+            if (tenantId == null) {
+                throw new IllegalArgumentException(
+                        "Service context has no Tenant ID specified.");
+            }
+        }
+
+        /**
+         * Instantiates a new query context.
+         *
+         * @param ctx the ctx
+         * @param theWhereClause the the where clause
+         * @throws DocumentNotFoundException the document not found exception
+         * @throws DocumentException the document exception
+         */
+        QueryContext(ServiceContext<MultipartInput, MultipartOutput> ctx,
+                String theWhereClause) throws DocumentNotFoundException, DocumentException {
+            this(ctx);
+            whereClause = theWhereClause;
+        }
+
+        /**
+         * Instantiates a new query context.
+         *
+         * @param ctx the ctx
+         * @param handler the handler
+         * @throws DocumentNotFoundException the document not found exception
+         * @throws DocumentException the document exception
+         */
+        QueryContext(ServiceContext<MultipartInput, MultipartOutput> ctx,
+                DocumentHandler handler) throws DocumentNotFoundException, DocumentException {
+            this(ctx);
+            if (handler == null) {
+                throw new IllegalArgumentException(
+                        "Document handler is missing.");
+            }
+            docFilter = handler.getDocumentFilter();
+            if (docFilter == null) {
+                throw new IllegalArgumentException(
+                        "Document handler has no Filter specified.");
+            }
+            whereClause = docFilter.getWhereClause();
+        }
+    }
     /** The logger. */
     private final Logger logger = LoggerFactory.getLogger(RepositoryJavaClientImpl.class);
 
@@ -152,7 +146,7 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
      * Instantiates a new repository java client impl.
      */
     public RepositoryJavaClientImpl() {
-       //Empty constructor
+        //Empty constructor
     }
 
     /**
@@ -163,25 +157,25 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
      * @throws ClientException the client exception
      */
     private void setCollectionSpaceCoreValues(ServiceContext<MultipartInput, MultipartOutput> ctx,
-               DocumentModel documentModel,
-               Action action) throws ClientException {
-       //
-       // Add the tenant ID value to the new entity
-       //
-       documentModel.setProperty(DocumentModelHandler.COLLECTIONSPACE_CORE_SCHEMA,
-                       DocumentModelHandler.COLLECTIONSPACE_CORE_TENANTID,
-                       ctx.getTenantId());
-       switch (action) {
-               case CREATE:
-                       //add creation date value
-                       break;
-               case UPDATE:
-                       //add update value
-                       break;
-               default:
-       }
+            DocumentModel documentModel,
+            Action action) throws ClientException {
+        //
+        // Add the tenant ID value to the new entity
+        //
+        documentModel.setProperty(DocumentModelHandler.COLLECTIONSPACE_CORE_SCHEMA,
+                DocumentModelHandler.COLLECTIONSPACE_CORE_TENANTID,
+                ctx.getTenantId());
+        switch (action) {
+            case CREATE:
+                //add creation date value
+                break;
+            case UPDATE:
+                //add update value
+                break;
+            default:
+        }
     }
-    
+
     /**
      * create document in the Nuxeo repository
      *
@@ -313,7 +307,7 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
     @Override
     public void get(ServiceContext ctx, DocumentHandler handler)
             throws DocumentNotFoundException, DocumentException {
-       QueryContext queryContext = new QueryContext(ctx, handler);
+        QueryContext queryContext = new QueryContext(ctx, handler);
         RepositoryInstance repoSession = null;
 
         try {
@@ -396,7 +390,7 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
         }
         return wrapDoc;
     }
-    
+
     /**
      * find wrapped documentModel from the Nuxeo repository
      * @param ctx service context under which this method is invoked
@@ -411,16 +405,16 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
         DocumentWrapper<DocumentModel> wrapDoc = null;
 
         try {
-               QueryContext queryContext = new QueryContext(ctx, whereClause);
+            QueryContext queryContext = new QueryContext(ctx, whereClause);
             repoSession = getRepositorySession();
             DocumentModelList docList = null;
             // force limit to 1, and ignore totalSize
             String query = buildNXQLQuery(queryContext);
             docList = repoSession.query(query,
-                       null, //Filter
-                       1, //limit
-                       0, //offset
-                       false); //countTotal
+                    null, //Filter
+                    1, //limit
+                    0, //offset
+                    false); //countTotal
             if (docList.size() != 1) {
                 if (logger.isDebugEnabled()) {
                     logger.debug("findDoc: Query found: " + docList.size() + " items.");
@@ -486,7 +480,7 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
      */
     @Override
     public DocumentWrapper<DocumentModelList> findDocs(
-               ServiceContext ctx,
+            ServiceContext ctx,
             List<String> docTypes,
             String whereClause,
             int pageSize, int pageNum, boolean computeTotal)
@@ -613,7 +607,7 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
             }
         }
     }
-    
+
     /**
      * getFiltered get all documents for an entity service from the Document repository,
      * given filter parameters specified by the handler. 
@@ -625,8 +619,8 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
     @Override
     public void getFiltered(ServiceContext ctx, DocumentHandler handler)
             throws DocumentNotFoundException, DocumentException {
-       QueryContext queryContext = new QueryContext(ctx, handler);
-               
+        QueryContext queryContext = new QueryContext(ctx, handler);
+
         RepositoryInstance repoSession = null;
         try {
             handler.prepare(Action.GET_ALL);
@@ -642,7 +636,7 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
             // in returned DocumentModelList.
             if ((queryContext.docFilter.getOffset() > 0) || (queryContext.docFilter.getPageSize() > 0)) {
                 docList = repoSession.query(query, null,
-                               queryContext.docFilter.getPageSize(), queryContext.docFilter.getOffset(), true);
+                        queryContext.docFilter.getPageSize(), queryContext.docFilter.getOffset(), true);
             } else {
                 docList = repoSession.query(query);
             }
@@ -771,20 +765,83 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
         throw new UnsupportedOperationException();
     }
 
+    @Override
+    public Hashtable<String, String> retrieveWorkspaceIds(String domainName) throws Exception {
+        return NuxeoConnector.getInstance().retrieveWorkspaceIds(domainName);
+    }
+
+    @Override
+    public String createDomain(String domainName) throws Exception {
+        RepositoryInstance repoSession = null;
+        String domainId = null;
+        try {
+            repoSession = getRepositorySession();
+            DocumentRef parentDocRef = new PathRef("/");
+            DocumentModel parentDoc = repoSession.getDocument(parentDocRef);
+            DocumentModel doc = repoSession.createDocumentModel(parentDoc.getPathAsString(),
+                    domainName, "Domain");
+            doc.setPropertyValue("dc:title", domainName);
+            doc.setPropertyValue("dc:description", "A CollectionSpace domain "
+                    + domainName);
+            doc = repoSession.createDocument(doc);
+            domainId = doc.getId();
+            repoSession.save();
+            if (logger.isDebugEnabled()) {
+                logger.debug("created tenant domain name=" + domainName
+                        + " id=" + domainId);
+            }
+        } catch (Exception e) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("createTenantSpace caught exception ", e);
+            }
+            throw e;
+        } finally {
+            if (repoSession != null) {
+                releaseRepositorySession(repoSession);
+            }
+        }
+        return domainId;
+    }
+
+    @Override
+    public String getDomainId(String domainName) throws Exception {
+        String domainId = null;
+        RepositoryInstance repoSession = null;
+        try {
+            repoSession = getRepositorySession();
+            DocumentRef docRef = new PathRef(
+                    "/" + domainName);
+            DocumentModel domain = repoSession.getDocument(docRef);
+            domainId = domain.getId();
+        } catch (Exception e) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Caught exception ", e);
+            }
+            //there is no way to identify if document does not exist due to
+            //lack of typed exception for getDocument method
+            return null;
+        } finally {
+            if (repoSession != null) {
+                releaseRepositorySession(repoSession);
+            }
+        }
+        return domainId;
+    }
+
     /* (non-Javadoc)
      * @see org.collectionspace.services.common.repository.RepositoryClient#createWorkspace(java.lang.String, java.lang.String)
      */
     @Override
-    public String createWorkspace(String tenantDomain, String workspaceName) throws Exception {
+    public String createWorkspace(String domainName, String workspaceName) throws Exception {
         RepositoryInstance repoSession = null;
         String workspaceId = null;
         try {
             repoSession = getRepositorySession();
-            DocumentRef docRef = new PathRef(
-                    "/" + tenantDomain
+            DocumentRef parentDocRef = new PathRef(
+                    "/" + domainName
                     + "/" + "workspaces");
-            DocumentModel parent = repoSession.getDocument(docRef);
-            DocumentModel doc = repoSession.createDocumentModel(parent.getPathAsString(),
+            DocumentModel parentDoc = repoSession.getDocument(parentDocRef);
+            DocumentModel doc = repoSession.createDocumentModel(parentDoc.getPathAsString(),
                     workspaceName, "Workspace");
             doc.setPropertyValue("dc:title", workspaceName);
             doc.setPropertyValue("dc:description", "A CollectionSpace workspace for "
@@ -846,20 +903,20 @@ public class RepositoryJavaClientImpl implements RepositoryClient {
      * @param where the where
      * @param domain the domain
      */
-    private final void appendNXQLWhere(StringBuilder query, QueryContext queryContext) {       
-       //
-       // Restrict search to a specific Nuxeo domain
+    private final void appendNXQLWhere(StringBuilder query, QueryContext queryContext) {
+        //
+        // Restrict search to a specific Nuxeo domain
         // TODO This is a slow method for tenant-filter
         // We should make this a property that is indexed.
-       //
+        //
         query.append(" WHERE ecm:path STARTSWITH '/" + queryContext.domain + "'");
-        
+
         //
         // Restrict search to the current tenant ID.  Is the domain path filter (above) still needed?
         //
-        query.append(IQueryManager.SEARCH_QUALIFIER_AND + DocumentModelHandler.COLLECTIONSPACE_CORE_SCHEMA + ":" +
-                       DocumentModelHandler.COLLECTIONSPACE_CORE_TENANTID +
-                       " = " + queryContext.tenantId);
+        query.append(IQueryManager.SEARCH_QUALIFIER_AND + DocumentModelHandler.COLLECTIONSPACE_CORE_SCHEMA + ":"
+                + DocumentModelHandler.COLLECTIONSPACE_CORE_TENANTID
+                + " = " + queryContext.tenantId);
         //
         // Finally, append the incoming where clause
         //

diff --git a/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/TenantRepository.java b/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/TenantRepository.java
index ab0df0d13c56f482f4c6eee69d50270ff1ee7c25..401b66a505dbb4f91efb6e00155881f5aed55368 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/TenantRepository.java
+++ b/services/common/src/main/java/org/collectionspace/services/nuxeo/client/java/TenantRepository.java
@@ -32,6 +32,7 @@ import org.collectionspace.services.common.repository.RepositoryClientFactory;
 import org.collectionspace.services.common.service.ServiceBindingType;
 import org.collectionspace.services.common.tenant.TenantBindingType;
 import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
+import org.collectionspace.services.common.tenant.RepositoryDomainType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -43,135 +44,180 @@ import org.slf4j.LoggerFactory;
 public class TenantRepository {
 
     final private static TenantRepository self = new TenantRepository();
-    
     final Logger logger = LoggerFactory.getLogger(TenantRepository.class);
     //tenant-qualified service, workspace
     private Hashtable<String, String> serviceWorkspaces = new Hashtable<String, String>();
 
     private TenantRepository() {
-        
     }
 
     public static TenantRepository get() {
         return self;
     }
-    
+
+    /**
+     * getWorkspaceId for a tenant's service
+     * @param tenantId
+     * @param serviceName
+     * @return workspace id
+     */
+    public String getWorkspaceId(String tenantId, String serviceName) {
+        String tenantService =
+                TenantBindingConfigReaderImpl.getTenantQualifiedServiceName(tenantId, serviceName);
+        return serviceWorkspaces.get(tenantService);
+    }
+
     /**
-     * retrieveWorkspaceIds is called at initialization time to retrieve
-     * workspace ids of all the tenants
+     * setup is called at initialization time to setup tenant specific repository(s)
+     * it will create repository domain(s) and
+     * also service workspaces for all the services used by given tenant(s)
      * @param hashtable <tenant name, tenantbinding>
      * @throws Exception
      */
-    synchronized public void retrieveAllWorkspaceIds(Hashtable<String, TenantBindingType> tenantBindings)
+    synchronized public void setup(Hashtable<String, TenantBindingType> tenantBindings)
             throws Exception {
         for (TenantBindingType tenantBinding : tenantBindings.values()) {
-            retrieveWorkspaceIds(tenantBinding);
+            setup(tenantBinding);
         }
     }
 
     /**
-     * retrieveWorkspaceIds retrieves workspace ids for services used by
-     * the given tenant
+     * setup sets up repository(s) for given tenant
+     * it will create repository domains and also service workspaces if needed
      * @param tenantBinding
      * @throws Exception
      */
-    synchronized public void retrieveWorkspaceIds(TenantBindingType tenantBinding) throws Exception {
-        Hashtable<String, String> workspaceIds = new Hashtable<String, String>();
+    synchronized public void setup(TenantBindingType tenantBinding) throws Exception {
         ServiceMain svcMain = ServiceMain.getInstance();
-        RepositoryClientConfigType rclientConfig = svcMain.getServicesConfigReader().getConfiguration().getRepositoryClient();
+        RepositoryClientConfigType rclientConfig =
+                svcMain.getServicesConfigReader().getConfiguration().getRepositoryClient();
         ClientType clientType = svcMain.getClientType();
         if (clientType.equals(ClientType.JAVA)
                 && rclientConfig.getName().equalsIgnoreCase("nuxeo-java")) {
-            //FIXME only one repository client is recognized
-            workspaceIds = svcMain.getNuxeoConnector().retrieveWorkspaceIds(
-                    tenantBinding.getRepositoryDomain());
+            for (RepositoryDomainType repositoryDomain : tenantBinding.getRepositoryDomain()) {
+                createDomain(tenantBinding, repositoryDomain);
+                createWorkspaces(tenantBinding, repositoryDomain);
+            }
         }
-        //verify if workspace exists for each service in the tenant binding
+    }
+
+    private RepositoryClient getRepositoryClient(RepositoryDomainType repositoryDomain) {
+        String clientName = repositoryDomain.getRepositoryClient();
+        if (clientName == null) {
+            String msg = "Could not find repository client=" + clientName
+                    + " for repositoryDomain=" + repositoryDomain.getName();
+            logger.error(msg);
+            throw new IllegalArgumentException(msg);
+        }
+        return RepositoryClientFactory.getInstance().getClient(clientName);
+    }
+
+    /**
+     * createDomain retrieves domain id for the given domain or creates one
+     * @param tenantBinding
+     * @param repositoryDomain
+     * @throws Exception
+     */
+    synchronized private void createDomain(TenantBindingType tenantBinding,
+            RepositoryDomainType repositoryDomain) throws Exception {
+        String domainName = repositoryDomain.getName();
+        RepositoryClient repositoryClient = getRepositoryClient(repositoryDomain);
+        String domainId = repositoryClient.getDomainId(domainName);
+        if (domainId == null) {
+            domainId = repositoryClient.createDomain(domainName);
+            if (logger.isDebugEnabled()) {
+                logger.debug("created repository domain for " + domainName
+                        + " id=" + domainId);
+            }
+        } else {
+            if (logger.isDebugEnabled()) {
+                logger.debug("found repository domain for " + domainName
+                        + " id=" + domainId);
+            }
+        }
+    }
+
+    /**
+     * createWorkspaces retrieves workspace ids for each domain specified in
+     * the tenant binding, if workspace does not exist, it creates one
+     * @param tenantBinding
+     * @param repositoryDomain
+     * @throws Exception
+     */
+    synchronized private void createWorkspaces(TenantBindingType tenantBinding,
+            RepositoryDomainType repositoryDomain) throws Exception {
+
+        RepositoryClient repositoryClient = getRepositoryClient(repositoryDomain);
+
+        //retrieve all workspace ids for a domain
+        //domain specific table of workspace name and id
+        Hashtable<String, String> workspaceIds =
+                repositoryClient.retrieveWorkspaceIds(repositoryDomain.getName());
+        //verify if workspace exists for each service from the tenant binding
         for (ServiceBindingType serviceBinding : tenantBinding.getServiceBindings()) {
             String serviceName = serviceBinding.getName();
-            String repositoryClientName = serviceBinding.getRepositoryClient();
-            if (repositoryClientName == null) {
+            String repositoryDomainName = serviceBinding.getRepositoryDomain();
+            if (repositoryDomainName == null) {
                 //no repository needed for this service...skip
                 if (logger.isInfoEnabled()) {
                     logger.info("The service " + serviceName
+                            + " for tenant=" + tenantBinding.getName()
                             + " does not seem to require a document repository.");
                 }
                 continue;
             }
-
-            if (repositoryClientName.isEmpty()) {
-                String msg = "Invalid repositoryClient " + serviceName;
+            if (repositoryDomainName.isEmpty()) {
+                String msg = "Invalid repositoryDomain for " + serviceName
+                        + " for tenant=" + tenantBinding.getName();
                 logger.error(msg);
                 continue;
             }
-            repositoryClientName = repositoryClientName.trim();
-            RepositoryClient repositoryClient = getRepositoryClient(
-                    repositoryClientName);
-            if (repositoryClient == null) {
-                String msg = "Could not find repositoryClient " + repositoryClientName
-                        + " for service=" + serviceName;
-                logger.error(msg);
+            repositoryDomainName = repositoryDomainName.trim();
+            if (!repositoryDomain.getName().equalsIgnoreCase(repositoryDomainName)) {
                 continue;
             }
             String workspaceId = null;
             //workspace name is service name by convention
             String workspace = serviceName.toLowerCase();
-            if (clientType.equals(ClientType.JAVA)) {
+            //if workspaceid is in the binding, take it, else retrieve
+            workspaceId = serviceBinding.getRepositoryWorkspaceId();
+            if (workspaceId == null) {
                 workspaceId = workspaceIds.get(workspace);
                 if (workspaceId == null) {
                     if (logger.isWarnEnabled()) {
                         logger.warn("Failed to retrieve workspace ID for " + workspace
-                                + " from repository, trying to create a new workspace ...");
+                                + " from repository, creating a new workspace ...");
                     }
                     workspaceId = repositoryClient.createWorkspace(
-                            tenantBinding.getRepositoryDomain(),
+                            repositoryDomain.getName(),
                             serviceBinding.getName());
                     if (workspaceId == null) {
                         if (logger.isWarnEnabled()) {
                             logger.warn("Failed to create workspace in repository"
-                                    + " for service=" + workspace);
+                                    + " for service=" + workspace
+                                    + " for tenant=" + tenantBinding.getName());
                         }
                         continue;
                     }
                     if (logger.isDebugEnabled()) {
                         logger.debug("Successfully created workspace in repository"
-                                + " id=" + workspaceId + " for service=" + workspace);
+                                + " id=" + workspaceId + " for service=" + workspace
+                                + " for tenant=" + tenantBinding.getName());
                     }
                 }
-            } else {
-                workspaceId = serviceBinding.getRepositoryWorkspaceId();
-                if (workspaceId == null || "".equals(workspaceId)) {
-                    logger.error("Could not find workspace in repository for"
-                            + " service=" + workspace);
-                    //FIXME: should we throw an exception here?
-                    continue;
-                }
             }
-            String tenantService =
-                    TenantBindingConfigReaderImpl.getTenantQualifiedServiceName(tenantBinding.getId(), serviceName);
-            serviceWorkspaces.put(tenantService, workspaceId);
-            if (logger.isInfoEnabled()) {
-                logger.info("Created/retrieved repository workspace="
-                        + workspace + " id=" + workspaceId
-                        + " for service=" + serviceName);
+            if (workspaceId != null) {
+                String tenantService =
+                        TenantBindingConfigReaderImpl.getTenantQualifiedServiceName(
+                        tenantBinding.getId(), serviceName);
+                serviceWorkspaces.put(tenantService, workspaceId);
+                if (logger.isInfoEnabled()) {
+                    logger.info("Created/retrieved repository workspace="
+                            + workspace + " id=" + workspaceId
+                            + " for service=" + serviceName
+                            + " for tenant=" + tenantBinding.getName());
+                }
             }
-        }
-    }
-
-    /**
-     * getWorkspaceId for a tenant's service
-     * @param tenantId
-     * @param serviceName
-     * @return workspace id
-     */
-    public String getWorkspaceId(String tenantId, String serviceName) {
-        String tenantService =
-                TenantBindingConfigReaderImpl.getTenantQualifiedServiceName(tenantId, serviceName);
-        return serviceWorkspaces.get(tenantService);
-    }
-
-    
-    private RepositoryClient getRepositoryClient(String clientName) {
-        return RepositoryClientFactory.getInstance().getClient(clientName);
+        }//rof for service binding
     }
 }

diff --git a/services/common/src/main/resources/service.xsd b/services/common/src/main/resources/service.xsd
index ac21ce735d0de2696b802ec5704a703238797612..992cba2cda3d6edb6e4b26858a0386fc2107c4d5 100644 (file)
--- a/services/common/src/main/resources/service.xsd
+++ b/services/common/src/main/resources/service.xsd
@@ -41,8 +41,8 @@
             <!-- validator handler(s) to be used to validate the content (need to be in classpath) -->
             <!-- validator handler is called for create (POST) and update (PUT) requests only -->
             <xs:element name="validatorHandler" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
-            <!-- name of the repository client (from service-config.xml) -->
-            <xs:element name="repositoryClient" type="xs:string" minOccurs="0" maxOccurs="1"/>
+            <!-- name of the repository domain -->
+            <xs:element name="repositoryDomain" type="xs:string" minOccurs="0" maxOccurs="1"/>
             <!-- repositoryWorkspaceId could be workspace id -->
             <!-- used only for Nuxeo rest client -->
             <xs:element name="repositoryWorkspaceId" type="xs:string" minOccurs="0" maxOccurs="1"/>

diff --git a/services/common/src/main/resources/tenant.xsd b/services/common/src/main/resources/tenant.xsd
index 5dd8ea1acc3e421698f547bb2f8e49c80266e06e..042ba2e8226328969cf367f5bb1f2f57dd6dab80 100644 (file)
--- a/services/common/src/main/resources/tenant.xsd
+++ b/services/common/src/main/resources/tenant.xsd
@@ -5,22 +5,22 @@
     You may not use this file except in compliance with this License.
 
     You may obtain a copy of the ECL 2.0 License at
-    
+
     https://source.collectionspace.org/collection-space/LICENSE.txt
 
     Document   : tenant-binding.xsd
     Revision   : $LastChangedRevision$
     Created on : $LastChangedDate$
     Description:
-        
+
 -->
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
-  xmlns="http://collectionspace.org/services/common/tenant"
-  xmlns:types="http://collectionspace.org/services/common/types"
-  xmlns:service="http://collectionspace.org/services/common/service"
-  targetNamespace="http://collectionspace.org/services/common/tenant"
-  version="0.1"
-  elementFormDefault="qualified">
+           xmlns="http://collectionspace.org/services/common/tenant"
+           xmlns:types="http://collectionspace.org/services/common/types"
+           xmlns:service="http://collectionspace.org/services/common/service"
+           targetNamespace="http://collectionspace.org/services/common/tenant"
+           version="0.1"
+           elementFormDefault="qualified">
 
     <xs:import namespace="http://collectionspace.org/services/common/types" schemaLocation="types.xsd" />
     <xs:import namespace="http://collectionspace.org/services/common/service" schemaLocation="service.xsd" />
@@ -40,8 +40,12 @@
         TenantBindingType describes bindings for each tenant in CollectionSpace
     -->
     <xs:complexType name="TenantBindingType">
+        <xs:annotation>
+            <xs:documentation>Tenant bindings</xs:documentation>
+        </xs:annotation>
         <xs:sequence>
-                                               <xs:element name="properties" type="types:PropertyType" minOccurs="0" maxOccurs="unbounded"/>
+            <xs:element name="repositoryDomain" type="RepositoryDomainType" minOccurs="0" maxOccurs="unbounded"/>
+            <xs:element name="properties" type="types:PropertyType" minOccurs="0" maxOccurs="unbounded"/>
             <xs:element name="serviceBindings" type="service:ServiceBindingType" minOccurs="0" maxOccurs="unbounded"/>
         </xs:sequence>
         <!-- tenant id, a UUID -->
@@ -52,8 +56,16 @@
         <!-- display name as Museum of Moving Images -->
         <xs:attribute name="displayName" type="xs:string" use="required"/>
         <xs:attribute name="version" type="types:VersionType" use="required"/>
-        <!-- repository domain -->
-        <xs:attribute name="repositoryDomain" type="xs:string" use="optional" default="default-domain"/>
+
+    </xs:complexType>
+
+    <xs:complexType name="RepositoryDomainType">
+        <xs:annotation>
+            <xs:documentation>Repository domain configuartion</xs:documentation>
+        </xs:annotation>
+        <xs:sequence/>
+        <xs:attribute name="name" type="xs:string" use="required"/>
+        <xs:attribute name="repositoryClient" type="xs:string" use="optional" default="nuxeo-java"/>
     </xs:complexType>
 
 </xs:schema>

diff --git a/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthenticationServiceTest.java b/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthenticationServiceTest.java
index 9e3d0b1bfd9bafecbb38a44ff58e0d52f6d1e83a..eb74db3c7763f6dd68c2c84feb20993b09b3523f 100644 (file)
--- a/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthenticationServiceTest.java
+++ b/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthenticationServiceTest.java
@@ -62,11 +62,10 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl {
     private String knownResourceId = null;
     private String barneyAccountId = null; //active
     private String georgeAccountId = null; //inactive
-    
     /** The logger. */
     private final String CLASS_NAME = AuthenticationServiceTest.class.getName();
     private final Logger logger = LoggerFactory.getLogger(CLASS_NAME);
-    
+
     /* (non-Javadoc)
      * @see org.collectionspace.services.client.test.AbstractServiceTest#getServicePathComponent()
      */
@@ -102,7 +101,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl {
 
     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
     public void createActiveAccount(String testName) throws Exception {
-        
+
         if (logger.isDebugEnabled()) {
             logger.debug(testBanner(testName, CLASS_NAME));
         }
@@ -110,13 +109,14 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl {
         // (e.g. CREATE, DELETE), its valid and expected status codes, and
         // its associated HTTP method name (e.g. POST, DELETE).
         setupCreate();
-        
+
         AccountClient accountClient = new AccountClient();
         accountClient.setAuth(true, "test", true, "test", true);
 
         // Submit the request to the service and store the response.
         AccountsCommon account =
-                createAccountInstance("barney", "barney08", "barney@dinoland.com", false);
+                createAccountInstance("barney", "barney08", "barney@dinoland.com",
+                accountClient.getTenantId(), false);
         ClientResponse<Response> res = accountClient.create(account);
         int statusCode = res.getStatus();
 
@@ -139,19 +139,20 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl {
 
     @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class)
     public void createInactiveAccount(String testName) throws Exception {
-        
+
         if (logger.isDebugEnabled()) {
             logger.debug(testBanner(testName, CLASS_NAME));
         }
         // Perform setup.
         setupCreate();
-        
+
         AccountClient accountClient = new AccountClient();
         accountClient.setAuth(true, "test", true, "test", true);
 
         // Submit the request to the service and store the response.
         AccountsCommon account =
-                createAccountInstance("george", "george08", "george@curiousland.com", false);
+                createAccountInstance("george", "george08", "george@curiousland.com",
+                accountClient.getTenantId(), false);
         ClientResponse<Response> res = accountClient.create(account);
         int statusCode = res.getStatus();
 
@@ -460,11 +461,11 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl {
     }
 
     private AccountsCommon createAccountInstance(String screenName,
-            String passwd, String email, boolean invalidTenant) {
+            String passwd, String email, String tenantId, boolean invalidTenant) {
 
         AccountsCommon account = AccountFactory.createAccountInstance(screenName,
-                screenName, passwd, email,
-                true, true, invalidTenant, true, true);
+                screenName, passwd, email, tenantId,
+                true, invalidTenant, true, true);
 
         List<AccountTenant> atl = account.getTenants();
 

diff --git a/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthorizationServiceTest.java b/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthorizationServiceTest.java
index ea8cead188311bf9d1fda331457bcb329a8d46c1..da602745c2ddb79a0cb340394470ccb783721214 100644 (file)
--- a/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthorizationServiceTest.java
+++ b/services/security/client/src/test/java/org/collectionspace/services/security/client/test/AuthorizationServiceTest.java
@@ -469,8 +469,7 @@ public class AuthorizationServiceTest extends AbstractServiceTestImpl {
 
         // Submit the request to the service and store the response.
         DimensionClient client = new DimensionClient();
-        //default user test/test has delete permission
-        client.setAuth(true, "test", true, "test", true);
+
         ClientResponse<Response> res = client.delete(knownResourceId);
         int statusCode = res.getStatus();
 
@@ -608,11 +607,11 @@ public class AuthorizationServiceTest extends AbstractServiceTestImpl {
 
     private String createAccount(String userName, String email) {
         setupCreate();
-        AccountClient accClient = new AccountClient();
+        AccountClient accountClient = new AccountClient();
         AccountsCommon account = AccountFactory.createAccountInstance(
-                userName, userName, userName, email,
-                true, true, false, true, true);
-        ClientResponse<Response> res = accClient.create(account);
+                userName, userName, userName, email, accountClient.getTenantId(),
+                true, false, true, true);
+        ClientResponse<Response> res = accountClient.create(account);
         int statusCode = res.getStatus();
         if (logger.isDebugEnabled()) {
             logger.debug("createAccount: userName=" + userName
@@ -757,4 +756,9 @@ public class AuthorizationServiceTest extends AbstractServiceTestImpl {
             deleteAccount(av1.getAccountId());
         }
     }
+
+
+    private String getTenantId(AccountClient client) {
+        return client.getProperty(AccountClient.TENANT_PROPERTY);
+    }
 }

diff --git a/src/main/resources/db/mysql/service-dump.sql b/src/main/resources/db/mysql/service-dump.sql
deleted file mode 100644 (file)
index 457d392..0000000
--- a/src/main/resources/db/mysql/service-dump.sql
+++ /dev/null
@@ -1,98 +0,0 @@
--- MySQL Administrator dump 1.4
---
--- ------------------------------------------------------
--- Server version      5.1.31-community
-
-
-/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
-/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
-/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
-/*!40101 SET NAMES utf8 */;
-
-/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
-/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
-/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
-
-
---
--- Create schema cspace
---
-
-CREATE DATABASE IF NOT EXISTS cspace;
-USE cspace;
-
---
--- Definition of table `roles`
---
-
-DROP TABLE IF EXISTS `roles`;
-CREATE TABLE `roles` (
-  `rolename` varchar(128) NOT NULL,
-  `rolegroup` varchar(128) DEFAULT NULL,
-  PRIMARY KEY (`rolename`),
-  KEY `rolename_roles` (`rolename`)
-) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-
---
--- Dumping data for table `roles`
---
-
-/*!40000 ALTER TABLE `roles` DISABLE KEYS */;
-INSERT INTO `roles` (`rolename`,`rolegroup`) VALUES 
- ('collections_manager','collections'),
- ('collections_registrar','collections');
-/*!40000 ALTER TABLE `roles` ENABLE KEYS */;
-
-
---
--- Definition of table `users`
---
-
-DROP TABLE IF EXISTS `users`;
-CREATE TABLE `users` (
-  `username` varchar(128) NOT NULL,
-  `passwd` varchar(128) NOT NULL,
-  PRIMARY KEY (`username`),
-  KEY `username_users` (`username`)
-) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-
---
--- Dumping data for table `users`
---
-
-/*!40000 ALTER TABLE `users` DISABLE KEYS */;
-INSERT INTO `users` (`username`,`passwd`) VALUES 
- ('test','n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg=');
-/*!40000 ALTER TABLE `users` ENABLE KEYS */;
-
-
---
--- Definition of table `users_roles`
---
-
-DROP TABLE IF EXISTS `users_roles`;
-CREATE TABLE `users_roles` (
-  `username` varchar(128) NOT NULL,
-  `rolename` varchar(128) NOT NULL,
-  KEY `username_users_roles` (`username`)
-) ENGINE=InnoDB DEFAULT CHARSET=latin1;
-
---
--- Dumping data for table `users_roles`
---
-
-/*!40000 ALTER TABLE `users_roles` DISABLE KEYS */;
-INSERT INTO `users_roles` (`username`,`rolename`) VALUES 
- ('test','collections_manager');
-/*!40000 ALTER TABLE `users_roles` ENABLE KEYS */;
-
-
-
-
-/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
-/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
-/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
-/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
-/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
-/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
-/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;