From: Sanjay Dalal <sanjay.dalal@berkeley.edu>
Date: Wed, 26 May 2010 23:18:24 +0000 (+0000)
Subject: CSPACE-1935 moved import driver out of test framework into a standalone utility
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=e42e8bc561d136f2be4569a861f62a08e621c086;p=tmp%2Fjakarta-migration.git

CSPACE-1935 moved import driver out of test framework into a standalone utility
use ant import at any level to invoke the driver. requires build.

!!NOTE!!
this change overrides req. of mvn test (at authorization-mgt/import) as described in r2225 to import default permissions

cd trunk
mvn test -DskipTests
ant import
ant undeploy deploy
mvn test

D    trunk/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AuthorizationSeedTest.java
D    trunk/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AbstractAuthorizationTestImpl.java
D    trunk/services/authorization-mgt/import/src/test/resources/applicationContext-authorization-test.xml
D    trunk/services/authorization-mgt/import/src/test/resources/log4j.properties
A    trunk/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver
A  + trunk/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver/AuthorizationSeedDriver.java
A    trunk/services/authorization-mgt/import/src/main/java/org/collectionspace/ImportAuthz.java
M    trunk/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml
M    trunk/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml
A  + trunk/services/authorization-mgt/import/src/main/resources/applicationContext-authorization-test.xml
A  + trunk/services/authorization-mgt/import/src/main/resources/log4j.properties
M    trunk/services/authorization-mgt/import/pom.xml
M    trunk/services/authorization-mgt/import/build.xml
M    trunk/services/authorization-mgt/build.xml
M    trunk/services/pom.xml
M    trunk/services/build.xml
M    trunk/build.xml
---

diff --git a/build.xml b/build.xml
index 0e51cdb26..849b79fb2 100644
--- a/build.xml
+++ b/build.xml
@@ -222,6 +222,10 @@
         <ant antfile="services/build.xml" target="create_db" inheritAll="false"/>
     </target>
 
+    <target name="import"
+            description="import default configuration">
+        <ant antfile="services/build.xml" target="import" inheritAll="false"/>
+    </target>
 
     <target name="deploy" depends="install"
             description="deploy services in ${jboss.server.cspace}">
diff --git a/services/authorization-mgt/build.xml b/services/authorization-mgt/build.xml
index db79361bf..d3d59c4b5 100644
--- a/services/authorization-mgt/build.xml
+++ b/services/authorization-mgt/build.xml
@@ -115,6 +115,11 @@
             description="create tables(s), indices for authorization service">
     </target>
 
+    <target name="import"
+            description="import default authorizations">
+        <ant antfile="import/build.xml" target="import" inheritAll="false"/>
+    </target>
+
     <target name="deploy" depends="install"
             description="deploy authorization service">
         <ant antfile="service/build.xml" target="deploy" inheritall="false"/>
diff --git a/services/authorization-mgt/import/build.xml b/services/authorization-mgt/import/build.xml
index 8c3f0950c..00a232e9e 100644
--- a/services/authorization-mgt/import/build.xml
+++ b/services/authorization-mgt/import/build.xml
@@ -110,6 +110,29 @@
     </target>
 
 
+    <target name="import" depends="import-unix,import-windows"
+            description="import authorization" />
+    <target name="import-unix" if="osfamily-unix">
+        <exec executable="mvn" failonerror="true">
+            <arg value="exec:java" />
+            <arg value="-f" />
+            <arg value="${basedir}/pom.xml" />
+            <arg value="-N" />
+            <arg value="${mvn.opts}" />
+        </exec>
+    </target>
+    <target name="import-windows" if="osfamily-windows">
+        <exec executable="cmd" failonerror="true">
+            <arg value="/c" />
+            <arg value="mvn.bat" />
+            <arg value="exec:java" />
+            <arg value="-f" />
+            <arg value="${basedir}/pom.xml" />
+            <arg value="-N" />
+            <arg value="${mvn.opts}" />
+        </exec>
+    </target>
+
 
     <target name="deploy" depends="install"
             description="deploy authorization-mgt import in ${jboss.server.cspace}">
diff --git a/services/authorization-mgt/import/pom.xml b/services/authorization-mgt/import/pom.xml
index afaff3a63..2cbd6c92c 100644
--- a/services/authorization-mgt/import/pom.xml
+++ b/services/authorization-mgt/import/pom.xml
@@ -48,8 +48,10 @@
             <artifactId>testng</artifactId>
             <version>5.6</version>
         </dependency>
-
-
+        <dependency>
+            <groupId>commons-cli</groupId>
+            <artifactId>commons-cli</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-core</artifactId>
@@ -113,48 +115,51 @@
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
-            <scope>test</scope>
         </dependency>
     </dependencies>
     <!-- use profile as this task is not needed for every build and test -->
-    <!--profiles>
-        <profile>
-            <id>import</id-->
-            <build>
-                <finalName>cspace-services-authorization-mgt-import</finalName>
-                <plugins>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-surefire-plugin</artifactId>
-                        <configuration>
-                            <systemProperties>
-                                <property>
-                                    <name>log4j.configuration</name>
-                                    <value>file:${project.build.directory}/test-classes/log4j.properties</value>
-                                </property>
-                                <property>
-                                    <name>importdir</name>
-                                    <value>${basedir}/src/main/resources/import-data/</value>
-                                </property>
-                                <property>
-                                    <name>exportdir</name>
-                                    <value>${basedir}/src/main/resources/import-data/</value>
-                                </property>
-                                <property>
-                                    <name>tenantbindings</name>
-                                    <value>${basedir}/../../common/src/main/config/services/tenant-bindings.xml</value>
-                                </property>
-                                <property>
-                                    <name>spring-beans-config</name>
-                                    <value>applicationContext-authorization-test.xml</value>
-                                </property>
-                            </systemProperties>
-                        </configuration>
-                    </plugin>
-                </plugins>
-            </build>
-        <!--/profile>
-    </profiles-->
+
+    <build>
+        <finalName>cspace-services-authorization-mgt-import</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>exec-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>java</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <mainClass>org.collectionspace.ImportAuthz</mainClass>
+                    <arguments>
+                        <argument>-u</argument>
+                        <argument>test</argument>
+                        <argument>-p</argument>
+                        <argument>test</argument>
+                        <argument>-b</argument>
+                        <argument>${basedir}/../../common/src/main/config/services/tenant-bindings.xml</argument>
+                        <argument>-idir</argument>
+                        <argument>${basedir}/src/main/resources/import-data/</argument>
+                        <argument>-edir</argument>
+                        <argument>${basedir}/src/main/resources/import-data/</argument>
+                    </arguments>
+                    <systemProperties>
+                    </systemProperties>
+                </configuration>
+                <dependencies>
+                    <dependency>
+                        <groupId>mysql</groupId>
+                        <artifactId>mysql-connector-java</artifactId>
+                        <version>5.1.5</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+        </plugins>
+
+    </build>
 
 </project>
 
diff --git a/services/authorization-mgt/import/src/main/java/org/collectionspace/ImportAuthz.java b/services/authorization-mgt/import/src/main/java/org/collectionspace/ImportAuthz.java
new file mode 100644
index 000000000..39358525d
--- /dev/null
+++ b/services/authorization-mgt/import/src/main/java/org/collectionspace/ImportAuthz.java
@@ -0,0 +1,80 @@
+/**
+ *  This document is a part of the source code and related artifacts
+ *  for CollectionSpace, an open source collections management system
+ *  for museums and related institutions:
+
+ *  http://www.collectionspace.org
+ *  http://wiki.collectionspace.org
+
+ *  Copyright 2010 University of California at Berkeley
+
+ *  Licensed under the Educational Community License (ECL), Version 2.0.
+ *  You may not use this file except in compliance with this License.
+
+ *  You may obtain a copy of the ECL 2.0 License at
+
+ *  https://source.collectionspace.org/collection-space/LICENSE.txt
+
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+/*
+ * To change this template, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.collectionspace;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.GnuParser;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.ParseException;
+import org.collectionspace.services.authorization.driver.AuthorizationSeedDriver;
+
+/**
+ * ImportAuthz imports default permissions and roles for a tenant(s)
+ * @authorF
+ */
+public class ImportAuthz {
+
+    public static void main(String[] args) {
+
+        Options options = createOptions();
+
+        CommandLineParser parser = new GnuParser();
+        try {
+            // parse the command line arguments
+            CommandLine line = parser.parse(options, args);
+            String user = line.getOptionValue("u");
+            String password = line.getOptionValue("p");
+            String tenantBinding = line.getOptionValue("b");
+            String importDir = line.getOptionValue("idir");
+            String exportDir = line.getOptionValue("edir");
+            System.out.println("user=" + user
+                    + " password=" + password
+                    + " tenantBinding=" + tenantBinding
+                    + " importDir=" + importDir
+                    + " exportDir=" + exportDir);
+            AuthorizationSeedDriver driver = new AuthorizationSeedDriver(
+                    user, password, tenantBinding, importDir, exportDir);
+            driver.seedData();
+        } catch (ParseException exp) {
+            // oops, something went wrong
+            System.err.println("Parsing failed.  Reason: " + exp.getMessage());
+        }
+
+    }
+
+    private static Options createOptions() {
+        Options options = new Options();
+        options.addOption("u", true, "username");
+        options.addOption("p", true, "password");
+        options.addOption("b", true, "tenant binding file");
+        options.addOption("idir", true, "import dir");
+        options.addOption("edir", true, "export dir");
+        return options;
+    }
+}
diff --git a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver/AuthorizationSeedDriver.java b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver/AuthorizationSeedDriver.java
new file mode 100644
index 000000000..34cac1756
--- /dev/null
+++ b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/driver/AuthorizationSeedDriver.java
@@ -0,0 +1,168 @@
+/**
+ *  This document is a part of the source code and related artifacts
+ *  for CollectionSpace, an open source collections management system
+ *  for museums and related institutions:
+
+ *  http://www.collectionspace.org
+ *  http://wiki.collectionspace.org
+
+ *  Copyright 2009 University of California at Berkeley
+
+ *  Licensed under the Educational Community License (ECL), Version 2.0.
+ *  You may not use this file except in compliance with this License.
+
+ *  You may obtain a copy of the ECL 2.0 License at
+
+ *  https://source.collectionspace.org/collection-space/LICENSE.txt
+
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.collectionspace.services.authorization.driver;
+
+import java.io.File;
+import java.util.HashSet;
+import org.collectionspace.services.authorization.AuthZ;
+import org.collectionspace.services.authorization.importer.AuthorizationGen;
+import org.collectionspace.services.authorization.importer.AuthorizationSeed;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.GrantedAuthorityImpl;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.DefaultTransactionDefinition;
+
+/**
+ * A driver for seeding authorization
+ * @author 
+ */
+public class AuthorizationSeedDriver {
+
+    final Logger logger = LoggerFactory.getLogger(AuthorizationSeedDriver.class);
+    final static private String SPRING_SECURITY_METADATA = "applicationContext-authorization-test.xml";
+    final static private String PERMISSION_FILE = "import-permissions.xml";
+    final static private String PERMISSION_ROLE_FILE = "import-permissions-roles.xml";
+    private String user = "test";
+    private String password = "test";
+    private String tenantBindingFile;
+    private String importDir;
+    private String exportDir;
+    private org.springframework.jdbc.datasource.DataSourceTransactionManager txManager;
+
+    /**
+     * AuthorizationSeedDriver
+     * @param user to use to establish security context. should be in ROLE_ADMINISTRATOR
+     * @param password
+     * @param tenantBindingFile
+     * @param importDir dir to import permisison/permission role file from. same as
+     * export dir by default
+     * @param exportDir dir to export permission/permission role file to
+     */
+    public AuthorizationSeedDriver(String user, String password,
+            String tenantBindingFile,
+            String importDir, String exportDir) {
+        if (user == null || user.isEmpty()) {
+            this.user = user;
+        }
+        if (password == null || password.isEmpty()) {
+            this.password = password;
+        }
+        if (tenantBindingFile == null || tenantBindingFile.isEmpty()) {
+            throw new IllegalStateException("tenantbindings are required.");
+        }
+        this.tenantBindingFile = tenantBindingFile;
+        if (exportDir == null || exportDir.isEmpty()) {
+            throw new IllegalStateException("exportdir required.");
+        }
+        this.exportDir = exportDir;
+        if (importDir == null || importDir.isEmpty()) {
+            importDir = exportDir;
+        } else {
+            this.importDir = importDir;
+        }
+
+    }
+
+    public void seedData() {
+        setup();
+        TransactionStatus status = null;
+        try {
+            AuthorizationGen authzGen = new AuthorizationGen();
+            authzGen.initialize(tenantBindingFile);
+            authzGen.createDefaultServicePermissions();
+            //create default role(s) for the tenant and assign permissions
+            authzGen.createDefaultPermissionsRoles();
+            authzGen.exportPermissions(exportDir + File.separator + PERMISSION_FILE);
+            authzGen.exportPermissionRoles(exportDir + File.separator + PERMISSION_ROLE_FILE);
+            if (logger.isDebugEnabled()) {
+                logger.debug("authroization generation completed ");
+            }
+            status = beginTransaction("seedData");
+            AuthorizationSeed authzSeed = new AuthorizationSeed();
+            authzSeed.seedPermissions(importDir + File.separator + PERMISSION_FILE,
+                    importDir + File.separator + PERMISSION_ROLE_FILE);
+            if (logger.isDebugEnabled()) {
+                logger.debug("authroization seeding completed ");
+            }
+        } catch (Exception ex) {
+            if (status != null) {
+                rollbackTransaction(status);
+            }
+            if (logger.isDebugEnabled()) {
+                ex.printStackTrace();
+            }
+            throw new RuntimeException(ex);
+        } finally {
+            if (status != null) {
+                commitTransaction(status);
+            }
+            logout();
+        }
+    }
+
+    private void setup() {
+
+        ClassPathXmlApplicationContext appContext = new ClassPathXmlApplicationContext(
+                new String[]{SPRING_SECURITY_METADATA});
+        login();
+        System.setProperty("spring-beans-config", SPRING_SECURITY_METADATA);
+        AuthZ authZ = AuthZ.get();
+        txManager = (org.springframework.jdbc.datasource.DataSourceTransactionManager) appContext.getBean("transactionManager");
+    }
+
+    private void login() {
+        GrantedAuthority gauth = new GrantedAuthorityImpl("ROLE_ADMINISTRATOR");
+        HashSet<GrantedAuthority> gauths = new HashSet<GrantedAuthority>();
+        gauths.add(gauth);
+        Authentication authRequest = new UsernamePasswordAuthenticationToken(user, password, gauths);
+        SecurityContextHolder.getContext().setAuthentication(authRequest);
+    }
+
+    private void logout() {
+        SecurityContextHolder.getContext().setAuthentication(null);
+    }
+
+    private TransactionStatus beginTransaction(String name) {
+        DefaultTransactionDefinition def = new DefaultTransactionDefinition();
+        // explicitly setting the transaction name is something that can only be done programmatically
+        def.setName(name);
+        def.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRED);
+        return txManager.getTransaction(def);
+    }
+
+    private void rollbackTransaction(TransactionStatus status) {
+        txManager.rollback(status);
+    }
+
+    private void commitTransaction(TransactionStatus status) {
+        txManager.commit(status);
+    }
+}
diff --git a/services/authorization-mgt/import/src/test/resources/applicationContext-authorization-test.xml b/services/authorization-mgt/import/src/main/resources/applicationContext-authorization-test.xml
similarity index 100%
rename from services/authorization-mgt/import/src/test/resources/applicationContext-authorization-test.xml
rename to services/authorization-mgt/import/src/main/resources/applicationContext-authorization-test.xml
diff --git a/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml b/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml
index ba1894f87..e13af6a5e 100644
--- a/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml
+++ b/services/authorization-mgt/import/src/main/resources/import-data/import-permissions-roles.xml
@@ -3,7 +3,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>6d0904e3-1c2a-4944-ad0a-af81137ad241</permissionId>
+            <permissionId>2bfb81c6-6d08-4928-aa56-1b3c22f52af1</permissionId>
             <resourceName>idgenerators</resourceName>
         </permission>
         <role>
@@ -14,7 +14,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>7ca72d08-8540-406f-a209-635260a3e2e3</permissionId>
+            <permissionId>69302e5e-2600-45e3-937b-b18cd1a1009d</permissionId>
             <resourceName>id</resourceName>
         </permission>
         <role>
@@ -25,7 +25,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>98df1810-145f-4366-9f38-8081daf99aba</permissionId>
+            <permissionId>cd9da6b0-672a-445a-8c91-8eb60790c163</permissionId>
             <resourceName>
                 /idgenerators/*/ids
             </resourceName>
@@ -38,7 +38,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>1ceb338a-be76-4913-86dc-bb51f29228c9</permissionId>
+            <permissionId>5a39680a-a76c-4c35-88ce-01ce78f70866</permissionId>
             <resourceName>collectionobjects</resourceName>
         </permission>
         <role>
@@ -49,7 +49,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>43ebe549-645a-4c0a-9b77-630d26120a6a</permissionId>
+            <permissionId>c7adacd4-d663-4979-af33-309cff3c1d5b</permissionId>
             <resourceName>
                 /collectionobjects/*/authorityrefs/
             </resourceName>
@@ -62,7 +62,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>447f0bbf-9025-4fbf-bc1e-e94b33e4fab4</permissionId>
+            <permissionId>026c638d-7b59-4e07-9ac8-55f4cf5bcf88</permissionId>
             <resourceName>intakes</resourceName>
         </permission>
         <role>
@@ -73,7 +73,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>6ae8ba20-9d5c-4022-82fb-2147aaad5db5</permissionId>
+            <permissionId>afd64e21-5e85-4103-a005-ebdd1768689e</permissionId>
             <resourceName>
                 /intakes/*/authorityrefs/
             </resourceName>
@@ -86,7 +86,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>457959c6-26b4-4c27-9ef2-702b46388322</permissionId>
+            <permissionId>2e9ceeeb-df32-4f8a-94ad-064b2e56c35e</permissionId>
             <resourceName>loansin</resourceName>
         </permission>
         <role>
@@ -97,7 +97,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b6cf71bc-f0f9-429e-b1f8-2179174c26b4</permissionId>
+            <permissionId>74e0498d-86ff-4e2e-812f-7f894c7a0842</permissionId>
             <resourceName>
                 /loansin/*/authorityrefs/
             </resourceName>
@@ -110,7 +110,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>5ed1e42d-ac29-457e-b120-4e90ae64e5c0</permissionId>
+            <permissionId>6b1dd0f9-6eb4-40fb-b8d4-c68f85d992fc</permissionId>
             <resourceName>loansout</resourceName>
         </permission>
         <role>
@@ -121,7 +121,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>51398d80-c7cb-42bc-ae19-f8785e760d8a</permissionId>
+            <permissionId>835ddebc-ab0c-46ca-9bed-7cd65901fec9</permissionId>
             <resourceName>
                 /loansout/*/authorityrefs/
             </resourceName>
@@ -134,7 +134,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>f243161f-b4f7-49d3-a677-011aff503e4b</permissionId>
+            <permissionId>cb18affd-0c86-4c80-85ab-cd01fc0169e4</permissionId>
             <resourceName>movements</resourceName>
         </permission>
         <role>
@@ -145,7 +145,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>a4c44ee5-a2e4-4ae1-96f2-d518b52c671d</permissionId>
+            <permissionId>73c7c7e1-d652-4b1b-8c2f-a0f6d31e861d</permissionId>
             <resourceName>
                 /movements/*/authorityrefs/
             </resourceName>
@@ -158,7 +158,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>05683f59-425c-4905-a409-afc431575f00</permissionId>
+            <permissionId>75d80adc-5dc5-4044-b463-ca549f920d12</permissionId>
             <resourceName>vocabularies</resourceName>
         </permission>
         <role>
@@ -169,7 +169,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>871a2940-e0f5-4b1e-883f-5c82f8b54bc1</permissionId>
+            <permissionId>7ed9eb73-fe3c-4f34-be69-40c7dd4c8cfe</permissionId>
             <resourceName>vocabularyitems</resourceName>
         </permission>
         <role>
@@ -180,7 +180,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>59308529-1b27-4b64-a416-0e7c4111298d</permissionId>
+            <permissionId>ba430b16-d4c2-455d-a5f0-a006c56fba40</permissionId>
             <resourceName>
                 /vocabularies/*/items/
             </resourceName>
@@ -193,7 +193,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ba1e62dc-a307-43ac-9bf4-c5ebd5b2c5a9</permissionId>
+            <permissionId>e51f2c07-8cec-423e-909d-f7e26b708250</permissionId>
             <resourceName>orgauthorities</resourceName>
         </permission>
         <role>
@@ -204,7 +204,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>ea432445-4b14-4f95-8c7c-9df78aca1014</permissionId>
+            <permissionId>6057bcf9-6130-42fb-9a39-6912fa337861</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/authorityrefs/
             </resourceName>
@@ -217,7 +217,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>eb0fcb27-0fa4-4bef-926a-4d2c61fab1ae</permissionId>
+            <permissionId>719809d0-3afb-48b2-bd35-76690eb409d4</permissionId>
             <resourceName>organizations</resourceName>
         </permission>
         <role>
@@ -228,7 +228,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>c1dd9142-3b30-4eda-a0ad-1500363d46f8</permissionId>
+            <permissionId>fd8483fb-8ddc-432f-88fe-6f1f858f5b8d</permissionId>
             <resourceName>
                 /orgauthorities/*/items/
             </resourceName>
@@ -241,7 +241,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>96f95210-28ab-4afc-bac9-60f36fac7f62</permissionId>
+            <permissionId>20fad09b-86b3-4fc4-9f77-e6f0c83e3b4f</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/refobjs
             </resourceName>
@@ -254,7 +254,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>7edd3f7a-5c1a-49fa-8637-a3a6060f774c</permissionId>
+            <permissionId>0f5f7073-6ad7-4149-9c7d-522759d08619</permissionId>
             <resourceName>personauthorities</resourceName>
         </permission>
         <role>
@@ -265,7 +265,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b349723a-b280-4529-9aec-65cc2c27ff7e</permissionId>
+            <permissionId>0bbcae28-a9f8-4093-b797-ec61f4777243</permissionId>
             <resourceName>
                 /personauthorities/*/items/
             </resourceName>
@@ -278,7 +278,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>d984acd2-ece2-4237-9e09-a9338c8911dd</permissionId>
+            <permissionId>30e5b4c8-853d-406e-9053-7b3689f38e13</permissionId>
             <resourceName>
                 /personauthorities/*/items/*/refobjs
             </resourceName>
@@ -291,7 +291,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3f497baa-d97f-433b-8a01-b01e8b5a583e</permissionId>
+            <permissionId>cee68b4a-5d74-4c7b-99b5-79ea1d6d84e6</permissionId>
             <resourceName>persons</resourceName>
         </permission>
         <role>
@@ -302,7 +302,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>cc6ed459-a4c9-4126-8753-ebdef3f6ab56</permissionId>
+            <permissionId>e6166551-917f-4802-bb8f-33e9a26897a6</permissionId>
             <resourceName>
                 /personauthorities/*/items/
             </resourceName>
@@ -315,7 +315,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>a045f459-84e0-4f1d-ba4d-33b976b58dac</permissionId>
+            <permissionId>cd071fb9-93ab-4d84-9a48-2763cb5505d2</permissionId>
             <resourceName>locationauthorities</resourceName>
         </permission>
         <role>
@@ -326,7 +326,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>da805588-5f6d-4ae5-8626-8c3d4fcbd6c2</permissionId>
+            <permissionId>e66aca29-4fb6-4800-a776-93988d5ae16a</permissionId>
             <resourceName>
                 /locationauthorities/*/items/
             </resourceName>
@@ -339,7 +339,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3521bf00-a2b9-4a61-98c6-f46157bd70e5</permissionId>
+            <permissionId>6b961b0d-1cb6-4358-a469-4c3b058fee3f</permissionId>
             <resourceName>locations</resourceName>
         </permission>
         <role>
@@ -350,7 +350,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>29bbddcd-64e3-4c72-8d4e-c7d2686ee30f</permissionId>
+            <permissionId>51a94926-b603-43f8-9e2d-a371c0e42fc4</permissionId>
             <resourceName>acquisitions</resourceName>
         </permission>
         <role>
@@ -361,7 +361,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>a497fed0-b2f9-49f1-aeac-e3a148ce8cde</permissionId>
+            <permissionId>3387d9e0-f942-436e-8f15-8a2b53d6669c</permissionId>
             <resourceName>
                 /acquisitions/*/authorityrefs/
             </resourceName>
@@ -374,7 +374,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3203c248-2ad3-4b5c-8c9f-04d3608e2370</permissionId>
+            <permissionId>01a98695-da9a-4e94-b94a-f1c18228a520</permissionId>
             <resourceName>relations</resourceName>
         </permission>
         <role>
@@ -385,7 +385,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>78ee728f-35e0-41d1-ae87-af1a84846bc8</permissionId>
+            <permissionId>8703dd4c-72b6-46a6-8c35-fb5bf86a6c92</permissionId>
             <resourceName>
                 relations/subject/*/type/*/object/*
             </resourceName>
@@ -398,7 +398,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>749e6ff2-db57-40a2-8888-922c516a66db</permissionId>
+            <permissionId>97f34c8a-e978-467e-9881-15ebc2d11f05</permissionId>
             <resourceName>accounts</resourceName>
         </permission>
         <role>
@@ -409,7 +409,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>75c36eaa-ccf5-4122-b3cd-5a4b9a071a15</permissionId>
+            <permissionId>eb0e3f69-96db-4f05-9316-021094bbcfec</permissionId>
             <resourceName>dimensions</resourceName>
         </permission>
         <role>
@@ -420,7 +420,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3d1b9ce5-2ad7-4e6a-a7d8-a125bdf2c8b6</permissionId>
+            <permissionId>10d0cf8b-1759-4692-8553-391e2bb568f3</permissionId>
             <resourceName>contacts</resourceName>
         </permission>
         <role>
@@ -431,7 +431,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>c0937cac-e60d-4d61-b1cc-6ba119e40faa</permissionId>
+            <permissionId>4da515c5-cf33-4eb7-b0ab-3ace1d3192a6</permissionId>
             <resourceName>
                 /personauthorities/*/items/*/contacts
             </resourceName>
@@ -444,7 +444,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3c04ae32-03ff-4ef5-a6ed-13af7394417b</permissionId>
+            <permissionId>7a00e318-ea14-4ebb-906f-8aea1bc9f0c4</permissionId>
             <resourceName>
                 /orgauthorities/*/items/*/contacts
             </resourceName>
@@ -457,7 +457,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>6fc381f7-3220-4fab-a382-76bd1e56d8bf</permissionId>
+            <permissionId>bda263c9-148f-452d-8e87-98b7427fc054</permissionId>
             <resourceName>notes</resourceName>
         </permission>
         <role>
@@ -468,7 +468,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>b9a7f2b4-443e-4b9c-8a0c-f21885001e10</permissionId>
+            <permissionId>180ab379-d045-43f9-8ce0-6e7bbc23ce72</permissionId>
             <resourceName>authorization/roles</resourceName>
         </permission>
         <role>
@@ -479,7 +479,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>3978c246-704e-4a13-83f7-90c8f8c0e677</permissionId>
+            <permissionId>1874f2cd-17ce-407a-ae12-31206906ae18</permissionId>
             <resourceName>authorization/permissions</resourceName>
         </permission>
         <role>
@@ -490,7 +490,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>09a1e617-e852-4f42-a4c5-0c30388cd1f2</permissionId>
+            <permissionId>cfe9fa81-c846-4025-b212-5c4a1f51298b</permissionId>
             <resourceName>authorization/permissions/permroles</resourceName>
         </permission>
         <role>
@@ -501,7 +501,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>e8260135-bd04-472b-b19b-0a2859ce4710</permissionId>
+            <permissionId>39872df7-2f7b-4f80-859a-ee01e3c5c995</permissionId>
             <resourceName>
                 /authorization/permissions/*/permroles/
             </resourceName>
@@ -514,7 +514,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>fa6547b0-9539-4cee-b4e0-0110da144f47</permissionId>
+            <permissionId>7376c78f-faef-40f2-a22a-ee1b4790d951</permissionId>
             <resourceName>accounts/accountroles</resourceName>
         </permission>
         <role>
@@ -525,7 +525,7 @@
     <permissionRole>
         <subject>ROLE</subject>
         <permission>
-            <permissionId>9c3fdc8d-907b-4de9-99fd-3b3fe6e20296</permissionId>
+            <permissionId>305b230d-f5cf-43c4-bdc4-474c0520aeed</permissionId>
             <resourceName>
                 /accounts/*/accountroles/
             </resourceName>
diff --git a/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml b/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml
index afa860c8d..2d6f074ef 100644
--- a/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml
+++ b/services/authorization-mgt/import/src/main/resources/import-data/import-permissions.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 <ns2:permissions_list xmlns:ns2="http://collectionspace.org/services/authorization">
-    <permission csid="6d0904e3-1c2a-4944-ad0a-af81137ad241">
+    <permission csid="2bfb81c6-6d08-4928-aa56-1b3c22f52af1">
         <resourceName>idgenerators</resourceName>
         <action>
             <name>CREATE</name>
@@ -20,7 +20,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="7ca72d08-8540-406f-a209-635260a3e2e3">
+    <permission csid="69302e5e-2600-45e3-937b-b18cd1a1009d">
         <resourceName>id</resourceName>
         <action>
             <name>CREATE</name>
@@ -40,7 +40,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="98df1810-145f-4366-9f38-8081daf99aba">
+    <permission csid="cd9da6b0-672a-445a-8c91-8eb60790c163">
         <resourceName>
                 /idgenerators/*/ids
             </resourceName>
@@ -62,7 +62,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="1ceb338a-be76-4913-86dc-bb51f29228c9">
+    <permission csid="5a39680a-a76c-4c35-88ce-01ce78f70866">
         <resourceName>collectionobjects</resourceName>
         <action>
             <name>CREATE</name>
@@ -82,7 +82,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="43ebe549-645a-4c0a-9b77-630d26120a6a">
+    <permission csid="c7adacd4-d663-4979-af33-309cff3c1d5b">
         <resourceName>
                 /collectionobjects/*/authorityrefs/
             </resourceName>
@@ -104,7 +104,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="447f0bbf-9025-4fbf-bc1e-e94b33e4fab4">
+    <permission csid="026c638d-7b59-4e07-9ac8-55f4cf5bcf88">
         <resourceName>intakes</resourceName>
         <action>
             <name>CREATE</name>
@@ -124,7 +124,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="6ae8ba20-9d5c-4022-82fb-2147aaad5db5">
+    <permission csid="afd64e21-5e85-4103-a005-ebdd1768689e">
         <resourceName>
                 /intakes/*/authorityrefs/
             </resourceName>
@@ -146,7 +146,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="457959c6-26b4-4c27-9ef2-702b46388322">
+    <permission csid="2e9ceeeb-df32-4f8a-94ad-064b2e56c35e">
         <resourceName>loansin</resourceName>
         <action>
             <name>CREATE</name>
@@ -166,7 +166,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="b6cf71bc-f0f9-429e-b1f8-2179174c26b4">
+    <permission csid="74e0498d-86ff-4e2e-812f-7f894c7a0842">
         <resourceName>
                 /loansin/*/authorityrefs/
             </resourceName>
@@ -188,7 +188,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="5ed1e42d-ac29-457e-b120-4e90ae64e5c0">
+    <permission csid="6b1dd0f9-6eb4-40fb-b8d4-c68f85d992fc">
         <resourceName>loansout</resourceName>
         <action>
             <name>CREATE</name>
@@ -208,7 +208,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="51398d80-c7cb-42bc-ae19-f8785e760d8a">
+    <permission csid="835ddebc-ab0c-46ca-9bed-7cd65901fec9">
         <resourceName>
                 /loansout/*/authorityrefs/
             </resourceName>
@@ -230,7 +230,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="f243161f-b4f7-49d3-a677-011aff503e4b">
+    <permission csid="cb18affd-0c86-4c80-85ab-cd01fc0169e4">
         <resourceName>movements</resourceName>
         <action>
             <name>CREATE</name>
@@ -250,7 +250,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="a4c44ee5-a2e4-4ae1-96f2-d518b52c671d">
+    <permission csid="73c7c7e1-d652-4b1b-8c2f-a0f6d31e861d">
         <resourceName>
                 /movements/*/authorityrefs/
             </resourceName>
@@ -272,7 +272,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="05683f59-425c-4905-a409-afc431575f00">
+    <permission csid="75d80adc-5dc5-4044-b463-ca549f920d12">
         <resourceName>vocabularies</resourceName>
         <action>
             <name>CREATE</name>
@@ -292,7 +292,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="871a2940-e0f5-4b1e-883f-5c82f8b54bc1">
+    <permission csid="7ed9eb73-fe3c-4f34-be69-40c7dd4c8cfe">
         <resourceName>vocabularyitems</resourceName>
         <action>
             <name>CREATE</name>
@@ -312,7 +312,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="59308529-1b27-4b64-a416-0e7c4111298d">
+    <permission csid="ba430b16-d4c2-455d-a5f0-a006c56fba40">
         <resourceName>
                 /vocabularies/*/items/
             </resourceName>
@@ -334,7 +334,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="ba1e62dc-a307-43ac-9bf4-c5ebd5b2c5a9">
+    <permission csid="e51f2c07-8cec-423e-909d-f7e26b708250">
         <resourceName>orgauthorities</resourceName>
         <action>
             <name>CREATE</name>
@@ -354,7 +354,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="ea432445-4b14-4f95-8c7c-9df78aca1014">
+    <permission csid="6057bcf9-6130-42fb-9a39-6912fa337861">
         <resourceName>
                 /orgauthorities/*/items/*/authorityrefs/
             </resourceName>
@@ -376,7 +376,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="eb0fcb27-0fa4-4bef-926a-4d2c61fab1ae">
+    <permission csid="719809d0-3afb-48b2-bd35-76690eb409d4">
         <resourceName>organizations</resourceName>
         <action>
             <name>CREATE</name>
@@ -396,7 +396,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="c1dd9142-3b30-4eda-a0ad-1500363d46f8">
+    <permission csid="fd8483fb-8ddc-432f-88fe-6f1f858f5b8d">
         <resourceName>
                 /orgauthorities/*/items/
             </resourceName>
@@ -418,7 +418,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="96f95210-28ab-4afc-bac9-60f36fac7f62">
+    <permission csid="20fad09b-86b3-4fc4-9f77-e6f0c83e3b4f">
         <resourceName>
                 /orgauthorities/*/items/*/refobjs
             </resourceName>
@@ -440,7 +440,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="7edd3f7a-5c1a-49fa-8637-a3a6060f774c">
+    <permission csid="0f5f7073-6ad7-4149-9c7d-522759d08619">
         <resourceName>personauthorities</resourceName>
         <action>
             <name>CREATE</name>
@@ -460,7 +460,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="b349723a-b280-4529-9aec-65cc2c27ff7e">
+    <permission csid="0bbcae28-a9f8-4093-b797-ec61f4777243">
         <resourceName>
                 /personauthorities/*/items/
             </resourceName>
@@ -482,7 +482,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="d984acd2-ece2-4237-9e09-a9338c8911dd">
+    <permission csid="30e5b4c8-853d-406e-9053-7b3689f38e13">
         <resourceName>
                 /personauthorities/*/items/*/refobjs
             </resourceName>
@@ -504,7 +504,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="3f497baa-d97f-433b-8a01-b01e8b5a583e">
+    <permission csid="cee68b4a-5d74-4c7b-99b5-79ea1d6d84e6">
         <resourceName>persons</resourceName>
         <action>
             <name>CREATE</name>
@@ -524,7 +524,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="cc6ed459-a4c9-4126-8753-ebdef3f6ab56">
+    <permission csid="e6166551-917f-4802-bb8f-33e9a26897a6">
         <resourceName>
                 /personauthorities/*/items/
             </resourceName>
@@ -546,7 +546,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="a045f459-84e0-4f1d-ba4d-33b976b58dac">
+    <permission csid="cd071fb9-93ab-4d84-9a48-2763cb5505d2">
         <resourceName>locationauthorities</resourceName>
         <action>
             <name>CREATE</name>
@@ -566,7 +566,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="da805588-5f6d-4ae5-8626-8c3d4fcbd6c2">
+    <permission csid="e66aca29-4fb6-4800-a776-93988d5ae16a">
         <resourceName>
                 /locationauthorities/*/items/
             </resourceName>
@@ -588,7 +588,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="3521bf00-a2b9-4a61-98c6-f46157bd70e5">
+    <permission csid="6b961b0d-1cb6-4358-a469-4c3b058fee3f">
         <resourceName>locations</resourceName>
         <action>
             <name>CREATE</name>
@@ -608,7 +608,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="29bbddcd-64e3-4c72-8d4e-c7d2686ee30f">
+    <permission csid="51a94926-b603-43f8-9e2d-a371c0e42fc4">
         <resourceName>acquisitions</resourceName>
         <action>
             <name>CREATE</name>
@@ -628,7 +628,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="a497fed0-b2f9-49f1-aeac-e3a148ce8cde">
+    <permission csid="3387d9e0-f942-436e-8f15-8a2b53d6669c">
         <resourceName>
                 /acquisitions/*/authorityrefs/
             </resourceName>
@@ -650,7 +650,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="3203c248-2ad3-4b5c-8c9f-04d3608e2370">
+    <permission csid="01a98695-da9a-4e94-b94a-f1c18228a520">
         <resourceName>relations</resourceName>
         <action>
             <name>CREATE</name>
@@ -670,7 +670,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="78ee728f-35e0-41d1-ae87-af1a84846bc8">
+    <permission csid="8703dd4c-72b6-46a6-8c35-fb5bf86a6c92">
         <resourceName>
                 relations/subject/*/type/*/object/*
             </resourceName>
@@ -692,7 +692,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="749e6ff2-db57-40a2-8888-922c516a66db">
+    <permission csid="97f34c8a-e978-467e-9881-15ebc2d11f05">
         <resourceName>accounts</resourceName>
         <action>
             <name>CREATE</name>
@@ -712,7 +712,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="75c36eaa-ccf5-4122-b3cd-5a4b9a071a15">
+    <permission csid="eb0e3f69-96db-4f05-9316-021094bbcfec">
         <resourceName>dimensions</resourceName>
         <action>
             <name>CREATE</name>
@@ -732,7 +732,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="3d1b9ce5-2ad7-4e6a-a7d8-a125bdf2c8b6">
+    <permission csid="10d0cf8b-1759-4692-8553-391e2bb568f3">
         <resourceName>contacts</resourceName>
         <action>
             <name>CREATE</name>
@@ -752,7 +752,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="c0937cac-e60d-4d61-b1cc-6ba119e40faa">
+    <permission csid="4da515c5-cf33-4eb7-b0ab-3ace1d3192a6">
         <resourceName>
                 /personauthorities/*/items/*/contacts
             </resourceName>
@@ -774,7 +774,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="3c04ae32-03ff-4ef5-a6ed-13af7394417b">
+    <permission csid="7a00e318-ea14-4ebb-906f-8aea1bc9f0c4">
         <resourceName>
                 /orgauthorities/*/items/*/contacts
             </resourceName>
@@ -796,7 +796,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="6fc381f7-3220-4fab-a382-76bd1e56d8bf">
+    <permission csid="bda263c9-148f-452d-8e87-98b7427fc054">
         <resourceName>notes</resourceName>
         <action>
             <name>CREATE</name>
@@ -816,7 +816,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="b9a7f2b4-443e-4b9c-8a0c-f21885001e10">
+    <permission csid="180ab379-d045-43f9-8ce0-6e7bbc23ce72">
         <resourceName>authorization/roles</resourceName>
         <action>
             <name>CREATE</name>
@@ -836,7 +836,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="3978c246-704e-4a13-83f7-90c8f8c0e677">
+    <permission csid="1874f2cd-17ce-407a-ae12-31206906ae18">
         <resourceName>authorization/permissions</resourceName>
         <action>
             <name>CREATE</name>
@@ -856,7 +856,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="09a1e617-e852-4f42-a4c5-0c30388cd1f2">
+    <permission csid="cfe9fa81-c846-4025-b212-5c4a1f51298b">
         <resourceName>authorization/permissions/permroles</resourceName>
         <action>
             <name>CREATE</name>
@@ -876,7 +876,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="e8260135-bd04-472b-b19b-0a2859ce4710">
+    <permission csid="39872df7-2f7b-4f80-859a-ee01e3c5c995">
         <resourceName>
                 /authorization/permissions/*/permroles/
             </resourceName>
@@ -898,7 +898,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="fa6547b0-9539-4cee-b4e0-0110da144f47">
+    <permission csid="7376c78f-faef-40f2-a22a-ee1b4790d951">
         <resourceName>accounts/accountroles</resourceName>
         <action>
             <name>CREATE</name>
@@ -918,7 +918,7 @@
         <effect>PERMIT</effect>
         <tenant_id>1</tenant_id>
     </permission>
-    <permission csid="9c3fdc8d-907b-4de9-99fd-3b3fe6e20296">
+    <permission csid="305b230d-f5cf-43c4-bdc4-474c0520aeed">
         <resourceName>
                 /accounts/*/accountroles/
             </resourceName>
diff --git a/services/authorization-mgt/import/src/test/resources/log4j.properties b/services/authorization-mgt/import/src/main/resources/log4j.properties
similarity index 100%
rename from services/authorization-mgt/import/src/test/resources/log4j.properties
rename to services/authorization-mgt/import/src/main/resources/log4j.properties
diff --git a/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AbstractAuthorizationTestImpl.java b/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AbstractAuthorizationTestImpl.java
deleted file mode 100644
index 3a6da68a1..000000000
--- a/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AbstractAuthorizationTestImpl.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/**
- *  This document is a part of the source code and related artifacts
- *  for CollectionSpace, an open source collections management system
- *  for museums and related institutions:
-
- *  http://www.collectionspace.org
- *  http://wiki.collectionspace.org
-
- *  Copyright 2009 University of California at Berkeley
-
- *  Licensed under the Educational Community License (ECL), Version 2.0.
- *  You may not use this file except in compliance with this License.
-
- *  You may obtain a copy of the ECL 2.0 License at
-
- *  https://source.collectionspace.org/collection-space/LICENSE.txt
-
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *//**
- *  This document is a part of the source code and related artifacts
- *  for CollectionSpace, an open source collections management system
- *  for museums and related institutions:
-
- *  http://www.collectionspace.org
- *  http://wiki.collectionspace.org
-
- *  Copyright 2009 University of California at Berkeley
-
- *  Licensed under the Educational Community License (ECL), Version 2.0.
- *  You may not use this file except in compliance with this License.
-
- *  You may obtain a copy of the ECL 2.0 License at
-
- *  https://source.collectionspace.org/collection-space/LICENSE.txt
-
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
- */
-package org.collectionspace.services.authorization.importer;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import java.lang.reflect.Method;
-import java.util.HashSet;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import org.collectionspace.services.authorization.AuthZ;
-import org.collectionspace.services.authorization.PermissionsList;
-import org.collectionspace.services.authorization.PermissionsRolesList;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.GrantedAuthorityImpl;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.transaction.TransactionDefinition;
-import org.springframework.transaction.TransactionStatus;
-import org.springframework.transaction.support.DefaultTransactionDefinition;
-import org.testng.annotations.DataProvider;
-import org.testng.annotations.Test;
-
-/**
- *
- * @author 
- */
-public abstract class AbstractAuthorizationTestImpl {
-
-    final Logger logger = LoggerFactory.getLogger(AbstractAuthorizationTestImpl.class);
-    private org.springframework.jdbc.datasource.DataSourceTransactionManager txManager;
-
-    /**
-     * Returns the name of the currently running test.
-     *
-     * Note: although the return type is listed as Object[][],
-     * this method instead returns a String.
-     *
-     * @param   m  The currently running test method.
-     *
-     * @return  The name of the currently running test method.
-     */
-    @DataProvider(name = "testName")
-    protected static Object[][] testName(Method m) {
-        return new Object[][]{
-                    new Object[]{m.getName()}
-                };
-    }
-
-    protected void setup() {
-        ClassPathXmlApplicationContext appContext = new ClassPathXmlApplicationContext(
-                new String[]{"applicationContext-authorization-test.xml"});
-        login();
-        AuthZ authZ = AuthZ.get();
-        txManager = (org.springframework.jdbc.datasource.DataSourceTransactionManager) appContext.getBean("transactionManager");
-    }
-
-    protected void login() {
-        GrantedAuthority gauth = new GrantedAuthorityImpl("ROLE_ADMINISTRATOR");
-        HashSet<GrantedAuthority> gauths = new HashSet<GrantedAuthority>();
-        gauths.add(gauth);
-        Authentication authRequest = new UsernamePasswordAuthenticationToken("test", "test", gauths);
-        SecurityContextHolder.getContext().setAuthentication(authRequest);
-    }
-
-    protected void logout() {
-        SecurityContextHolder.getContext().setAuthentication(null);
-    }
-
-    protected TransactionStatus beginTransaction(String name) {
-        DefaultTransactionDefinition def = new DefaultTransactionDefinition();
-        // explicitly setting the transaction name is something that can only be done programmatically
-        def.setName(name);
-        def.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRED);
-        return txManager.getTransaction(def);
-    }
-
-    protected void rollbackTransaction(TransactionStatus status) {
-        txManager.rollback(status);
-    }
-
-    protected void commitTransaction(TransactionStatus status) {
-        txManager.commit(status);
-    }
-
-
-
-    @Test(dataProvider = "testName", dataProviderClass = AbstractAuthorizationTestImpl.class)
-    public void test(String testName) {
-        if (logger.isDebugEnabled()) {
-            logger.debug(testName);
-        }
-    }
-}
diff --git a/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AuthorizationSeedTest.java b/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AuthorizationSeedTest.java
deleted file mode 100644
index fdbef7311..000000000
--- a/services/authorization-mgt/import/src/test/java/org/collectionspace/services/authorization/importer/AuthorizationSeedTest.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- *  This document is a part of the source code and related artifacts
- *  for CollectionSpace, an open source collections management system
- *  for museums and related institutions:
-
- *  http://www.collectionspace.org
- *  http://wiki.collectionspace.org
-
- *  Copyright 2009 University of California at Berkeley
-
- *  Licensed under the Educational Community License (ECL), Version 2.0.
- *  You may not use this file except in compliance with this License.
-
- *  You may obtain a copy of the ECL 2.0 License at
-
- *  https://source.collectionspace.org/collection-space/LICENSE.txt
-
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- */
-package org.collectionspace.services.authorization.importer;
-
-import java.io.File;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.transaction.TransactionStatus;
-import org.testng.annotations.BeforeClass;
-
-/**
- *
- * @author 
- */
-public class AuthorizationSeedTest extends AbstractAuthorizationTestImpl {
-
-    final Logger logger = LoggerFactory.getLogger(AuthorizationSeedTest.class);
-    final static String PERMISSION_FILE = "import-permissions.xml";
-    final static String PERMISSION_ROLE_FILE = "import-permissions-roles.xml";
-
-    @BeforeClass(alwaysRun = true)
-    public void seedData() {
-        setup();
-        TransactionStatus status = null;
-        try {
-            AuthorizationGen authzGen = new AuthorizationGen();
-            String tenantBindingFile = getTenantBindingFile();
-            authzGen.initialize(tenantBindingFile);
-            authzGen.createDefaultServicePermissions();
-            //create default role(s) for the tenant and assign permissions
-            authzGen.createDefaultPermissionsRoles();
-            String exportDir = getExportDir();
-            authzGen.exportPermissions(exportDir + PERMISSION_FILE);
-            authzGen.exportPermissionRoles(exportDir + PERMISSION_ROLE_FILE);
-            if (logger.isDebugEnabled()) {
-                logger.debug("authroization generation completed ");
-            }
-            status = beginTransaction("seedData");
-            AuthorizationSeed authzSeed = new AuthorizationSeed();
-            String importDir = getImportDir();
-            authzSeed.seedPermissions(importDir + PERMISSION_FILE,
-                    importDir + PERMISSION_ROLE_FILE);
-            if (logger.isDebugEnabled()) {
-                logger.debug("authroization seeding completed ");
-            }
-        } catch (Exception ex) {
-            if (status != null) {
-                rollbackTransaction(status);
-            }
-            if (logger.isDebugEnabled()) {
-                ex.printStackTrace();
-            }
-            throw new RuntimeException(ex);
-        } finally {
-            if (status != null) {
-                commitTransaction(status);
-            }
-        }
-    }
-
-    private String getTenantBindingFile() {
-        String tenantBindingFile = System.getProperty("tenantbindings");
-        if (tenantBindingFile == null || tenantBindingFile.isEmpty()) {
-            throw new IllegalStateException("tenantbindings are required."
-                    + " System property tenantbindings is missing or empty");
-        }
-        return tenantBindingFile;
-    }
-
-    private String getImportDir() {
-        String importDir = System.getProperty("importdir");
-        if (importDir == null || importDir.isEmpty()) {
-            throw new IllegalStateException("importdir required."
-                    + " System property importdir is missing or empty");
-        }
-        return importDir + File.separator;
-    }
-
-    private String getExportDir() {
-        String exportDir = System.getProperty("exportdir");
-        if (exportDir == null || exportDir.isEmpty()) {
-            throw new IllegalStateException("exportdir required."
-                    + " System property exportdir is missing or empty");
-        }
-        return exportDir + File.separator;
-    }
-}
diff --git a/services/build.xml b/services/build.xml
index 649eb068d..b40362135 100644
--- a/services/build.xml
+++ b/services/build.xml
@@ -140,6 +140,11 @@
         <ant antfile="id/build.xml" target="create_db" inheritAll="false"/>
     </target>
 
+    <target name="import"
+            description="import default configuration">
+        <ant antfile="authorization-mgt/build.xml" target="import" inheritAll="false"/>
+    </target>
+
     <!-- this target is called in order based on the dependencies between the services -->
     <target name="deploy" depends="install"
             description="deploy services in ${jboss.server.cspace}">
diff --git a/services/pom.xml b/services/pom.xml
index 3ff05b87f..8ee77d226 100644
--- a/services/pom.xml
+++ b/services/pom.xml
@@ -150,6 +150,19 @@
                         </plugins>
                     </configuration>
                 </plugin>
+                <plugin>
+                    <groupId>org.codehaus.mojo</groupId>
+                    <artifactId>exec-maven-plugin</artifactId>
+                    <version>1.1</version>
+                    <configuration>
+                        <systemProperties>
+                            <systemProperty>
+                                <key>log4j.configuration</key>
+                                <value>file:${project.build.directory}/classes/log4j.properties</value>
+                            </systemProperty>
+                        </systemProperties>
+                    </configuration>
+                </plugin>
             </plugins>
         </pluginManagement>
 
@@ -269,6 +282,11 @@
                 <artifactId>commons-io</artifactId>
                 <version>1.4</version>
             </dependency>
+            <dependency>
+                <groupId>commons-cli</groupId>
+                <artifactId>commons-cli</artifactId>
+                <version>1.2</version>
+            </dependency>
             <dependency>
                 <groupId>com.sun.xml.bind</groupId>
                 <artifactId>jaxb-impl</artifactId>