From 8f084d08c2c29c3a98eb1688e67ce7d3a5b57ad1 Mon Sep 17 00:00:00 2001
From: Ben Ostrowsky <ben@esilibrary.com>
Date: Fri, 13 May 2011 15:54:46 +0000
Subject: [PATCH 1/1] To be run immediately after normal EG installation

---
 sql/new_permission_groups.sql |  778 +++++++++++++++++++++++++++++++++++++++++
 1 files changed, 778 insertions(+), 0 deletions(-)
 create mode 100644 sql/new_permission_groups.sql

diff --git a/sql/new_permission_groups.sql b/sql/new_permission_groups.sql
new file mode 100644
index 0000000..d765b92
--- /dev/null
+++ b/sql/new_permission_groups.sql
@@ -0,0 +1,778 @@
+--
+-- Run this script immediately after a normal installation
+-- (assuming LP bug 782268 is rejected) in order to implement
+-- the new permission groups.
+--
+
+-- Alter the permission hierarchy
+
+UPDATE permission.grp_tree SET description = oils_i18n_gettext(10, 'Can do anything at the Branch level', 'pgt', 'description') WHERE id = 10;
+
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(8, oils_i18n_gettext(8, 'Cataloging Administrator', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.cat_admin');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(9, oils_i18n_gettext(9, 'Circulation Administrator', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.circ_admin');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(11, oils_i18n_gettext(11, 'Serials', 'pgt', 'name'), 3, 
+	oils_i18n_gettext(11, 'Serials (includes admin features)', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.serials');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(12, oils_i18n_gettext(12, 'System Administrator', 'pgt', 'name'), 3, 
+	oils_i18n_gettext(12, 'Can do anything at the System level', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.admin.system_admin');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(13, oils_i18n_gettext(13, 'Global Administrator', 'pgt', 'name'), 3, 
+	oils_i18n_gettext(13, 'Can do anything at the Consortium level', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.admin.global_admin');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(14, oils_i18n_gettext(14, 'Data Review', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.data_review');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(15, oils_i18n_gettext(15, 'Volunteers', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.volunteers');
+
+SELECT SETVAL('permission.grp_tree_id_seq'::TEXT, (SELECT MAX(id) FROM permission.grp_tree));
+
+
+-- Wipe out existing permissions
+
+DELETE FROM permission.usr_grp_map WHERE usr <> 1;
+
+
+-- Add basic user permissions to the Users group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Users' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'COPY_CHECKIN',
+			'CREATE_MY_CONTAINER',
+			'MR_HOLDS',
+			'OPAC_LOGIN',
+			'RENEW_CIRC',
+			'TITLE_HOLDS',
+			'user_request.create');
+
+
+-- Add basic user permissions to the Data Review group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Data Review' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'CREATE_COPY_TRANSIT',
+			'VIEW_BILLING_TYPE',
+			'VIEW_CIRCULATIONS',
+			'VIEW_COPY_NOTES',
+			'VIEW_HOLD',
+			'VIEW_ORG_SETTINGS',
+			'VIEW_TITLE_NOTES',
+			'VIEW_TRANSACTION',
+			'VIEW_USER',
+			'VIEW_USER_FINES_SUMMARY',
+			'VIEW_USER_TRANSACTIONS',
+			'VIEW_VOLUME_NOTES',
+			'VIEW_ZIP_DATA');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Data Review' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'COPY_CHECKOUT',
+			'COPY_HOLDS',
+			'CREATE_IN_HOUSE_USE',
+			'CREATE_TRANSACTION',
+			'OFFLINE_EXECUTE',
+			'OFFLINE_VIEW',
+			'STAFF_LOGIN',
+			'VOLUME_HOLDS');
+
+
+-- Add basic staff permissions to the Staff group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Staff' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'CREATE_CONTAINER',
+			'CREATE_CONTAINER_ITEM',
+			'CREATE_COPY_TRANSIT',
+			'CREATE_HOLD_NOTIFICATION',
+			'CREATE_TRANSACTION',
+			'CREATE_TRANSIT',
+			'DELETE_CONTAINER',
+			'DELETE_CONTAINER_ITEM',
+			'group_application.user',
+			'group_application.user.patron',
+			'REGISTER_WORKSTATION',
+			'REMOTE_Z3950_QUERY',
+			'REQUEST_HOLDS',
+			'STAFF_LOGIN',
+			'TRANSIT_COPY',
+			'UPDATE_CONTAINER',
+			'VIEW_CONTAINER',
+			'VIEW_COPY_CHECKOUT_HISTORY',
+			'VIEW_COPY_NOTES',
+			'VIEW_HOLD',
+			'VIEW_HOLD_NOTIFICATION',
+			'VIEW_HOLD_PERMIT',
+			'VIEW_PERM_GROUPS',
+			'VIEW_PERMISSION',
+			'VIEW_TITLE_NOTES',
+			'VIEW_TRANSACTION',
+			'VIEW_VOLUME_NOTES');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Staff' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'CREATE_USER',
+			'UPDATE_USER',
+			'VIEW_BILLING_TYPE',
+			'VIEW_CIRCULATIONS',
+			'VIEW_ORG_SETTINGS',
+			'VIEW_PERMIT_CHECKOUT',
+			'VIEW_USER',
+			'VIEW_USER_FINES_SUMMARY',
+			'VIEW_USER_TRANSACTIONS');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Staff' AND
+		aout.name = 'Branch' AND
+		perm.code IN (
+			'CANCEL_HOLDS',
+			'COPY_CHECKOUT',
+			'COPY_HOLDS',
+			'COPY_TRANSIT_RECEIVE',
+			'CREATE_BILL',
+			'CREATE_IN_HOUSE_USE',
+			'CREATE_PAYMENT',
+			'RENEW_HOLD_OVERRIDE',
+			'UPDATE_COPY',
+			'UPDATE_VOLUME',
+			'VOLUME_HOLDS');
+
+
+-- Add basic cataloguing permissions to the Catalogers group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Catalogers' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'ALLOW_ALT_TCN',
+			'CREATE_BIB_IMPORT_QUEUE',
+			'CREATE_IMPORT_ITEM',
+			'CREATE_MARC',
+			'CREATE_TITLE_NOTE',
+			'DELETE_BIB_IMPORT_QUEUE',
+			'DELETE_IMPORT_ITEM',
+			'DELETE_RECORD',
+			'DELETE_TITLE_NOTE',
+			'IMPORT_ACQ_LINEITEM_BIB_RECORD',
+			'IMPORT_MARC',
+			'MERGE_AUTH_RECORDS',
+			'MERGE_BIB_RECORDS',
+			'UPDATE_AUTHORITY_IMPORT_QUEUE',
+			'UPDATE_AUTHORITY_RECORD_NOTE',
+			'UPDATE_BIB_IMPORT_QUEUE',
+			'UPDATE_MARC',
+			'UPDATE_RECORD',
+			'user_request.view',
+			'VIEW_AUTHORITY_RECORD_NOTES');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Catalogers' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'CREATE_COPY',
+			'CREATE_COPY_NOTE',
+			'CREATE_MFHD_RECORD',
+			'CREATE_VOLUME',
+			'CREATE_VOLUME_NOTE',
+			'DELETE_COPY',
+			'DELETE_COPY_NOTE',
+			'DELETE_MFHD_RECORD',
+			'DELETE_VOLUME',
+			'DELETE_VOLUME_NOTE',
+			'MARK_ITEM_AVAILABLE',
+			'MARK_ITEM_BINDERY',
+			'MARK_ITEM_CHECKED_OUT',
+			'MARK_ITEM_ILL',
+			'MARK_ITEM_IN_PROCESS',
+			'MARK_ITEM_IN_TRANSIT',
+			'MARK_ITEM_LOST',
+			'MARK_ITEM_MISSING',
+			'MARK_ITEM_ON_HOLDS_SHELF',
+			'MARK_ITEM_ON_ORDER',
+			'MARK_ITEM_RESHELVING',
+			'UPDATE_COPY',
+			'UPDATE_COPY_NOTE',
+			'UPDATE_IMPORT_ITEM',
+			'UPDATE_MFHD_RECORD',
+			'UPDATE_VOLUME',
+			'UPDATE_VOLUME_NOTE',
+			'VIEW_SERIAL_SUBSCRIPTION');
+
+
+-- Add advanced cataloguing permissions to the Cataloging Admin group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Cataloging Admin' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'ADMIN_IMPORT_ITEM_ATTR_DEF',
+			'ADMIN_MERGE_PROFILE',
+			'CREATE_AUTHORITY_IMPORT_IMPORT_DEF',
+			'CREATE_BIB_IMPORT_FIELD_DEF',
+			'CREATE_BIB_SOURCE',
+			'CREATE_IMPORT_ITEM_ATTR_DEF',
+			'CREATE_IMPORT_TRASH_FIELD',
+			'CREATE_MERGE_PROFILE',
+			'DELETE_AUTHORITY_IMPORT_IMPORT_FIELD_DEF',
+			'DELETE_BIB_SOURCE',
+			'DELETE_IMPORT_ITEM_ATTR_DEF',
+			'DELETE_IMPORT_TRASH_FIELD',
+			'DELETE_MERGE_PROFILE',
+			'UPDATE_AUTHORITY_IMPORT_IMPORT_FIELD_DEF',
+			'UPDATE_BIB_IMPORT_IMPORT_FIELD_DEF',
+			'UPDATE_IMPORT_ITEM_ATTR_DEF',
+			'UPDATE_IMPORT_TRASH_FIELD',
+			'UPDATE_MERGE_PROFILE');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Cataloging Admin' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'CREATE_COPY_STAT_CAT',
+			'CREATE_COPY_STAT_CAT_ENTRY',
+			'CREATE_COPY_STAT_CAT_ENTRY_MAP',
+			'RUN_REPORTS',
+			'SHARE_REPORT_FOLDER',
+			'UPDATE_COPY_LOCATION',
+			'UPDATE_COPY_STAT_CAT',
+			'UPDATE_COPY_STAT_CAT_ENTRY',
+			'VIEW_REPORT_OUTPUT');
+
+
+-- Add basic circulation permissions to the Circulators group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Circulators' AND
+		aout.name = 'Branch' AND
+		perm.code IN (
+			'ADMIN_BOOKING_RESERVATION',
+			'ADMIN_BOOKING_RESOURCE',
+			'ADMIN_BOOKING_RESOURCE_ATTR',
+			'ADMIN_BOOKING_RESOURCE_ATTR_MAP',
+			'ADMIN_BOOKING_RESOURCE_ATTR_VALUE',
+			'ADMIN_BOOKING_RESOURCE_TYPE',
+			'ASSIGN_GROUP_PERM',
+			'MARK_ITEM_AVAILABLE',
+			'MARK_ITEM_BINDERY',
+			'MARK_ITEM_CHECKED_OUT',
+			'MARK_ITEM_ILL',
+			'MARK_ITEM_IN_PROCESS',
+			'MARK_ITEM_IN_TRANSIT',
+			'MARK_ITEM_LOST',
+			'MARK_ITEM_MISSING',
+			'MARK_ITEM_ON_HOLDS_SHELF',
+			'MARK_ITEM_ON_ORDER',
+			'MARK_ITEM_RESHELVING',
+			'OFFLINE_UPLOAD',
+			'OFFLINE_VIEW',
+			'REMOVE_USER_GROUP_LINK',
+			'SET_CIRC_CLAIMS_RETURNED',
+			'SET_CIRC_CLAIMS_RETURNED.override',
+			'SET_CIRC_LOST',
+			'SET_CIRC_MISSING',
+			'UPDATE_BILL_NOTE',
+			'UPDATE_PATRON_CLAIM_NEVER_CHECKED_OUT_COUNT',
+			'UPDATE_PATRON_CLAIM_RETURN_COUNT',
+			'UPDATE_PAYMENT_NOTE',
+			'UPDATE_PICKUP_LIB FROM_TRANSIT',
+			'UPDATE_PICKUP_LIB_FROM_HOLDS_SHELF',
+			'VIEW_GROUP_PENALTY_THRESHOLD',
+			'VIEW_STANDING_PENALTY',
+			'VOID_BILLING',
+			'VOLUME_HOLDS');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Circulators' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'ABORT_REMOTE_TRANSIT',
+			'ABORT_TRANSIT',
+			'CAPTURE_RESERVATION',
+			'CIRC_CLAIMS_RETURNED.override',
+			'CIRC_EXCEEDS_COPY_RANGE.override',
+			'CIRC_OVERRIDE_DUE_DATE',
+			'CIRC_PERMIT_OVERRIDE',
+			'COPY_ALERT_MESSAGE.override',
+			'COPY_BAD_STATUS.override',
+			'COPY_CIRC_NOT_ALLOWED.override',
+			'COPY_IS_REFERENCE.override',
+			'COPY_NEEDED_FOR_HOLD.override',
+			'COPY_NOT_AVAILABLE.override',
+			'COPY_STATUS_LOST.override',
+			'COPY_STATUS_MISSING.override',
+			'CREATE_DUPLICATE_HOLDS',
+			'CREATE_USER_GROUP_LINK',
+			'DELETE_TRANSIT',
+			'HOLD_EXISTS.override',
+			'HOLD_ITEM_CHECKED_OUT.override',
+			'ISSUANCE_HOLDS',
+			'ITEM_AGE_PROTECTED.override',
+			'ITEM_ON_HOLDS_SHELF.override',
+			'MAX_RENEWALS_REACHED.override',
+			'OVERRIDE_HOLD_HAS_LOCAL_COPY',
+			'PATRON_EXCEEDS_CHECKOUT_COUNT.override',
+			'PATRON_EXCEEDS_FINES.override',
+			'PATRON_EXCEEDS_OVERDUE_COUNT.override',
+			'RETRIEVE_RESERVATION_PULL_LIST',
+			'UPDATE_HOLD');
+
+
+-- Add advanced circulation permissions to the Circulation Admin group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Circulation Admin' AND
+		aout.name = 'Branch' AND
+		perm.code IN (
+			'DELETE_USER');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Circulation Admin' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'ADMIN_MAX_FINE_RULE',
+			'CREATE_CIRC_DURATION',
+			'DELETE_CIRC_DURATION',
+			'UPDATE_CIRC_DURATION',
+			'UPDATE_NET_ACCESS_LEVEL',
+			'VIEW_CIRC_MATRIX_MATCHPOINT',
+			'VIEW_HOLD_MATRIX_MATCHPOINT');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Circulation Admin' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'ADMIN_BOOKING_RESERVATION',
+			'ADMIN_BOOKING_RESERVATION_ATTR_MAP',
+			'ADMIN_BOOKING_RESERVATION_ATTR_VALUE_MAP',
+			'ADMIN_BOOKING_RESOURCE',
+			'ADMIN_BOOKING_RESOURCE_ATTR',
+			'ADMIN_BOOKING_RESOURCE_ATTR_MAP',
+			'ADMIN_BOOKING_RESOURCE_ATTR_VALUE',
+			'ADMIN_BOOKING_RESOURCE_TYPE',
+			'ADMIN_COPY_LOCATION_ORDER',
+			'ADMIN_HOLD_CANCEL_CAUSE',
+			'ASSIGN_GROUP_PERM',
+			'BAR_PATRON',
+			'COPY_HOLDS',
+			'COPY_TRANSIT_RECEIVE',
+			'CREATE_BILL',
+			'CREATE_BILLING_TYPE',
+			'CREATE_NON_CAT_TYPE',
+			'CREATE_PATRON_STAT_CAT',
+			'CREATE_PATRON_STAT_CAT_ENTRY',
+			'CREATE_PATRON_STAT_CAT_ENTRY_MAP',
+			'CREATE_USER_GROUP_LINK',
+			'DELETE_BILLING_TYPE',
+			'DELETE_NON_CAT_TYPE',
+			'DELETE_PATRON_STAT_CAT',
+			'DELETE_PATRON_STAT_CAT_ENTRY',
+			'DELETE_PATRON_STAT_CAT_ENTRY_MAP',
+			'DELETE_TRANSIT',
+			'group_application.user.staff',
+			'MANAGE_BAD_DEBT',
+			'MARK_ITEM_AVAILABLE',
+			'MARK_ITEM_BINDERY',
+			'MARK_ITEM_CHECKED_OUT',
+			'MARK_ITEM_ILL',
+			'MARK_ITEM_IN_PROCESS',
+			'MARK_ITEM_IN_TRANSIT',
+			'MARK_ITEM_LOST',
+			'MARK_ITEM_MISSING',
+			'MARK_ITEM_ON_HOLDS_SHELF',
+			'MARK_ITEM_ON_ORDER',
+			'MARK_ITEM_RESHELVING',
+			'MERGE_USERS',
+			'money.collections_tracker.create',
+			'money.collections_tracker.delete',
+			'OFFLINE_EXECUTE',
+			'OFFLINE_UPLOAD',
+			'OFFLINE_VIEW',
+			'REMOVE_USER_GROUP_LINK',
+			'SET_CIRC_CLAIMS_RETURNED',
+			'SET_CIRC_CLAIMS_RETURNED.override',
+			'SET_CIRC_LOST',
+			'SET_CIRC_MISSING',
+			'UNBAR_PATRON',
+			'UPDATE_BILL_NOTE',
+			'UPDATE_NON_CAT_TYPE',
+			'UPDATE_PATRON_CLAIM_NEVER_CHECKED_OUT_COUNT',
+			'UPDATE_PATRON_CLAIM_RETURN_COUNT',
+			'UPDATE_PICKUP_LIB_FROM_HOLDS_SHELF',
+			'UPDATE_PICKUP_LIB_FROM_TRANSIT',
+			'UPDATE_USER',
+			'VIEW_REPORT_OUTPUT',
+			'VIEW_STANDING_PENALTY',
+			'VOID_BILLING',
+			'VOLUME_HOLDS');
+
+
+-- Add basic sys admin permissions to the Local Administrator group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Local Administrator' AND
+		aout.name = 'Branch' AND
+		perm.code IN (
+			'EVERYTHING');
+
+
+-- Add administration permissions to the System Administrator group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'System Administrator' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'EVERYTHING');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'System Administrator' AND
+		aout.name = 'Consortium' AND
+		perm.code ~ '^VIEW_TRIGGER';
+
+
+-- Add administration permissions to the Global Administrator group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Global Administrator' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'EVERYTHING');
+
+
+-- Add basic acquisitions permissions to the Acquisitions group
+
+SELECT SETVAL('permission.grp_perm_map_id_seq'::TEXT, (SELECT MAX(id) FROM permission.grp_perm_map));
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Acquisitions' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'ALLOW_ALT_TCN',
+			'CREATE_BIB_IMPORT_QUEUE',
+			'CREATE_IMPORT_ITEM',
+			'CREATE_INVOICE',
+			'CREATE_MARC',
+			'CREATE_PICKLIST',
+			'CREATE_PURCHASE_ORDER',
+			'DELETE_BIB_IMPORT_QUEUE',
+			'DELETE_IMPORT_ITEM',
+			'DELETE_RECORD',
+			'DELETE_VOLUME',
+			'DELETE_VOLUME_NOTE',
+			'GENERAL_ACQ',
+			'IMPORT_ACQ_LINEITEM_BIB_RECORD',
+			'IMPORT_MARC',
+			'MANAGE_CLAIM',
+			'MANAGE_FUND',
+			'MANAGE_FUNDING_SOURCE',
+			'MANAGE_PROVIDER',
+			'MARK_ITEM_AVAILABLE',
+			'MARK_ITEM_BINDERY',
+			'MARK_ITEM_CHECKED_OUT',
+			'MARK_ITEM_ILL',
+			'MARK_ITEM_IN_PROCESS',
+			'MARK_ITEM_IN_TRANSIT',
+			'MARK_ITEM_LOST',
+			'MARK_ITEM_MISSING',
+			'MARK_ITEM_ON_HOLDS_SHELF',
+			'MARK_ITEM_ON_ORDER',
+			'MARK_ITEM_RESHELVING',
+			'RECEIVE_PURCHASE_ORDER',
+			'UPDATE_BATCH_COPY',
+			'UPDATE_BIB_IMPORT_QUEUE',
+			'UPDATE_COPY',
+			'UPDATE_FUND',
+			'UPDATE_FUND_ALLOCATION',
+			'UPDATE_FUNDING_SOURCE',
+			'UPDATE_IMPORT_ITEM',
+			'UPDATE_MARC',
+			'UPDATE_RECORD',
+			'UPDATE_VOLUME',
+			'user_request.delete',
+			'user_request.update',
+			'user_request.view',
+			'VIEW_ACQ_FUND_ALLOCATION_PERCENT',
+			'VIEW_ACQ_FUNDING_SOURCE',
+			'VIEW_FUND',
+			'VIEW_FUND_ALLOCATION',
+			'VIEW_FUNDING_SOURCE',
+			'VIEW_HOLDS',
+			'VIEW_INVOICE',
+			'VIEW_ORG_SETTINGS',
+			'VIEW_PICKLIST',
+			'VIEW_PROVIDER',
+			'VIEW_PURCHASE_ORDER',
+			'VIEW_REPORT_OUTPUT');
+
+
+-- Add acquisitions administration permissions to the Acquisitions Admin group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Acquisitions Administrator' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'ACQ_XFER_MANUAL_DFUND_AMOUNT',
+			'ADMIN_ACQ_CANCEL_CAUSE',
+			'ADMIN_ACQ_CLAIM',
+			'ADMIN_ACQ_CLAIM_EVENT_TYPE',
+			'ADMIN_ACQ_CLAIM_TYPE',
+			'ADMIN_ACQ_DISTRIB_FORMULA',
+			'ADMIN_ACQ_FISCAL_YEAR',
+			'ADMIN_ACQ_FUND',
+			'ADMIN_ACQ_FUND_ALLOCATION_PERCENT',
+			'ADMIN_ACQ_FUND_TAG',
+			'ADMIN_ACQ_LINE_ITEM_ALERT_TEXT',
+			'ADMIN_CLAIM_POLICY',
+			'ADMIN_CURRENCY_TYPE',
+			'ADMIN_FUND',
+			'ADMIN_FUNDING_SOURCE',
+			'ADMIN_INVOICE',
+			'ADMIN_INVOICE_METHOD',
+			'ADMIN_INVOICE_PAYMENT_METHOD',
+			'ADMIN_LINEITEM_MARC_ATTR_DEF',
+			'ADMIN_PROVIDER',
+			'ADMIN_USER_REQUEST_TYPE',
+			'CREATE_ACQ_FUNDING_SOURCE',
+			'CREATE_FUND',
+			'CREATE_FUND_ALLOCATION',
+			'CREATE_FUNDING_SOURCE',
+			'CREATE_INVOICE_ITEM_TYPE',
+			'CREATE_INVOICE_METHOD',
+			'CREATE_PROVIDER',
+			'DELETE_ACQ_FUNDING_SOURCE',
+			'DELETE_FUND',
+			'DELETE_FUND_ALLOCATION',
+			'DELETE_FUNDING_SOURCE',
+			'DELETE_INVOICE_ITEM_TYPE',
+			'DELETE_INVOICE_METHOD',
+			'DELETE_PROVIDER',
+			'RUN_REPORTS',
+			'SHARE_REPORT_FOLDER',
+			'UPDATE_ACQ_FUNDING_SOURCE',
+			'UPDATE_INVOICE_ITEM_TYPE',
+			'UPDATE_INVOICE_METHOD');
+
+
+-- Add serials permissions to the Serials group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Serials' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'ADMIN_ASSET_COPY_TEMPLATE',
+			'ADMIN_SERIAL_CAPTION_PATTERN',
+			'ADMIN_SERIAL_DISTRIBUTION',
+			'ADMIN_SERIAL_STREAM',
+			'ADMIN_SERIAL_SUBSCRIPTION',
+			'ISSUANCE_HOLDS',
+			'RECEIVE_SERIAL');
+
+
+-- Add basic staff permissions to the Volunteers group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Volunteers' AND
+		aout.name = 'Branch' AND
+		perm.code IN (
+			'COPY_CHECKOUT',
+			'CREATE_BILL',
+			'CREATE_IN_HOUSE_USE',
+			'CREATE_PAYMENT',
+			'VIEW_BILLING_TYPE',
+			'VIEW_CIRCS',
+			'VIEW_COPY_CHECKOUT',
+			'VIEW_HOLD',
+			'VIEW_TITLE_HOLDS',
+			'VIEW_TRANSACTION',
+			'VIEW_USER',
+			'VIEW_USER_FINES_SUMMARY',
+			'VIEW_USER_TRANSACTIONS');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Volunteers' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'CREATE_COPY_TRANSIT',
+			'CREATE_TRANSACTION',
+			'CREATE_TRANSIT',
+			'STAFF_LOGIN',
+			'TRANSIT_COPY',
+			'VIEW_ORG_SETTINGS');
+
-- 
1.7.2.5