From 75c58c9f948521a8ac78300bf8f45ae16205f74b Mon Sep 17 00:00:00 2001
From: miker <miker@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Fri, 13 May 2011 17:30:47 +0000
Subject: [PATCH] Patch from Ben Ostrowsky (LP#782268) to simplify seed/example
 permission setup and move one step towards being able to rid ourselves of
 permission.perm_list.id

git-svn-id: svn://svn.open-ils.org/ILS/trunk@20473 dcc99617-32d9-48b4-a31d-7c20da2025e4
---
 Open-ILS/src/sql/Pg/950.data.seed-values.sql | 902 +++++++++++++++----
 1 file changed, 749 insertions(+), 153 deletions(-)

diff --git a/Open-ILS/src/sql/Pg/950.data.seed-values.sql b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
index 1a2259c505..38b7b71c4f 100644
--- a/Open-ILS/src/sql/Pg/950.data.seed-values.sql
+++ b/Open-ILS/src/sql/Pg/950.data.seed-values.sql
@@ -1397,8 +1397,25 @@ INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, u
 INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
 	(7, oils_i18n_gettext(7, 'Acquisitions Administrator', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.acq_admin');
 INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
-	(10, oils_i18n_gettext(10, 'Local System Administrator', 'pgt', 'name'), 3, 
-	oils_i18n_gettext(10, 'System maintenance, configuration, etc.', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.admin.local_admin');
+	(8, oils_i18n_gettext(8, 'Cataloging Administrator', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.cat_admin');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(9, oils_i18n_gettext(9, 'Circulation Administrator', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.circ_admin');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(10, oils_i18n_gettext(10, 'Local Administrator', 'pgt', 'name'), 3, 
+	oils_i18n_gettext(10, 'Can do anything at the Branch level', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.admin.local_admin');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(11, oils_i18n_gettext(11, 'Serials', 'pgt', 'name'), 3, 
+	oils_i18n_gettext(11, 'Serials (includes admin features)', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.serials');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(12, oils_i18n_gettext(12, 'System Administrator', 'pgt', 'name'), 3, 
+	oils_i18n_gettext(12, 'Can do anything at the System level', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.admin.system_admin');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(13, oils_i18n_gettext(13, 'Global Administrator', 'pgt', 'name'), 3, 
+	oils_i18n_gettext(13, 'Can do anything at the Consortium level', 'pgt', 'description'), '3 years', TRUE, 'group_application.user.staff.admin.global_admin');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(14, oils_i18n_gettext(14, 'Data Review', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.data_review');
+INSERT INTO permission.grp_tree (id, name, parent, description, perm_interval, usergroup, application_perm) VALUES
+	(15, oils_i18n_gettext(15, 'Volunteers', 'pgt', 'name'), 3, NULL, '3 years', TRUE, 'group_application.user.staff.volunteers');
 
 SELECT SETVAL('permission.grp_tree_id_seq'::TEXT, (SELECT MAX(id) FROM permission.grp_tree));
 
@@ -1411,170 +1428,749 @@ INSERT INTO permission.grp_penalty_threshold (grp,org_unit,penalty,threshold)
 
 SELECT SETVAL('permission.grp_penalty_threshold_id_seq'::TEXT, (SELECT MAX(id) FROM permission.grp_penalty_threshold));
 
--- XXX Incomplete base permission setup.  A patch would be appreciated.
+
 -- Add basic user permissions to the Users group
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'OPAC_LOGIN'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'MR_HOLDS'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'TITLE_HOLDS'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'COPY_CHECKIN'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_MY_CONTAINER'), 0, false);
 
--- Add basic patron permissions to the Patrons group
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (2, (SELECT id FROM permission.perm_list WHERE code = 'RENEW_CIRC'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (2, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_MY_CONTAINER'), 0, false);
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Users' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'COPY_CHECKIN',
+			'CREATE_MY_CONTAINER',
+			'MR_HOLDS',
+			'OPAC_LOGIN',
+			'RENEW_CIRC',
+			'TITLE_HOLDS',
+			'user_request.create');
+
+
+-- Add basic user permissions to the Data Review group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Data Review' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'CREATE_COPY_TRANSIT',
+			'VIEW_BILLING_TYPE',
+			'VIEW_CIRCULATIONS',
+			'VIEW_COPY_NOTES',
+			'VIEW_HOLD',
+			'VIEW_ORG_SETTINGS',
+			'VIEW_TITLE_NOTES',
+			'VIEW_TRANSACTION',
+			'VIEW_USER',
+			'VIEW_USER_FINES_SUMMARY',
+			'VIEW_USER_TRANSACTIONS',
+			'VIEW_VOLUME_NOTES',
+			'VIEW_ZIP_DATA');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Data Review' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'COPY_CHECKOUT',
+			'COPY_HOLDS',
+			'CREATE_IN_HOUSE_USE',
+			'CREATE_TRANSACTION',
+			'OFFLINE_EXECUTE',
+			'OFFLINE_VIEW',
+			'STAFF_LOGIN',
+			'VOLUME_HOLDS');
+
 
 -- Add basic staff permissions to the Staff group
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'STAFF_LOGIN'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VOLUME_HOLDS'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'COPY_HOLDS'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'REQUEST_HOLDS'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_HOLD'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'RENEW_CIRC'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_USER_FINES_SUMMARY'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_USER_TRANSACTIONS'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_MARC'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_MARC'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'IMPORT_MARC'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_VOLUME'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_VOLUME'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_VOLUME'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'RENEW_HOLD_OVERRIDE'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_USER'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_USER'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_USER'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_USER'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_TRANSIT'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PERMISSION'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CHECKIN_BYPASS_HOLD_FULFILL'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_PAYMENT'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'SET_CIRC_LOST'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'SET_CIRC_MISSING'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'SET_CIRC_CLAIMS_RETURNED'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_TRANSACTION'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_TRANSACTION'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_BILL'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_CONTAINER'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_CONTAINER'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_ORG_UNIT'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_CIRCULATIONS'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_CONTAINER'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_CONTAINER_ITEM'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PERM_GROUPS'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PERMIT_CHECKOUT'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_BATCH_COPY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_PATRON_STAT_CAT'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY_STAT_CAT'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_PATRON_STAT_CAT_ENTRY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY_STAT_CAT_ENTRY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_PATRON_STAT_CAT'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY_STAT_CAT'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_PATRON_STAT_CAT_ENTRY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY_STAT_CAT_ENTRY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_NON_CAT_TYPE'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_NON_CAT_TYPE'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_IN_HOUSE_USE'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'COPY_CHECKOUT'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY_LOCATION'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY_LOCATION'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY_TRANSIT'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'COPY_TRANSIT_RECEIVE'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_HOLD_PERMIT'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_COPY_CHECKOUT_HISTORY'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'REMOTE_Z3950_QUERY'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'REGISTER_WORKSTATION'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_COPY_NOTES'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_VOLUME_NOTES'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_TITLE_NOTES'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY_NOTE'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_VOLUME_NOTE'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_CONTAINER'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_HOLD_NOTIFICATION'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_HOLD_NOTIFICATION'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'OFFLINE_UPLOAD'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'OFFLINE_VIEW'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_BILLING_TYPE'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (3, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_ORG_SETTINGS'), 1, false);
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Staff' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'CREATE_CONTAINER',
+			'CREATE_CONTAINER_ITEM',
+			'CREATE_COPY_TRANSIT',
+			'CREATE_HOLD_NOTIFICATION',
+			'CREATE_TRANSACTION',
+			'CREATE_TRANSIT',
+			'DELETE_CONTAINER',
+			'DELETE_CONTAINER_ITEM',
+			'group_application.user',
+			'group_application.user.patron',
+			'REGISTER_WORKSTATION',
+			'REMOTE_Z3950_QUERY',
+			'REQUEST_HOLDS',
+			'STAFF_LOGIN',
+			'TRANSIT_COPY',
+			'UPDATE_CONTAINER',
+			'VIEW_CONTAINER',
+			'VIEW_COPY_CHECKOUT_HISTORY',
+			'VIEW_COPY_NOTES',
+			'VIEW_HOLD',
+			'VIEW_HOLD_NOTIFICATION',
+			'VIEW_HOLD_PERMIT',
+			'VIEW_PERM_GROUPS',
+			'VIEW_PERMISSION',
+			'VIEW_TITLE_NOTES',
+			'VIEW_TRANSACTION',
+			'VIEW_VOLUME_NOTES');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Staff' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'CREATE_USER',
+			'UPDATE_USER',
+			'VIEW_BILLING_TYPE',
+			'VIEW_CIRCULATIONS',
+			'VIEW_ORG_SETTINGS',
+			'VIEW_PERMIT_CHECKOUT',
+			'VIEW_USER',
+			'VIEW_USER_FINES_SUMMARY',
+			'VIEW_USER_TRANSACTIONS');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Staff' AND
+		aout.name = 'Branch' AND
+		perm.code IN (
+			'CANCEL_HOLDS',
+			'COPY_CHECKOUT',
+			'COPY_HOLDS',
+			'COPY_TRANSIT_RECEIVE',
+			'CREATE_BILL',
+			'CREATE_IN_HOUSE_USE',
+			'CREATE_PAYMENT',
+			'RENEW_HOLD_OVERRIDE',
+			'UPDATE_COPY',
+			'UPDATE_VOLUME',
+			'VOLUME_HOLDS');
+
 
 -- Add basic cataloguing permissions to the Catalogers group
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'COPY_HOLDS'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_MARC'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_MARC'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'IMPORT_MARC'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_VOLUME'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_VOLUME'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_VOLUME'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_COPY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_BATCH_COPY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_MFHD_RECORD'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_MFHD_RECORD'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_MFHD_RECORD'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_RECORD'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (4, (SELECT id FROM permission.perm_list WHERE code = 'MERGE_AUTH_RECORDS'), 1, false);
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Catalogers' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'ALLOW_ALT_TCN',
+			'CREATE_BIB_IMPORT_QUEUE',
+			'CREATE_IMPORT_ITEM',
+			'CREATE_MARC',
+			'CREATE_TITLE_NOTE',
+			'DELETE_BIB_IMPORT_QUEUE',
+			'DELETE_IMPORT_ITEM',
+			'DELETE_RECORD',
+			'DELETE_TITLE_NOTE',
+			'IMPORT_ACQ_LINEITEM_BIB_RECORD',
+			'IMPORT_MARC',
+			'MERGE_AUTH_RECORDS',
+			'MERGE_BIB_RECORDS',
+			'UPDATE_AUTHORITY_IMPORT_QUEUE',
+			'UPDATE_AUTHORITY_RECORD_NOTE',
+			'UPDATE_BIB_IMPORT_QUEUE',
+			'UPDATE_MARC',
+			'UPDATE_RECORD',
+			'user_request.view',
+			'VIEW_AUTHORITY_RECORD_NOTES');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Catalogers' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'CREATE_COPY',
+			'CREATE_COPY_NOTE',
+			'CREATE_MFHD_RECORD',
+			'CREATE_VOLUME',
+			'CREATE_VOLUME_NOTE',
+			'DELETE_COPY',
+			'DELETE_COPY_NOTE',
+			'DELETE_MFHD_RECORD',
+			'DELETE_VOLUME',
+			'DELETE_VOLUME_NOTE',
+			'MARK_ITEM_AVAILABLE',
+			'MARK_ITEM_BINDERY',
+			'MARK_ITEM_CHECKED_OUT',
+			'MARK_ITEM_ILL',
+			'MARK_ITEM_IN_PROCESS',
+			'MARK_ITEM_IN_TRANSIT',
+			'MARK_ITEM_LOST',
+			'MARK_ITEM_MISSING',
+			'MARK_ITEM_ON_HOLDS_SHELF',
+			'MARK_ITEM_ON_ORDER',
+			'MARK_ITEM_RESHELVING',
+			'UPDATE_COPY',
+			'UPDATE_COPY_NOTE',
+			'UPDATE_IMPORT_ITEM',
+			'UPDATE_MFHD_RECORD',
+			'UPDATE_VOLUME',
+			'UPDATE_VOLUME_NOTE',
+			'VIEW_SERIAL_SUBSCRIPTION');
+
+
+-- Add advanced cataloguing permissions to the Cataloging Admin group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Cataloging Admin' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'ADMIN_IMPORT_ITEM_ATTR_DEF',
+			'ADMIN_MERGE_PROFILE',
+			'CREATE_AUTHORITY_IMPORT_IMPORT_DEF',
+			'CREATE_BIB_IMPORT_FIELD_DEF',
+			'CREATE_BIB_SOURCE',
+			'CREATE_IMPORT_ITEM_ATTR_DEF',
+			'CREATE_IMPORT_TRASH_FIELD',
+			'CREATE_MERGE_PROFILE',
+			'DELETE_AUTHORITY_IMPORT_IMPORT_FIELD_DEF',
+			'DELETE_BIB_SOURCE',
+			'DELETE_IMPORT_ITEM_ATTR_DEF',
+			'DELETE_IMPORT_TRASH_FIELD',
+			'DELETE_MERGE_PROFILE',
+			'UPDATE_AUTHORITY_IMPORT_IMPORT_FIELD_DEF',
+			'UPDATE_BIB_IMPORT_IMPORT_FIELD_DEF',
+			'UPDATE_IMPORT_ITEM_ATTR_DEF',
+			'UPDATE_IMPORT_TRASH_FIELD',
+			'UPDATE_MERGE_PROFILE');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Cataloging Admin' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'CREATE_COPY_STAT_CAT',
+			'CREATE_COPY_STAT_CAT_ENTRY',
+			'CREATE_COPY_STAT_CAT_ENTRY_MAP',
+			'RUN_REPORTS',
+			'SHARE_REPORT_FOLDER',
+			'UPDATE_COPY_LOCATION',
+			'UPDATE_COPY_STAT_CAT',
+			'UPDATE_COPY_STAT_CAT_ENTRY',
+			'VIEW_REPORT_OUTPUT');
+
 
 -- Add basic circulation permissions to the Circulators group
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_TRANSACTION'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_BILL'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_CIRCULATIONS'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PERM_GROUPS'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'CIRC_OVERRIDE_DUE_DATE'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (5, (SELECT id FROM permission.perm_list WHERE code = 'COPY_IS_REFERENCE.override'), 1, false);
-
--- Add basic sys admin permissions to the Local System Administrator group
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_USER_GROUP_LINK'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_PATRON_STAT_CAT'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY_STAT_CAT'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_PATRON_STAT_CAT_ENTRY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY_STAT_CAT_ENTRY'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_PATRON_STAT_CAT_ENTRY_MAP'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY_STAT_CAT_ENTRY_MAP'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY_LOCATION'), 2, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_COPY_NOTE'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_VOLUME_NOTE'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'DELETE_TITLE_NOTE'), 0, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_ORG_SETTING'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'OFFLINE_EXECUTE'), 1, true);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'CIRC_OVERRIDE_DUE_DATE'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'CIRC_PERMIT_OVERRIDE'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'RUN_REPORTS'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'SHARE_REPORT_FOLDER'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (10, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_REPORT_OUTPUT'), 1, false);
-
--- Add trigger administration permissions to the Local System Administrator group
+
 INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
-    SELECT 10, id, 1, false FROM permission.perm_list
-        WHERE code LIKE 'ADMIN_TRIGGER%'
-            OR code LIKE 'CREATE_TRIGGER%'
-            OR code LIKE 'DELETE_TRIGGER%'
-            OR code LIKE 'UPDATE_TRIGGER%'
-;
--- View trigger permissions are required at a consortial level for initial setup
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Circulators' AND
+		aout.name = 'Branch' AND
+		perm.code IN (
+			'ADMIN_BOOKING_RESERVATION',
+			'ADMIN_BOOKING_RESOURCE',
+			'ADMIN_BOOKING_RESOURCE_ATTR',
+			'ADMIN_BOOKING_RESOURCE_ATTR_MAP',
+			'ADMIN_BOOKING_RESOURCE_ATTR_VALUE',
+			'ADMIN_BOOKING_RESOURCE_TYPE',
+			'ASSIGN_GROUP_PERM',
+			'MARK_ITEM_AVAILABLE',
+			'MARK_ITEM_BINDERY',
+			'MARK_ITEM_CHECKED_OUT',
+			'MARK_ITEM_ILL',
+			'MARK_ITEM_IN_PROCESS',
+			'MARK_ITEM_IN_TRANSIT',
+			'MARK_ITEM_LOST',
+			'MARK_ITEM_MISSING',
+			'MARK_ITEM_ON_HOLDS_SHELF',
+			'MARK_ITEM_ON_ORDER',
+			'MARK_ITEM_RESHELVING',
+			'OFFLINE_UPLOAD',
+			'OFFLINE_VIEW',
+			'REMOVE_USER_GROUP_LINK',
+			'SET_CIRC_CLAIMS_RETURNED',
+			'SET_CIRC_CLAIMS_RETURNED.override',
+			'SET_CIRC_LOST',
+			'SET_CIRC_MISSING',
+			'UPDATE_BILL_NOTE',
+			'UPDATE_PATRON_CLAIM_NEVER_CHECKED_OUT_COUNT',
+			'UPDATE_PATRON_CLAIM_RETURN_COUNT',
+			'UPDATE_PAYMENT_NOTE',
+			'UPDATE_PICKUP_LIB FROM_TRANSIT',
+			'UPDATE_PICKUP_LIB_FROM_HOLDS_SHELF',
+			'VIEW_GROUP_PENALTY_THRESHOLD',
+			'VIEW_STANDING_PENALTY',
+			'VOID_BILLING',
+			'VOLUME_HOLDS');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Circulators' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'ABORT_REMOTE_TRANSIT',
+			'ABORT_TRANSIT',
+			'CAPTURE_RESERVATION',
+			'CIRC_CLAIMS_RETURNED.override',
+			'CIRC_EXCEEDS_COPY_RANGE.override',
+			'CIRC_OVERRIDE_DUE_DATE',
+			'CIRC_PERMIT_OVERRIDE',
+			'COPY_ALERT_MESSAGE.override',
+			'COPY_BAD_STATUS.override',
+			'COPY_CIRC_NOT_ALLOWED.override',
+			'COPY_IS_REFERENCE.override',
+			'COPY_NEEDED_FOR_HOLD.override',
+			'COPY_NOT_AVAILABLE.override',
+			'COPY_STATUS_LOST.override',
+			'COPY_STATUS_MISSING.override',
+			'CREATE_DUPLICATE_HOLDS',
+			'CREATE_USER_GROUP_LINK',
+			'DELETE_TRANSIT',
+			'HOLD_EXISTS.override',
+			'HOLD_ITEM_CHECKED_OUT.override',
+			'ISSUANCE_HOLDS',
+			'ITEM_AGE_PROTECTED.override',
+			'ITEM_ON_HOLDS_SHELF.override',
+			'MAX_RENEWALS_REACHED.override',
+			'OVERRIDE_HOLD_HAS_LOCAL_COPY',
+			'PATRON_EXCEEDS_CHECKOUT_COUNT.override',
+			'PATRON_EXCEEDS_FINES.override',
+			'PATRON_EXCEEDS_OVERDUE_COUNT.override',
+			'RETRIEVE_RESERVATION_PULL_LIST',
+			'UPDATE_HOLD');
+
+
+-- Add advanced circulation permissions to the Circulation Admin group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Circulation Admin' AND
+		aout.name = 'Branch' AND
+		perm.code IN (
+			'DELETE_USER');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Circulation Admin' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'ADMIN_MAX_FINE_RULE',
+			'CREATE_CIRC_DURATION',
+			'DELETE_CIRC_DURATION',
+			'UPDATE_CIRC_DURATION',
+			'UPDATE_NET_ACCESS_LEVEL',
+			'VIEW_CIRC_MATRIX_MATCHPOINT',
+			'VIEW_HOLD_MATRIX_MATCHPOINT');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Circulation Admin' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'ADMIN_BOOKING_RESERVATION',
+			'ADMIN_BOOKING_RESERVATION_ATTR_MAP',
+			'ADMIN_BOOKING_RESERVATION_ATTR_VALUE_MAP',
+			'ADMIN_BOOKING_RESOURCE',
+			'ADMIN_BOOKING_RESOURCE_ATTR',
+			'ADMIN_BOOKING_RESOURCE_ATTR_MAP',
+			'ADMIN_BOOKING_RESOURCE_ATTR_VALUE',
+			'ADMIN_BOOKING_RESOURCE_TYPE',
+			'ADMIN_COPY_LOCATION_ORDER',
+			'ADMIN_HOLD_CANCEL_CAUSE',
+			'ASSIGN_GROUP_PERM',
+			'BAR_PATRON',
+			'COPY_HOLDS',
+			'COPY_TRANSIT_RECEIVE',
+			'CREATE_BILL',
+			'CREATE_BILLING_TYPE',
+			'CREATE_NON_CAT_TYPE',
+			'CREATE_PATRON_STAT_CAT',
+			'CREATE_PATRON_STAT_CAT_ENTRY',
+			'CREATE_PATRON_STAT_CAT_ENTRY_MAP',
+			'CREATE_USER_GROUP_LINK',
+			'DELETE_BILLING_TYPE',
+			'DELETE_NON_CAT_TYPE',
+			'DELETE_PATRON_STAT_CAT',
+			'DELETE_PATRON_STAT_CAT_ENTRY',
+			'DELETE_PATRON_STAT_CAT_ENTRY_MAP',
+			'DELETE_TRANSIT',
+			'group_application.user.staff',
+			'MANAGE_BAD_DEBT',
+			'MARK_ITEM_AVAILABLE',
+			'MARK_ITEM_BINDERY',
+			'MARK_ITEM_CHECKED_OUT',
+			'MARK_ITEM_ILL',
+			'MARK_ITEM_IN_PROCESS',
+			'MARK_ITEM_IN_TRANSIT',
+			'MARK_ITEM_LOST',
+			'MARK_ITEM_MISSING',
+			'MARK_ITEM_ON_HOLDS_SHELF',
+			'MARK_ITEM_ON_ORDER',
+			'MARK_ITEM_RESHELVING',
+			'MERGE_USERS',
+			'money.collections_tracker.create',
+			'money.collections_tracker.delete',
+			'OFFLINE_EXECUTE',
+			'OFFLINE_UPLOAD',
+			'OFFLINE_VIEW',
+			'REMOVE_USER_GROUP_LINK',
+			'SET_CIRC_CLAIMS_RETURNED',
+			'SET_CIRC_CLAIMS_RETURNED.override',
+			'SET_CIRC_LOST',
+			'SET_CIRC_MISSING',
+			'UNBAR_PATRON',
+			'UPDATE_BILL_NOTE',
+			'UPDATE_NON_CAT_TYPE',
+			'UPDATE_PATRON_CLAIM_NEVER_CHECKED_OUT_COUNT',
+			'UPDATE_PATRON_CLAIM_RETURN_COUNT',
+			'UPDATE_PICKUP_LIB_FROM_HOLDS_SHELF',
+			'UPDATE_PICKUP_LIB_FROM_TRANSIT',
+			'UPDATE_USER',
+			'VIEW_REPORT_OUTPUT',
+			'VIEW_STANDING_PENALTY',
+			'VOID_BILLING',
+			'VOLUME_HOLDS');
+
+
+-- Add basic sys admin permissions to the Local Administrator group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Local Administrator' AND
+		aout.name = 'Branch' AND
+		perm.code IN (
+			'EVERYTHING');
+
+
+-- Add administration permissions to the System Administrator group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'System Administrator' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'EVERYTHING');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'System Administrator' AND
+		aout.name = 'Consortium' AND
+		perm.code ~ '^VIEW_TRIGGER';
+
+
+-- Add administration permissions to the Global Administrator group
+
 INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
-    SELECT 10, id, 0, false FROM permission.perm_list WHERE code LIKE 'VIEW_TRIGGER%';
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Global Administrator' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'EVERYTHING');
+
 
 -- Add basic acquisitions permissions to the Acquisitions group
+
 SELECT SETVAL('permission.grp_perm_map_id_seq'::TEXT, (SELECT MAX(id) FROM permission.grp_perm_map));
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'GENERAL_ACQ'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PICKLIST'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_PICKLIST'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'CREATE_PURCHASE_ORDER'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PURCHASE_ORDER'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'RECEIVE_PURCHASE_ORDER'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'VIEW_PROVIDER'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_COPY'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (6, (SELECT id FROM permission.perm_list WHERE code = 'UPDATE_VOLUME'), 1, false);
-
--- Add acquisitions administration permissions to the Acquisitions group
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (7, (SELECT id FROM permission.perm_list WHERE code = 'ADMIN_PROVIDER'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (7, (SELECT id FROM permission.perm_list WHERE code = 'ADMIN_FUNDING_SOURCE'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (7, (SELECT id FROM permission.perm_list WHERE code = 'ADMIN_ACQ_FUND'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (7, (SELECT id FROM permission.perm_list WHERE code = 'ADMIN_FUND'), 1, false);
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (7, (SELECT id FROM permission.perm_list WHERE code = 'ADMIN_CURRENCY_TYPE'), 1, false);
-
-INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable) VALUES (1, (SELECT id FROM permission.perm_list WHERE code = 'HOLD_ITEM_CHECKED_OUT.override'), 0, false);
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Acquisitions' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'ALLOW_ALT_TCN',
+			'CREATE_BIB_IMPORT_QUEUE',
+			'CREATE_IMPORT_ITEM',
+			'CREATE_INVOICE',
+			'CREATE_MARC',
+			'CREATE_PICKLIST',
+			'CREATE_PURCHASE_ORDER',
+			'DELETE_BIB_IMPORT_QUEUE',
+			'DELETE_IMPORT_ITEM',
+			'DELETE_RECORD',
+			'DELETE_VOLUME',
+			'DELETE_VOLUME_NOTE',
+			'GENERAL_ACQ',
+			'IMPORT_ACQ_LINEITEM_BIB_RECORD',
+			'IMPORT_MARC',
+			'MANAGE_CLAIM',
+			'MANAGE_FUND',
+			'MANAGE_FUNDING_SOURCE',
+			'MANAGE_PROVIDER',
+			'MARK_ITEM_AVAILABLE',
+			'MARK_ITEM_BINDERY',
+			'MARK_ITEM_CHECKED_OUT',
+			'MARK_ITEM_ILL',
+			'MARK_ITEM_IN_PROCESS',
+			'MARK_ITEM_IN_TRANSIT',
+			'MARK_ITEM_LOST',
+			'MARK_ITEM_MISSING',
+			'MARK_ITEM_ON_HOLDS_SHELF',
+			'MARK_ITEM_ON_ORDER',
+			'MARK_ITEM_RESHELVING',
+			'RECEIVE_PURCHASE_ORDER',
+			'UPDATE_BATCH_COPY',
+			'UPDATE_BIB_IMPORT_QUEUE',
+			'UPDATE_COPY',
+			'UPDATE_FUND',
+			'UPDATE_FUND_ALLOCATION',
+			'UPDATE_FUNDING_SOURCE',
+			'UPDATE_IMPORT_ITEM',
+			'UPDATE_MARC',
+			'UPDATE_RECORD',
+			'UPDATE_VOLUME',
+			'user_request.delete',
+			'user_request.update',
+			'user_request.view',
+			'VIEW_ACQ_FUND_ALLOCATION_PERCENT',
+			'VIEW_ACQ_FUNDING_SOURCE',
+			'VIEW_FUND',
+			'VIEW_FUND_ALLOCATION',
+			'VIEW_FUNDING_SOURCE',
+			'VIEW_HOLDS',
+			'VIEW_INVOICE',
+			'VIEW_ORG_SETTINGS',
+			'VIEW_PICKLIST',
+			'VIEW_PROVIDER',
+			'VIEW_PURCHASE_ORDER',
+			'VIEW_REPORT_OUTPUT');
+
+
+-- Add acquisitions administration permissions to the Acquisitions Admin group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, TRUE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Acquisitions Administrator' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'ACQ_XFER_MANUAL_DFUND_AMOUNT',
+			'ADMIN_ACQ_CANCEL_CAUSE',
+			'ADMIN_ACQ_CLAIM',
+			'ADMIN_ACQ_CLAIM_EVENT_TYPE',
+			'ADMIN_ACQ_CLAIM_TYPE',
+			'ADMIN_ACQ_DISTRIB_FORMULA',
+			'ADMIN_ACQ_FISCAL_YEAR',
+			'ADMIN_ACQ_FUND',
+			'ADMIN_ACQ_FUND_ALLOCATION_PERCENT',
+			'ADMIN_ACQ_FUND_TAG',
+			'ADMIN_ACQ_LINE_ITEM_ALERT_TEXT',
+			'ADMIN_CLAIM_POLICY',
+			'ADMIN_CURRENCY_TYPE',
+			'ADMIN_FUND',
+			'ADMIN_FUNDING_SOURCE',
+			'ADMIN_INVOICE',
+			'ADMIN_INVOICE_METHOD',
+			'ADMIN_INVOICE_PAYMENT_METHOD',
+			'ADMIN_LINEITEM_MARC_ATTR_DEF',
+			'ADMIN_PROVIDER',
+			'ADMIN_USER_REQUEST_TYPE',
+			'CREATE_ACQ_FUNDING_SOURCE',
+			'CREATE_FUND',
+			'CREATE_FUND_ALLOCATION',
+			'CREATE_FUNDING_SOURCE',
+			'CREATE_INVOICE_ITEM_TYPE',
+			'CREATE_INVOICE_METHOD',
+			'CREATE_PROVIDER',
+			'DELETE_ACQ_FUNDING_SOURCE',
+			'DELETE_FUND',
+			'DELETE_FUND_ALLOCATION',
+			'DELETE_FUNDING_SOURCE',
+			'DELETE_INVOICE_ITEM_TYPE',
+			'DELETE_INVOICE_METHOD',
+			'DELETE_PROVIDER',
+			'RUN_REPORTS',
+			'SHARE_REPORT_FOLDER',
+			'UPDATE_ACQ_FUNDING_SOURCE',
+			'UPDATE_INVOICE_ITEM_TYPE',
+			'UPDATE_INVOICE_METHOD');
+
+
+-- Add serials permissions to the Serials group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Serials' AND
+		aout.name = 'System' AND
+		perm.code IN (
+			'ADMIN_ASSET_COPY_TEMPLATE',
+			'ADMIN_SERIAL_CAPTION_PATTERN',
+			'ADMIN_SERIAL_DISTRIBUTION',
+			'ADMIN_SERIAL_STREAM',
+			'ADMIN_SERIAL_SUBSCRIPTION',
+			'ISSUANCE_HOLDS',
+			'RECEIVE_SERIAL');
+
+
+-- Add basic staff permissions to the Volunteers group
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Volunteers' AND
+		aout.name = 'Branch' AND
+		perm.code IN (
+			'COPY_CHECKOUT',
+			'CREATE_BILL',
+			'CREATE_IN_HOUSE_USE',
+			'CREATE_PAYMENT',
+			'VIEW_BILLING_TYPE',
+			'VIEW_CIRCS',
+			'VIEW_COPY_CHECKOUT',
+			'VIEW_HOLD',
+			'VIEW_TITLE_HOLDS',
+			'VIEW_TRANSACTION',
+			'VIEW_USER',
+			'VIEW_USER_FINES_SUMMARY',
+			'VIEW_USER_TRANSACTIONS');
+
+INSERT INTO permission.grp_perm_map (grp, perm, depth, grantable)
+	SELECT
+		pgt.id, perm.id, aout.depth, FALSE
+	FROM
+		permission.grp_tree pgt,
+		permission.perm_list perm,
+		actor.org_unit_type aout
+	WHERE
+		pgt.name = 'Volunteers' AND
+		aout.name = 'Consortium' AND
+		perm.code IN (
+			'CREATE_COPY_TRANSIT',
+			'CREATE_TRANSACTION',
+			'CREATE_TRANSIT',
+			'STAFF_LOGIN',
+			'TRANSIT_COPY',
+			'VIEW_ORG_SETTINGS');
+
 
 -- Admin user account
 INSERT INTO actor.usr ( profile, card, usrname, passwd, first_given_name, family_name, dob, master_account, super_user, ident_type, ident_value, home_ou ) VALUES ( 1, 1, md5(random()::text), md5(random()::text), 'Administrator', 'System Account', '1979-01-22', TRUE, TRUE, 1, 'identification', 1 );
-- 
2.43.2