INSERT INTO `salix`.`ACL`
    (model, property, accessType, permission, principalType, principalId)
    VALUES
        ('EntryObservation', '*', '*', 'ALLOW', 'ROLE', 'buyer'),
        ('LdapConfig', '*', '*', 'ALLOW', 'ROLE', 'sysadmin'),
        ('SambaConfig', '*', '*', 'ALLOW', 'ROLE', 'sysadmin'),
        ('ACL', '*', '*', 'ALLOW', 'ROLE', 'developer'),
        ('AccessToken', '*', '*', 'ALLOW', 'ROLE', 'developer'),
        ('MailAliasAccount', '*', '*', 'ALLOW', 'ROLE', 'marketing'),
        ('MailAliasAccount', '*', '*', 'ALLOW', 'ROLE', 'hr'),
        ('MailAlias', '*', '*', 'ALLOW', 'ROLE', 'hr'),
        ('MailForward', '*', '*', 'ALLOW', 'ROLE', 'marketing'),
        ('MailForward', '*', '*', 'ALLOW', 'ROLE', 'hr'),
        ('RoleInherit', '*', '*', 'ALLOW', 'ROLE', 'it'),
        ('RoleRole', '*', '*', 'ALLOW', 'ROLE', 'it'),
        ('AccountConfig', '*', '*', 'ALLOW', 'ROLE', 'sysadmin');

UPDATE `salix`.`ACL`
    SET accessType='*', principalId='it'
    WHERE model = 'Role';

DELETE FROM `salix`.`ACL`
    WHERE id IN (280, 281);

UPDATE `salix`.`ACL`
    SET accessType='*', principalId='marketing'
    WHERE id=279;