diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml
index 29354fe42d..0bdbf64c7b 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-capabilities-context.xml
@@ -101,16 +101,24 @@
         <property name="capabilityService" ref="CapabilityService"/>
     </bean>
     
+    <bean id="declarativeCapability"
+          abstract="true"
+          parent="rmBaseCapability"
+          class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability"/>
+    
+    <bean id="compositeCapability"
+          abstract="true"
+          parent="rmBaseCapability"
+          class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability" />
+    
     <bean id="rmAccessAuditCapability" 
-          parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+          parent="declarativeCapability">
    		<property name="name" value="AccessAudit"/>
    		<property name="permission" value="AccessAudit"/>
     </bean>
     
     <bean id="rmAddModifyEventDatesCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="AddModifyEventDates"/>
    		<property name="permission" value="AddModifyEventDates"/>   		
 		<property name="kinds">
@@ -129,8 +137,7 @@
     </bean>
     
     <bean id="rmApproveRecordsScheduledForCutoffCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="ApproveRecordsScheduledForCutoff"/>
    		<property name="permission" value="ApproveRecordsScheduledForCutoff"/>   		
 		<property name="kinds">
@@ -148,15 +155,13 @@
     </bean>
     
     <bean id="rmAttachRulesToMetadataPropertiesCapability" 
-          parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+          parent="declarativeCapability">
     	<property name="name" value="AttachRulesToMetadataProperties"/>
    		<property name="permission" value="AttachRulesToMetadataProperties"/>
     </bean>
         
     <bean id="rmAuthorizeAllTransfersCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="AuthorizeAllTransfers"/>
    		<property name="permission" value="AuthorizeAllTransfers"/>   		
    		<property name="conditions">
@@ -167,8 +172,7 @@
     </bean>
     
     <bean id="rmAuthorizeNominatedTransfersCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="AuthorizeNominatedTransfers"/>
    		<property name="permission" value="AuthorizeNominatedTransfers"/>   		
    		<property name="conditions">
@@ -192,8 +196,7 @@
     </bean>
     
     <bean id="rmCloseFoldersCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="CloseFolders"/>
    		<property name="permission" value="CloseFolders"/>   		
 		<property name="kinds">
@@ -212,29 +215,25 @@
     </bean>
     
     <bean id="rmCreateAndAssociateSelectionListsCapability" 
-    	  parent="rmBaseCapability"  
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
     	<property name="name" value="CreateAndAssociateSelectionLists"/>
    		<property name="permission" value="CreateAndAssociateSelectionLists"/>
     </bean>
     
     <bean id="rmCreateModifyDestroyClassificationGuidesCapability" 
-          parent="rmBaseCapability"   
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+          parent="declarativeCapability">
     	<property name="name" value="CreateModifyDestroyClassificationGuides"/>
    		<property name="permission" value="CreateModifyDestroyClassificationGuides"/>
     </bean>
     
     <bean id="rmCreateModifyDestroyEventsCapability" 
-	      parent="rmBaseCapability" 
-	      class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+	      parent="declarativeCapability">
 		<property name="name" value="CreateModifyDestroyEvents" />
 		<property name="permission" value="CreateModifyDestroyEvents" />
 	</bean>
 
     <bean id="rmCreateModifyDestroyFileplanMetadataCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="CreateModifyDestroyFileplanMetadata"/>
    		<property name="permission" value="CreateModifyDestroyFileplanMetadata"/>   		
 		<property name="kinds">
@@ -252,22 +251,20 @@
     </bean>
     
     <bean id="rmCreateModifyDestroyFileplanTypesCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="CreateModifyDestroyFileplanTypes" />
 		<property name="permission" value="CreateModifyDestroyFileplanTypes" />
 	</bean>
 
     <bean id="rmCreateModifyDestroyFoldersCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="CreateModifyDestroyFolders"/>
    		<property name="permission" value="CreateModifyDestroyFolders"/>   		
 		<property name="kinds">
 			<list>
 			    <value>RECORD_CATEGORY</value>
 				<value>RECORD_FOLDER</value>
-				<value>RECORD</value>
+				<!-- <value>RECORD</value> -->
 			</list>
 		</property>	
    		<property name="conditions">
@@ -281,43 +278,37 @@
     </bean>
         
     <bean id="rmCreateModifyDestroyRecordTypesCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="CreateModifyDestroyRecordTypes" />
 		<property name="permission" value="CreateModifyDestroyRecordTypes" />
 	</bean>
         
     <bean id="rmCreateModifyDestroyReferenceTypesCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="CreateModifyDestroyReferenceTypes" />
 		<property name="permission" value="CreateModifyDestroyReferenceTypes" />
 	</bean>
     
     <bean id="rmCreateModifyDestroyRolesCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="CreateModifyDestroyRoles" />
 		<property name="permission" value="CreateModifyDestroyRoles" />
 	</bean>
     
     <bean id="rmCreateModifyDestroyTimeframesCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="CreateModifyDestroyTimeframes" />
 		<property name="permission" value="CreateModifyDestroyTimeframes" />
 	</bean>
     
     <bean id="rmCreateModifyDestroyUsersAndGroupsCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="CreateModifyDestroyUsersAndGroups" />
 		<property name="permission" value="CreateModifyDestroyUsersAndGroups" />
 	</bean>
     
     <bean id="rmCreateModifyRecordsInCuttoffFoldersCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="CreateModifyRecordsInCutoffFolders"/>
    		<property name="permission" value="CreateModifyRecordsInCutoffFolders"/>   		
 		<property name="kinds">
@@ -337,8 +328,7 @@
     </bean>
     
     <bean id="rmCycleVitalRecordsCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="CycleVitalRecords"/>
    		<property name="permission" value="CycleVitalRecords"/>   		
 		<property name="kinds">
@@ -359,15 +349,13 @@
     </bean>
     
     <bean id="rmDeclareAuditAsRecordCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="DeclareAuditAsRecord" />
 		<property name="permission" value="DeclareAuditAsRecord" />
 	</bean>
     
     <bean id="rmDeclareRecordsCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="DeclareRecords"/>
    		<property name="permission" value="DeclareRecords"/>   		
 		<property name="kinds">
@@ -387,8 +375,7 @@
     </bean>
         
     <bean id="rmDeclareRecordsInClosedFoldersCapability"  
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="DeclareRecordsInClosedFolders"/>
    		<property name="permission" value="DeclareRecordsInClosedFolders"/>   		
 		<property name="kinds">
@@ -408,8 +395,7 @@
     </bean>
     
     <bean id="rmDeleteAuditCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="DeleteAudit" />
 		<property name="permission" value="DeleteAudit" />
 	</bean>
@@ -429,12 +415,12 @@
     </bean>
    
     <bean id="rmDeleteRecordsCapability"   
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="DeleteRecords"/>
    		<property name="permission" value="DeleteRecords"/>   		
 		<property name="kinds">
-			<list>
+			<list>			    
+				<!-- <value>RECORD_FOLDER</value> -->
 				<value>RECORD</value>
 			</list>
 		</property>	
@@ -446,8 +432,7 @@
     </bean>   
    
     <bean id="rmDestroyRecordsCapability"
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="DestroyRecords"/>
    		<property name="permission" value="DestroyRecords"/>   		
 		<property name="kinds">
@@ -465,8 +450,7 @@
     </bean>    
     
     <bean id="rmDestroyRecordsScheduledForDestructionCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="DestroyRecordsScheduledForDestruction"/>
    		<property name="permission" value="DestroyRecordsScheduledForDestruction"/>   		
    		<property name="conditions">
@@ -478,15 +462,13 @@
     </bean>
     
     <bean id="rmDisplayRightsReportCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="DisplayRightsReport" />
 		<property name="permission" value="DisplayRightsReport" />
 	</bean>
     
     <bean id="rmEditDeclaredRecordMetadataCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="EditDeclaredRecordMetadata"/>
    		<property name="permission" value="EditDeclaredRecordMetadata"/>   		
 		<property name="kinds">
@@ -506,8 +488,7 @@
     </bean>    
     
     <bean id="rmEditNonRecordMetadataCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="EditNonRecordMetadata"/>
    		<property name="permission" value="EditNonRecordMetadata"/>   		
    		<property name="conditions">
@@ -539,29 +520,25 @@
     </bean>  
     
     <bean id="rmEditSelectionListsCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="EditSelectionLists" />
 		<property name="permission" value="EditSelectionLists" />
 	</bean>
 	
     <bean id="rmEnableDisableAuditByTypesCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="EnableDisableAuditByTypes" />
 		<property name="permission" value="EnableDisableAuditByTypes" />
 	</bean>
 
     <bean id="rmExportAuditCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="ExportAudit" />
 		<property name="permission" value="ExportAudit" />
 	</bean>
 
     <bean id="rmExtendRetentionPeriodOrFreezeCapability"  
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="ExtendRetentionPeriodOrFreeze"/>
    		<property name="permission" value="ExtendRetentionPeriodOrFreeze"/>   	 		
 		<property name="kinds">
@@ -578,30 +555,46 @@
    		</property>
     </bean>
     
+    <bean id="rmFileCapability"
+          parent="declarativeCapability">
+    	<property name="name" value="File"/>
+    	<property name="private" value="true"/>
+    	<property name="conditions">
+    		<map>
+    			<entry key="capabilityCondition.filling" value="true"/>
+            	<entry key="capabilityCondition.frozen" value="false"/> 
+            	<entry key="capabilityCondition.cutoff" value="false"/>  
+            	<entry key="capabilityCondition.closed" value="false"/>  
+            	<entry key="capabilityCondition.declared" value="false"/>
+    		</map>
+    	</property>
+    </bean>
+    
     <bean id="rmFileRecordsCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.impl.FileRecordsCapability">
+    	  parent="compositeCapability">
 		<property name="name" value="FileRecords" />
-		<property name="dictionaryService" ref="DictionaryService"/>
+		<property name="capabilities">
+			<list>
+				<ref bean="rmFileCapability"/>				
+				<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>	
+			</list>
+		</property>	
 	</bean>
     
     <bean id="rmMakeOptionalPropertiesMandatoryCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="MakeOptionalParametersMandatory" />
 		<property name="permission" value="MakeOptionalParametersMandatory" />
 	</bean>
     
     <bean id="rmManageAccessControlsCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="ManageAccessControls" />
 		<property name="permission" value="ManageAccessControls" />
 	</bean>
 
     <bean id="rmManageAccessRightsCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="ManageAccessRights"/>
    		<property name="permission" value="ManageAccessRights"/>   		
    		<property name="conditions">
@@ -612,8 +605,7 @@
     </bean>    
     
     <bean id="rmManuallyChangeDispositionDatesCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="ManuallyChangeDispositionDates"/>
    		<property name="permission" value="ManuallyChangeDispositionDates"/>   		
    		<property name="conditions">
@@ -625,15 +617,13 @@
     </bean>
     
     <bean id="rmMapClassificationGuideMetadataCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="MapClassificationGuideMetadata" />
 		<property name="permission" value="MapClassificationGuideMetadata" />
 	</bean>
 
     <bean id="rmMapEmailMetadataCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="MapEmailMetadata" />
 		<property name="permission" value="MapEmailMetadata" />
 	</bean>
@@ -645,8 +635,7 @@
 	</bean>
     
     <bean id="rmPasswordControlCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="PasswordControl" />
 		<property name="permission" value="PasswordControl" />
 	</bean>
@@ -667,8 +656,7 @@
     </bean>
     
     <bean id="rmReOpenFoldersCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="ReOpenFolders"/>
    		<property name="permission" value="ReOpenFolders"/>   		
 		<property name="kinds">
@@ -687,15 +675,13 @@
     </bean>
     
     <bean id="rmSelectAuditMetadataCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="SelectAuditMetadata" />
 		<property name="permission" value="SelectAuditMetadata" />
 	</bean>
     
     <bean id="rmTriggerAnEventCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="TriggerAnEvent"/>
    		<property name="permission" value="TriggerAnEvent"/>   		
 		<property name="kinds">
@@ -714,8 +700,7 @@
     </bean>    
     
     <bean id="rmUndeclareRecordsCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="UndeclareRecords"/>
    		<property name="permission" value="UndeclareRecords"/>   		
 		<property name="kinds">
@@ -733,8 +718,7 @@
     </bean>
     
     <bean id="rmUnfreezeCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="Unfreeze"/>
    		<property name="permission" value="Unfreeze"/>   		
    		<property name="conditions">
@@ -746,22 +730,19 @@
     </bean>
     
     <bean id="rmUpdateClassificationDatesCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="UpdateClassificationDates" />
 		<property name="permission" value="UpdateClassificationDates" />
 	</bean>
 
     <bean id="rmUpdateExemptionCategoriesCapability" 
-		  parent="rmBaseCapability" 
-		  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+		  parent="declarativeCapability">
 		<property name="name" value="UpdateExemptionCategories" />
 		<property name="permission" value="UpdateExemptionCategories" />
 	</bean>
 
     <bean id="rmUpdateTriggerDatesCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="UpdateTriggerDates"/>
    		<property name="permission" value="UpdateTriggerDates"/>   		
    		<property name="conditions">
@@ -772,8 +753,7 @@
     </bean>    
     
     <bean id="rmUpdateVitalRecordCycleInformationCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="UpdateVitalRecordCycleInformation"/>
    		<property name="permission" value="UpdateVitalRecordCycleInformation"/>   		
    		<property name="conditions">
@@ -784,8 +764,7 @@
     </bean>
     
     <bean id="rmUpgradeDowngradeAndDeclassifyRecordsCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="UpgradeDowngradeAndDeclassifyRecords"/>
    		<property name="permission" value="UpgradeDowngradeAndDeclassifyRecords"/>   		
    		<property name="conditions">
@@ -802,8 +781,7 @@
 	</bean>
     
     <bean id="rmViewUpdateReasonsForFreezeCapability" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="ViewUpdateReasonsForFreeze"/>
    		<property name="permission" value="ViewUpdateReasonsForFreeze"/>   		
    		<property name="conditions">
@@ -812,41 +790,79 @@
    			</map>
    		</property>
     </bean>
-
-    <!--  Group capabilities -->
     
-    <bean id="rmCreate" parent="rmBaseCapability" class="org.alfresco.module.org_alfresco_module_rm.capability.group.CreateCapability">
+    <!--  'private' capabilities -->
+    
+    <bean id="rmCreate" 
+    	  parent="rmBaseCapability" 
+    	  class="org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability">
         <property name="name" value="Create"/>
-    	<property name="groupCapability" value="true"/>
+    	<property name="private" value="true"/>
     </bean>
     
-    <bean id="rmDelete" parent="rmBaseCapability" class="org.alfresco.module.org_alfresco_module_rm.capability.group.DeleteCapability">
+    <bean id="rmDelete" 
+    	  parent="compositeCapability">
         <property name="name" value="Delete"/>
-    	<property name="groupCapability" value="true"/>
+    	<property name="private" value="true"/>
+    	<property name="capabilities">
+    		<list>
+    			<ref bean="rmDestroyRecordsScheduledForDestructionCapability"/>    			
+    			<ref bean="rmDestroyRecordsCapability"/>    			
+    			<ref bean="rmDeleteRecordsCapability"/>    			
+    			<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>    			
+    			<ref bean="rmCreateModifyDestroyFoldersCapability"/>    			
+    		</list>
+    	</property>
     </bean>
     
-    <bean id="rmUpdate" parent="rmBaseCapability" class="org.alfresco.module.org_alfresco_module_rm.capability.group.UpdateCapability">
+    <bean id="rmUpdate" 
+    	  parent="compositeCapability" 
+    	  class="org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability">
         <property name="name" value="Update"/>
-    	<property name="groupCapability" value="true"/>
+    	<property name="private" value="true"/>
+    	<property name="capabilities">
+    		<list>
+    			<ref bean="rmCreateModifyDestroyFoldersCapability"/>    			
+    			<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>    			
+    			<ref bean="rmEditDeclaredRecordMetadataCapability"/>
+    			<ref bean="rmEditNonRecordMetadataCapability"/>
+    			<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
+    		</list>
+    	</property>
     </bean>
     
     <bean id="rmUpdateProperties" 
-          parent="rmBaseCapability" 
-          class="org.alfresco.module.org_alfresco_module_rm.capability.group.UpdatePropertiesCapability">
+          parent="compositeCapability" 
+          class="org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability">
         <property name="name" value="UpdateProperties"/>
-    	<property name="groupCapability" value="true"/>
+    	<property name="private" value="true"/>
+    	<property name="capabilities">
+    		<list>
+    			<ref bean="rmCreateModifyDestroyFoldersCapability"/>    			
+    			<ref bean="rmCreateModifyDestroyFileplanMetadataCapability"/>    			
+    			<ref bean="rmEditDeclaredRecordMetadataCapability"/>
+    			<ref bean="rmEditNonRecordMetadataCapability"/>
+    			<ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
+    		</list>
+    	</property>
     </bean>
     
-    <bean id="rmDeclare" parent="rmBaseCapability" class="org.alfresco.module.org_alfresco_module_rm.capability.group.DeclareCapability">
+    <bean id="rmDeclare" 
+    	  parent="compositeCapability">
     	<property name="name" value="Declare"/>
-    	<property name="groupCapability" value="true"/>
+    	<property name="private" value="true"/>
+    	<property name="capabilities">
+    		<list>
+    			<ref bean="rmDeclareRecordsCapability"/>    			
+    			<ref bean="rmDeclareRecordsInClosedFoldersCapability"/>   
+    		</list>
+    	</property>
     </bean>
     
     <bean id="rmWriteContent" 
-    	  parent="rmBaseCapability" 
-    	  class="org.alfresco.module.org_alfresco_module_rm.capability.group.WriteContentCapability">
+    	  parent="declarativeCapability">
    		<property name="name" value="WriteContent"/>  		
-    	<property name="groupCapability" value="true"/>  		
+    	<property name="private" value="true"/>  		
 		<property name="kinds">
 			<list>
 				<value>RECORD</value>
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml
index 2b018359af..a882c2d8d1 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-model-context.xml
@@ -89,6 +89,7 @@
         <property name="dispositionService" ref="dispositionService"/>
         <property name="recordsManagementServiceRegistry" ref="RecordsManagementServiceRegistry"/>
         <property name="vitalRecordService" ref="VitalRecordService"/>
+        <property name="nodeService" ref="nodeService"/>
     </bean>
     
     <!--  Base bean definition for customisable types bootstrap -->
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
index 18d3b99aff..98d1b16067 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
@@ -394,6 +394,7 @@
 				<value>RECORD_FOLDER</value>
 			</set>
 		</property>
+		<property name="capability" value ="FileRecords"/>
 	</bean>
 	
 	<bean id="jsonConversionComponent.reviewedAction"
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
index 5ad0a2c4fa..9e8f60e7e3 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
@@ -52,8 +52,8 @@ public abstract class AbstractCapability extends RMSecurityCommon
     /** Capability name */
     protected String name;
     
-    /** Indicates whether this is a group capability or not */
-    protected boolean isGroupCapability = false;
+    /** Indicates whether this is a private capability or not */
+    protected boolean isPrivate = false;
 
     /** List of actions */
     protected List<RecordsManagementAction> actions = new ArrayList<RecordsManagementAction>(1);
@@ -116,19 +116,19 @@ public abstract class AbstractCapability extends RMSecurityCommon
     }
 
     /**
-     * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#isGroupCapability()
+     * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#isPrivate()
      */
-    public boolean isGroupCapability()
+    public boolean isPrivate()
     {
-        return isGroupCapability;
+        return isPrivate;
     }
 
     /**
-     * @param isGroupCapability indicates whether this is a group capability or not
+     * @param isPrivate indicates whether the capability is private or not
      */
-    public void setGroupCapability(boolean isGroupCapability)
+    public void setPrivate(boolean isPrivate)
     {
-        this.isGroupCapability = isGroupCapability;
+        this.isPrivate = isPrivate;
     }
     
     /**
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java
index 33e1d675d0..7b0eb3c35d 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/Capability.java
@@ -62,11 +62,12 @@ public interface Capability
     int evaluate(NodeRef source, NodeRef target);
     
     /**
-     * Indicates whether this is a group capability or not
+     * Indicates whether this is a private capability or not.  Private capabilities are used internally, otherwise
+     * they are made available to the user to assign to roles.
      * 
      * @return
      */
-    boolean isGroupCapability();
+    boolean isPrivate();
     
     /**
      * Get the name of the capability
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java
index 6e5a32a88e..71b50ef918 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/CapabilityService.java
@@ -26,21 +26,25 @@ import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.AccessStatus;
 
 /**
+ * Capability service implementation
+ * 
  * @author Roy Wetherall
  * @since 2.0
  */
 public interface CapabilityService
 {
     /**
+     * Register a capability
      * 
-     * @param capability
+     * @param capability    capability
      */
     void registerCapability(Capability capability);
     
     /**
+     * Get a named capability.
      * 
-     * @param name
-     * @return
+     * @param name  capability name
+     * @return {@link Capability}   capability or null if not found
      */
     Capability getCapability(String name);
     
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java
index db7326ac98..dd8549c68c 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMEntryVoter.java
@@ -37,10 +37,10 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
 
 import org.alfresco.module.org_alfresco_module_rm.RecordsManagementService;
 import org.alfresco.module.org_alfresco_module_rm.action.RecordsManagementAction;
-import org.alfresco.module.org_alfresco_module_rm.capability.group.CreateCapability;
-import org.alfresco.module.org_alfresco_module_rm.capability.group.UpdateCapability;
-import org.alfresco.module.org_alfresco_module_rm.capability.group.UpdatePropertiesCapability;
+import org.alfresco.module.org_alfresco_module_rm.capability.impl.CreateCapability;
 import org.alfresco.module.org_alfresco_module_rm.capability.impl.MoveRecordsCapability;
+import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdateCapability;
+import org.alfresco.module.org_alfresco_module_rm.capability.impl.UpdatePropertiesCapability;
 import org.alfresco.module.org_alfresco_module_rm.caveat.RMCaveatConfigComponent;
 import org.alfresco.module.org_alfresco_module_rm.disposition.DispositionService;
 import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel;
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java
new file mode 100644
index 0000000000..56dfcd6922
--- /dev/null
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/CompositeCapability.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2005-2012 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.capability.declarative;
+
+import java.util.List;
+
+import net.sf.acegisecurity.vote.AccessDecisionVoter;
+
+import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
+import org.alfresco.service.cmr.repository.NodeRef;
+
+/**
+ * Generic implementation of a composite capability 
+ * 
+ * @author Roy Wetherall
+ */
+public class CompositeCapability extends DeclarativeCapability
+{
+    /** List of capabilities */
+    private List<Capability> capabilities;
+    
+    /**
+     * @param capabilites   list of capabilities
+     */
+    public void setCapabilities(List<Capability> capabilities)
+    {
+        this.capabilities = capabilities;
+    }
+    
+    @Override
+    public int evaluateImpl(NodeRef nodeRef)
+    {   
+        int result = AccessDecisionVoter.ACCESS_DENIED;
+        
+        // Check each capability using 'OR' logic
+        for (Capability capability : capabilities)
+        {
+            int capabilityResult = capability.evaluate(nodeRef);
+            if (capabilityResult == AccessDecisionVoter.ACCESS_GRANTED) 
+            {
+                result = AccessDecisionVoter.ACCESS_GRANTED;
+                break;
+            }
+        }
+        
+        return result;
+    }
+
+}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java
index 40e1a9ac17..ad48640e9c 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/DeclarativeCapability.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2011 Alfresco Software Limited.
+ * Copyright (C) 2005-2012 Alfresco Software Limited.
  *
  * This file is part of Alfresco
  *
@@ -118,7 +118,7 @@ public class DeclarativeCapability extends AbstractCapability implements Applica
      */
     protected boolean checkPermissionsImpl(NodeRef nodeRef, String ... permissions)
     {
-        boolean result = true;
+        boolean result = true;        
         NodeRef filePlan = rmService.getFilePlan(nodeRef);
         
         for (String permission : permissions)
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/DeclaredCapabilityCondition.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/DeclaredCapabilityCondition.java
index 76cc017214..b57801aab4 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/DeclaredCapabilityCondition.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/declarative/condition/DeclaredCapabilityCondition.java
@@ -18,6 +18,7 @@
  */
 package org.alfresco.module.org_alfresco_module_rm.capability.declarative.condition;
 
+import org.alfresco.module.org_alfresco_module_rm.FilePlanComponentKind;
 import org.alfresco.module.org_alfresco_module_rm.capability.declarative.AbstractCapabilityCondition;
 import org.alfresco.service.cmr.repository.NodeRef;
 
@@ -29,6 +30,11 @@ public class DeclaredCapabilityCondition extends AbstractCapabilityCondition
     @Override
     public boolean evaluate(NodeRef nodeRef)
     {
-        return rmService.isRecordDeclared(nodeRef);
+        boolean result = false;
+        if (FilePlanComponentKind.RECORD.equals(rmService.getFilePlanComponentKind(nodeRef)) == true)
+        {
+            result = rmService.isRecordDeclared(nodeRef);
+        }
+        return result;
     }
 }
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java
deleted file mode 100644
index 060b5f83c6..0000000000
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeclareCapability.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (C) 2005-2011 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.module.org_alfresco_module_rm.capability.group;
-
-import net.sf.acegisecurity.vote.AccessDecisionVoter;
-
-import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
-import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
-import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
-import org.alfresco.service.cmr.repository.NodeRef;
-
-/**
- * Composite Declare capability
- * 
- * @author andyh
- */
-public class DeclareCapability extends AbstractCapability
-{
-    /*
-     * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
-     */
-    public int evaluate(NodeRef declaree)
-    {
-        Capability recordsCapability = capabilityService.getCapability(RMPermissionModel.DECLARE_RECORDS);
-        Capability inClosedCapability = capabilityService.getCapability(RMPermissionModel.DECLARE_RECORDS_IN_CLOSED_FOLDERS);
-        
-        if (recordsCapability.hasPermissionRaw(declaree) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        if (inClosedCapability.hasPermissionRaw(declaree) == AccessDecisionVoter.ACCESS_GRANTED) 
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        return AccessDecisionVoter.ACCESS_DENIED;
-    }
-
-}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java
deleted file mode 100644
index 9b7395d851..0000000000
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/DeleteCapability.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (C) 2005-2011 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.module.org_alfresco_module_rm.capability.group;
-
-import net.sf.acegisecurity.vote.AccessDecisionVoter;
-
-import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
-import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
-import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
-import org.alfresco.service.cmr.repository.NodeRef;
-
-/**
- * @author andyh
- */
-public class DeleteCapability extends AbstractCapability
-{
-    /**
-     * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
-     */
-    public int evaluate(NodeRef deletee)
-    {
-        Capability schedRec = capabilityService.getCapability(RMPermissionModel.DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION);
-        Capability destroy = capabilityService.getCapability(RMPermissionModel.DESTROY_RECORDS);
-        Capability delete = capabilityService.getCapability(RMPermissionModel.DELETE_RECORDS);
-        Capability desfileplan = capabilityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FILEPLAN_METADATA);
-        Capability desfolder = capabilityService.getCapability(RMPermissionModel.CREATE_MODIFY_DESTROY_FOLDERS);
-        
-        if (schedRec.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        if (destroy.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        if (delete.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        if (desfileplan.evaluate(deletee) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        if (desfolder.evaluate(deletee, null) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        return AccessDecisionVoter.ACCESS_DENIED;
-    }
-
-}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java
deleted file mode 100644
index 671dad38a9..0000000000
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdateCapability.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (C) 2005-2011 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.module.org_alfresco_module_rm.capability.group;
-
-import java.io.Serializable;
-import java.util.Map;
-
-import net.sf.acegisecurity.vote.AccessDecisionVoter;
-
-import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
-import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
-import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.namespace.QName;
-
-/**
- * @author andyh
- */
-public class UpdateCapability extends AbstractCapability
-{
-    /**
-     * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
-     */
-    @Override
-    public int evaluate(NodeRef nodeRef)
-    {
-        return evaluate(nodeRef, null, null);
-    }
-
-    /**
-     * 
-     * @param nodeRef
-     * @param aspectQName
-     * @param properties
-     * @return
-     */
-    public int evaluate(NodeRef nodeRef, QName aspectQName, Map<QName, Serializable> properties)
-    {
-        if ((aspectQName != null) && (voter.isProtectedAspect(nodeRef, aspectQName)))
-        {
-            return AccessDecisionVoter.ACCESS_DENIED;
-        }
-        if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
-        {
-            return AccessDecisionVoter.ACCESS_DENIED;
-        }
-        
-        Capability destFolder = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FOLDERS);
-        if (destFolder.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        Capability fileplanMeta = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FILEPLAN_METADATA);
-        if (fileplanMeta.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        Capability recordMeta = capabilityService.getCapability(EDIT_DECLARED_RECORD_METADATA);
-        if (recordMeta.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        Capability nonRecordMetadata = capabilityService.getCapability(EDIT_NON_RECORD_METADATA);
-        if (nonRecordMetadata.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        Capability editRecordMetadata = capabilityService.getCapability(EDIT_RECORD_METADATA);
-        if (editRecordMetadata.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        return AccessDecisionVoter.ACCESS_DENIED;
-    }
-}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java
deleted file mode 100644
index b1423fcd29..0000000000
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/UpdatePropertiesCapability.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (C) 2005-2011 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.module.org_alfresco_module_rm.capability.group;
-
-import java.io.Serializable;
-import java.util.Map;
-
-import net.sf.acegisecurity.vote.AccessDecisionVoter;
-
-import org.alfresco.module.org_alfresco_module_rm.capability.AbstractCapability;
-import org.alfresco.module.org_alfresco_module_rm.capability.Capability;
-import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.namespace.QName;
-
-/**
- * @author andyh
- */
-public class UpdatePropertiesCapability extends AbstractCapability
-{
-    /**
-     * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
-     */
-    @Override
-    public int evaluate(NodeRef nodeRef)
-    {
-        return evaluate(nodeRef, (Map<QName, Serializable>)null);
-    }
-
-    /**
-     * Evaluate cabability
-     * 
-     * @param nodeRef
-     * @param properties
-     * @return
-     */
-    public int evaluate(NodeRef nodeRef, Map<QName, Serializable> properties)
-    {
-        if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
-        {
-            return AccessDecisionVoter.ACCESS_DENIED;
-        }   
-        
-        Capability cap1 = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FOLDERS);
-        if (cap1.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        Capability cap2 = capabilityService.getCapability(CREATE_MODIFY_DESTROY_FILEPLAN_METADATA);
-        if (cap2.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        Capability cap3 = capabilityService.getCapability(EDIT_DECLARED_RECORD_METADATA);
-        if (cap3.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        Capability cap4 = capabilityService.getCapability(EDIT_NON_RECORD_METADATA);
-        if (cap4.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        Capability cap5 = capabilityService.getCapability(EDIT_RECORD_METADATA);
-        if (cap5.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        Capability cap6 = capabilityService.getCapability(CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS);
-        if (cap6.evaluate(nodeRef) == AccessDecisionVoter.ACCESS_GRANTED)
-        {
-            return AccessDecisionVoter.ACCESS_GRANTED;
-        }
-        
-        return AccessDecisionVoter.ACCESS_DENIED;
-    }
-}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/WriteContentCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/WriteContentCapability.java
deleted file mode 100644
index 0da5b4a3fc..0000000000
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/WriteContentCapability.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (C) 2005-2011 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.module.org_alfresco_module_rm.capability.group;
-
-import net.sf.acegisecurity.vote.AccessDecisionVoter;
-
-import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
-import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
-import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.security.AccessStatus;
-
-/**
- * @author andyh
- */
-public class WriteContentCapability extends DeclarativeCapability
-{
-    /**
-     * @see org.alfresco.module.org_alfresco_module_rm.capability.Capability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
-     */
-    public int evaluate(NodeRef nodeRef)
-    {
-        int result = AccessDecisionVoter.ACCESS_ABSTAIN;
-        
-        if (rmService.isFilePlanComponent(nodeRef))
-        {
-            result = AccessDecisionVoter.ACCESS_DENIED;
-            
-            if (checkKinds(nodeRef) == true && checkConditions(nodeRef) == true)
-            {
-                if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
-                {
-                    result = AccessDecisionVoter.ACCESS_GRANTED;
-                }
-            }            
-        }
-        
-        return result;
-    }
-}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/CreateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
similarity index 95%
rename from rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/CreateCapability.java
rename to rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
index b19d558a4e..a54bda2968 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/group/CreateCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/CreateCapability.java
@@ -16,7 +16,7 @@
  * You should have received a copy of the GNU Lesser General Public License
  * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
  */
-package org.alfresco.module.org_alfresco_module_rm.capability.group;
+package org.alfresco.module.org_alfresco_module_rm.capability.impl;
 
 import java.util.HashMap;
 import java.util.Map;
@@ -26,7 +26,6 @@ import net.sf.acegisecurity.vote.AccessDecisionVoter;
 import org.alfresco.model.ContentModel;
 import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
 import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
-import org.alfresco.module.org_alfresco_module_rm.capability.impl.ChangeOrDeleteReferencesCapability;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.AccessStatus;
 import org.alfresco.service.namespace.QName;
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/FileRecordsCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/FileRecordsCapability.java
deleted file mode 100644
index e8ecaa6829..0000000000
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/FileRecordsCapability.java
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (C) 2005-2011 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.module.org_alfresco_module_rm.capability.impl;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import net.sf.acegisecurity.vote.AccessDecisionVoter;
-
-import org.alfresco.model.ContentModel;
-import org.alfresco.module.org_alfresco_module_rm.capability.RMPermissionModel;
-import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
-import org.alfresco.service.cmr.dictionary.DictionaryService;
-import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.security.AccessStatus;
-import org.alfresco.service.namespace.QName;
-
-/**
- * File records capability.
- * 
- * @author andyh
- */
-public class FileRecordsCapability extends DeclarativeCapability
-{
-    /** Dictionary service */
-    private DictionaryService dictionaryService;
-    
-    /**
-     * @param dictionaryService dictionary service
-     */
-    public void setDictionaryService(DictionaryService dictionaryService)
-    {
-        this.dictionaryService = dictionaryService;
-    }
-    
-    /**
-     * @see org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability#evaluate(org.alfresco.service.cmr.repository.NodeRef)
-     */
-    public int evaluate(NodeRef nodeRef)
-    {
-        if (rmService.isFilePlanComponent(nodeRef))
-        {            
-            // Build the conditions map
-            Map<String, Boolean> conditions = new HashMap<String, Boolean>(5);
-            conditions.put("capabilityCondition.filling", Boolean.TRUE);
-            conditions.put("capabilityCondition.frozen", Boolean.FALSE); 
-            conditions.put("capabilityCondition.cutoff", Boolean.FALSE);  
-            conditions.put("capabilityCondition.closed", Boolean.FALSE);  
-            conditions.put("capabilityCondition.declared", Boolean.FALSE);
-            
-            if (isFileable(nodeRef) || (rmService.isRecord(nodeRef) && checkConditions(nodeRef, conditions) == true))
-            {
-                if (permissionService.hasPermission(nodeRef, RMPermissionModel.FILE_RECORDS) == AccessStatus.ALLOWED)
-                {
-                    return AccessDecisionVoter.ACCESS_GRANTED;
-                }
-            }
-            
-            conditions.put("capabilityCondition.closed", Boolean.TRUE);
-            if (isFileable(nodeRef) || (rmService.isRecord(nodeRef) && checkConditions(nodeRef, conditions) == true))
-            {
-                if (checkPermissionsImpl(nodeRef, DECLARE_RECORDS_IN_CLOSED_FOLDERS) == true)
-                {
-                    return AccessDecisionVoter.ACCESS_GRANTED;
-                }
-            }            
-            
-            conditions.put("capabilityCondition.cutoff", Boolean.TRUE);  
-            conditions.remove("capabilityCondition.closed");  
-            conditions.remove("capabilityCondition.declared");
-            if (isFileable(nodeRef) || (rmService.isRecord(nodeRef) && checkConditions(nodeRef, conditions) == true))
-            {
-                if (checkPermissionsImpl(nodeRef, CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS) == true)
-                {
-                    return AccessDecisionVoter.ACCESS_GRANTED;
-                }
-            }
-
-            return AccessDecisionVoter.ACCESS_DENIED;
-
-        }
-        else
-        {
-            return AccessDecisionVoter.ACCESS_ABSTAIN;
-        }
-    }
-    
-    /**
-     * Indicate whether a node if 'fileable' or not.
-     * 
-     * @param nodeRef   node reference
-     * @return boolean  true if the node is filable, false otherwise
-     */
-    public boolean isFileable(NodeRef nodeRef)
-    {
-        QName type = nodeService.getType(nodeRef);
-        return dictionaryService.isSubClass(type, ContentModel.TYPE_CONTENT);
-    }
-}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java
index 376172dcfc..4b25b7f271 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/MoveRecordsCapability.java
@@ -21,7 +21,6 @@ package org.alfresco.module.org_alfresco_module_rm.capability.impl;
 import net.sf.acegisecurity.vote.AccessDecisionVoter;
 
 import org.alfresco.module.org_alfresco_module_rm.capability.declarative.DeclarativeCapability;
-import org.alfresco.module.org_alfresco_module_rm.capability.group.CreateCapability;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.QName;
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java
new file mode 100644
index 0000000000..db528dcd0c
--- /dev/null
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdateCapability.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2005-2011 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.capability.impl;
+
+import java.io.Serializable;
+import java.util.Map;
+
+import net.sf.acegisecurity.vote.AccessDecisionVoter;
+
+import org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.namespace.QName;
+
+/**
+ * Update capability implementation.
+ * 
+ * @author andyh
+ */
+public class UpdateCapability extends CompositeCapability
+{
+    /**
+     * 
+     * @param nodeRef
+     * @param aspectQName
+     * @param properties
+     * @return
+     */
+    public int evaluate(NodeRef nodeRef, QName aspectQName, Map<QName, Serializable> properties)
+    {
+        if ((aspectQName != null) && (voter.isProtectedAspect(nodeRef, aspectQName)))
+        {
+            return AccessDecisionVoter.ACCESS_DENIED;
+        }
+        
+        if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
+        {
+            return AccessDecisionVoter.ACCESS_DENIED;
+        }
+        
+        return evaluate(nodeRef);
+    }
+}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java
new file mode 100644
index 0000000000..130b12849a
--- /dev/null
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/impl/UpdatePropertiesCapability.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2005-2011 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.module.org_alfresco_module_rm.capability.impl;
+
+import java.io.Serializable;
+import java.util.Map;
+
+import net.sf.acegisecurity.vote.AccessDecisionVoter;
+
+import org.alfresco.module.org_alfresco_module_rm.capability.declarative.CompositeCapability;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.namespace.QName;
+
+/**
+ * Update properties capability
+ * 
+ * @author andyh
+ */
+public class UpdatePropertiesCapability extends CompositeCapability
+{
+   /**
+     * Evaluate capability, taking into account the protected properties.
+     * 
+     * @param nodeRef       node reference
+     * @param properties    updated properties, if no null
+     */
+    public int evaluate(NodeRef nodeRef, Map<QName, Serializable> properties)
+    {
+        if ((properties != null) && (voter.includesProtectedPropertyChange(nodeRef, properties)))
+        {
+            return AccessDecisionVoter.ACCESS_DENIED;
+        }
+        
+        return evaluate(nodeRef);
+    }
+}
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordContainerType.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordContainerType.java
index 747a7647ce..5bd85b7f1e 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordContainerType.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/model/RecordContainerType.java
@@ -186,6 +186,6 @@ public class RecordContainerType implements RecordsManagementModel,
                 }
                 return null;
             }
-        }, AuthenticationUtil.getAdminUserName());
+        }, AuthenticationUtil.getSystemUserName());
     }
 }
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
index b9284eecd8..513bac8102 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/security/RecordsManagementSecurityServiceImpl.java
@@ -354,7 +354,7 @@ public class RecordsManagementSecurityServiceImpl implements RecordsManagementSe
         Set<Capability> result = new HashSet<Capability>(caps.size());
         for (Capability cap : caps)
         {
-            if (cap.isGroupCapability() == false)
+            if (cap.isPrivate() == false)
             {
                 result.add(cap);
             }
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/VitalRecordServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/VitalRecordServiceImpl.java
index 7ab4305c76..ef8935bb87 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/VitalRecordServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/vital/VitalRecordServiceImpl.java
@@ -29,6 +29,8 @@ import org.alfresco.repo.node.NodeServicePolicies;
 import org.alfresco.repo.policy.JavaBehaviour;
 import org.alfresco.repo.policy.PolicyComponent;
 import org.alfresco.repo.policy.Behaviour.NotificationFrequency;
+import org.alfresco.repo.security.authentication.AuthenticationUtil;
+import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.Period;
@@ -122,7 +124,7 @@ public class VitalRecordServiceImpl implements VitalRecordService,
      * @see org.alfresco.repo.node.NodeServicePolicies.OnAddAspectPolicy#onAddAspect(org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.namespace.QName)
      */
     @Override
-    public void onAddAspect(NodeRef nodeRef, QName aspectTypeQName)
+    public void onAddAspect(final NodeRef nodeRef, final QName aspectTypeQName)
     {
         ParameterCheck.mandatory("nodeRef", nodeRef);
         ParameterCheck.mandatory("aspectTypeQName", aspectTypeQName);
@@ -132,27 +134,35 @@ public class VitalRecordServiceImpl implements VitalRecordService,
             onUpdateProperties.disable();
             try
             {
-                // get the immediate parent
-                NodeRef parentRef = nodeService.getPrimaryParent(nodeRef).getParentRef();
-                
-                // is the parent a record category
-                if (parentRef != null && 
-                    FilePlanComponentKind.RECORD_CATEGORY.equals(rmService.getFilePlanComponentKind(parentRef)) == true)
+                AuthenticationUtil.runAs(new RunAsWork<Void>()
                 {
-                    // is the child a record category or folder
-                    FilePlanComponentKind kind = rmService.getFilePlanComponentKind(nodeRef);
-                    if (kind.equals(FilePlanComponentKind.RECORD_CATEGORY) == true ||
-                        kind.equals(FilePlanComponentKind.RECORD_FOLDER) == true)
+                    public Void doWork() throws Exception 
                     {
-                        // set the vital record definition values to match that of the parent
-                        nodeService.setProperty(nodeRef, 
-                                                PROP_VITAL_RECORD_INDICATOR, 
-                                                nodeService.getProperty(parentRef, PROP_VITAL_RECORD_INDICATOR));
-                        nodeService.setProperty(nodeRef, 
-                                                PROP_REVIEW_PERIOD, 
-                                                nodeService.getProperty(parentRef, PROP_REVIEW_PERIOD));
+                        // get the immediate parent
+                        NodeRef parentRef = nodeService.getPrimaryParent(nodeRef).getParentRef();
+                        
+                        // is the parent a record category
+                        if (parentRef != null && 
+                            FilePlanComponentKind.RECORD_CATEGORY.equals(rmService.getFilePlanComponentKind(parentRef)) == true)
+                        {
+                            // is the child a record category or folder
+                            FilePlanComponentKind kind = rmService.getFilePlanComponentKind(nodeRef);
+                            if (kind.equals(FilePlanComponentKind.RECORD_CATEGORY) == true ||
+                                kind.equals(FilePlanComponentKind.RECORD_FOLDER) == true)
+                            {
+                                // set the vital record definition values to match that of the parent
+                                nodeService.setProperty(nodeRef, 
+                                                        PROP_VITAL_RECORD_INDICATOR, 
+                                                        nodeService.getProperty(parentRef, PROP_VITAL_RECORD_INDICATOR));
+                                nodeService.setProperty(nodeRef, 
+                                                        PROP_REVIEW_PERIOD, 
+                                                        nodeService.getProperty(parentRef, PROP_REVIEW_PERIOD));
+                            }
+                        }
+                        
+                        return null;
                     }
-                }
+                }, AuthenticationUtil.getSystemUserName());
             }
             finally
             {
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/CapabilitiesTestSuite.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/CapabilitiesTestSuite.java
index 9be78c443d..a21edd0d7c 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/CapabilitiesTestSuite.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/CapabilitiesTestSuite.java
@@ -23,6 +23,7 @@ import junit.framework.TestSuite;
 
 import org.alfresco.module.org_alfresco_module_rm.test.capabilities.CapabilitiesTest;
 import org.alfresco.module.org_alfresco_module_rm.test.capabilities.DeclarativeCapabilityTest;
+import org.alfresco.module.org_alfresco_module_rm.test.capabilities.CompositeCapabilityTest;
 
 
 /**
@@ -42,6 +43,7 @@ public class CapabilitiesTestSuite extends TestSuite
         TestSuite suite = new TestSuite();
         suite.addTestSuite(CapabilitiesTest.class);
         suite.addTestSuite(DeclarativeCapabilityTest.class);
+        suite.addTestSuite(CompositeCapabilityTest.class);
         return suite;
     }
 }
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
index 3e7419f79e..5ae06de2a9 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
@@ -82,6 +82,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
         // Give all the users file permission objects
         for (String user : testUsers)
         {
+            securityService.setPermission(filePlan, user, FILING);
             securityService.setPermission(rmContainer, user, FILING);
         }                
     }
@@ -424,7 +425,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
 
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(filePlan);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -544,7 +545,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                         .getAdminUserName());
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(filePlan);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -666,7 +667,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                 .setFullyAuthenticatedUser(rmAdminName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(filePlan);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -794,7 +795,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                 .setFullyAuthenticatedUser(recordsManagerName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(filePlan);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -807,7 +808,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         check(access, AUTHORIZE_NOMINATED_TRANSFERS,
                                 AccessStatus.DENIED);
                         check(access, CHANGE_OR_DELETE_REFERENCES,
-                                AccessStatus.UNDETERMINED);
+                                AccessStatus.DENIED);
                         check(access, CLOSE_FOLDERS, AccessStatus.DENIED);
                         check(access, CREATE_AND_ASSOCIATE_SELECTION_LISTS,
                                 AccessStatus.ALLOWED);
@@ -817,7 +818,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         check(access, CREATE_MODIFY_DESTROY_EVENTS,
                                 AccessStatus.ALLOWED);
                         check(access, CREATE_MODIFY_DESTROY_FILEPLAN_METADATA,
-                                AccessStatus.ALLOWED);
+                                AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
                                 AccessStatus.ALLOWED);
                         check(access, CREATE_MODIFY_DESTROY_FOLDERS,
@@ -918,7 +919,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                 .setFullyAuthenticatedUser(securityOfficerName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(filePlan);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -1037,7 +1038,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                 .setFullyAuthenticatedUser(powerUserName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(filePlan);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -1156,7 +1157,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                 .setFullyAuthenticatedUser(rmUserName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(filePlan);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -1276,7 +1277,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
 
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmContainer);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -1399,7 +1400,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                         .getAdminUserName());
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmContainer);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -1521,7 +1522,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                 .setFullyAuthenticatedUser(rmAdminName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmContainer);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -1645,7 +1646,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         // rm_records_manager, FILING, true);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmContainer);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -1769,7 +1770,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         // securityOfficerName, FILING, true);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmContainer);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -1890,7 +1891,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         // powerUserName, FILING, true);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmContainer);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -2011,7 +2012,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         // rmUserName, FILING, true);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmContainer);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -2131,7 +2132,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
 
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmFolder);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.ALLOWED);
@@ -2260,7 +2261,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                         .getAdminUserName());
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmFolder);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.ALLOWED);
@@ -2383,7 +2384,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                 .setFullyAuthenticatedUser(rmAdminName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmFolder);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.ALLOWED);
@@ -2504,7 +2505,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         AuthenticationUtil.setFullyAuthenticatedUser(recordsManagerName);
                         //setFilingOnRecordFolder(rmFolder, recordsManagerName);
                         Map<Capability, AccessStatus> access = securityService.getCapabilities(rmFolder);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.ALLOWED);
@@ -2625,7 +2626,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         AuthenticationUtil.setFullyAuthenticatedUser(securityOfficerName);
                         //setFilingOnRecordFolder(rmFolder, securityOfficerName);
                         Map<Capability, AccessStatus> access = securityService.getCapabilities(rmFolder);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.ALLOWED);
@@ -2743,7 +2744,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         AuthenticationUtil.setFullyAuthenticatedUser(powerUserName);
                         //setFilingOnRecordFolder(rmFolder, powerUserName);
                         Map<Capability, AccessStatus> access = securityService.getCapabilities(rmFolder);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.ALLOWED);
@@ -2863,7 +2864,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         //setFilingOnRecordFolder(rmFolder, rmUserName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(rmFolder);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -2980,7 +2981,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                     {
                         AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.SYSTEM_USER_NAME);
                         Map<Capability, AccessStatus> access = securityService.getCapabilities(record);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -3007,7 +3008,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
                                 AccessStatus.ALLOWED);
                         check(access, CREATE_MODIFY_DESTROY_FOLDERS,
-                                AccessStatus.ALLOWED);
+                                AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
                                 AccessStatus.ALLOWED);
                         check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3104,7 +3105,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                         .getAdminUserName());
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(record);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -3131,7 +3132,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
                                 AccessStatus.ALLOWED);
                         check(access, CREATE_MODIFY_DESTROY_FOLDERS,
-                                AccessStatus.ALLOWED);
+                                AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
                                 AccessStatus.ALLOWED);
                         check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3227,7 +3228,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                                 .setFullyAuthenticatedUser(rmAdminName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(record);
-                        assertEquals(65, access.size());
+                        assertEquals(66, access.size());
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -3254,7 +3255,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
                                 AccessStatus.ALLOWED);
                         check(access, CREATE_MODIFY_DESTROY_FOLDERS,
-                                AccessStatus.ALLOWED);
+                                AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
                                 AccessStatus.ALLOWED);
                         check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3351,7 +3352,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                       //  setFilingOnRecord(record, recordsManagerName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(record);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.ALLOWED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -3378,7 +3379,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
                                 AccessStatus.ALLOWED);
                         check(access, CREATE_MODIFY_DESTROY_FOLDERS,
-                                AccessStatus.ALLOWED);
+                                AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
                                 AccessStatus.ALLOWED);
                         check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3475,7 +3476,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                    //     setFilingOnRecord(record, securityOfficerName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(record);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -3502,7 +3503,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
                                 AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_FOLDERS,
-                                AccessStatus.ALLOWED);
+                                AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
                                 AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3597,7 +3598,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                  //       setFilingOnRecord(record, powerUserName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(record);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
@@ -3624,7 +3625,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         check(access, CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
                                 AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_FOLDERS,
-                                AccessStatus.ALLOWED);
+                                AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_RECORD_TYPES,
                                 AccessStatus.DENIED);
                         check(access, CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
@@ -3718,7 +3719,7 @@ public class CapabilitiesTest extends BaseRMTestCase implements
                         // setFilingOnRecord(record, rmUserName);
                         Map<Capability, AccessStatus> access = securityService
                                 .getCapabilities(record);
-                        assertEquals(65, access.size()); // 58 + File
+                        assertEquals(66, access.size()); // 58 + File
                         check(access, ACCESS_AUDIT, AccessStatus.DENIED);
                         check(access, ADD_MODIFY_EVENT_DATES,
                                 AccessStatus.DENIED);
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CompositeCapabilityTest.java
similarity index 96%
rename from rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java
rename to rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CompositeCapabilityTest.java
index 10ac2abccd..cbdbe5439c 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/GroupCapabilityTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CompositeCapabilityTest.java
@@ -31,7 +31,7 @@ import org.alfresco.service.cmr.security.AccessStatus;
  * 
  * @author Roy Wetherall
  */
-public class GroupCapabilityTest extends BaseRMTestCase
+public class CompositeCapabilityTest extends BaseRMTestCase
 {
     private NodeRef record;
     private NodeRef declaredRecord;
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
index f20582d61a..f764510b43 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/DeclarativeCapabilityTest.java
@@ -51,6 +51,8 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
     private NodeRef frozenRecord2;
     private NodeRef frozenRecordFolder;
     
+    private NodeRef closedFolder;
+    
     @Override
     protected boolean isUserTest()
     {
@@ -66,9 +68,9 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
         record = utils.createRecord(rmFolder, "record.txt");
         declaredRecord = utils.createRecord(rmFolder, "declaredRecord.txt");
         
-     
-        // Open folder
         // Closed folder
+        closedFolder = rmService.createRecordFolder(rmContainer, "closedFolder");
+        utils.closeFolder(closedFolder);
 
         recordFolderContainsFrozen = rmService.createRecordFolder(rmContainer, "containsFrozen");
         frozenRecord = utils.createRecord(rmFolder, "frozenRecord.txt");
@@ -130,7 +132,7 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
         for (Capability capability : capabilities)
         {
             if (capability instanceof DeclarativeCapability && 
-                capability.isGroupCapability() == false &&
+                capability.isPrivate() == false &&
                 capability.getName().equals("MoveRecords") == false &&
                 capability.getName().equals("DeleteLinks") == false &&
                 capability.getName().equals("ChangeOrDeleteReferences") == false &&
@@ -237,4 +239,48 @@ public class DeclarativeCapabilityTest extends BaseRMTestCase
         
         return result;
     }
+    
+    /** Specific declarative capability tests */
+    
+    public void testFileCapability()
+    {
+        final Capability capability = capabilityService.getCapability("File");
+        assertNotNull(capability);
+        
+        doTestInTransaction(new Test<Void>()
+        {
+            @Override
+            public Void run()
+            {
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
+                assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder)); 
+                assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record));
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder)); 
+                
+                return null;
+            }
+        }, recordsManagerName);
+        
+        doTestInTransaction(new Test<Void>()
+        {
+            @Override
+            public Void run()
+            {
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(rmContainer));
+                assertEquals(AccessStatus.ALLOWED, capability.hasPermission(rmFolder));
+                assertEquals(AccessStatus.ALLOWED, capability.hasPermission(record));
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(declaredRecord));
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecordFolder));
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(recordFolderContainsFrozen));
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(frozenRecord));
+                assertEquals(AccessStatus.DENIED, capability.hasPermission(closedFolder)); 
+                
+                return null;
+            }
+        }, rmUserName);
+    }
 }
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/CommonRMTestUtils.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/CommonRMTestUtils.java
index e146b08575..202fed6b36 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/CommonRMTestUtils.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/util/CommonRMTestUtils.java
@@ -169,6 +169,19 @@ public class CommonRMTestUtils implements RecordsManagementModel
         
 	}
     
+    public void closeFolder(final NodeRef recordFolder)
+    {
+        AuthenticationUtil.runAs(new RunAsWork<Void>()
+        {
+            @Override
+            public Void doWork() throws Exception
+            {
+                actionService.executeRecordsManagementAction(recordFolder, "closeRecordFolder");            
+                return null;
+            }
+        }, AuthenticationUtil.getAdminUserName());
+    }
+    
     public void freeze(final NodeRef nodeRef)
     {
         AuthenticationUtil.runAs(new RunAsWork<Void>()