From 1bf5fb2b736c4d023d40c2c5d2d85eb9b47dd8c3 Mon Sep 17 00:00:00 2001
From: Alan Davis <alan.davis@alfresco.com>
Date: Fri, 30 Oct 2015 00:09:37 +0000
Subject: [PATCH] Merged 5.1-MNT1 (5.1.0) to HEAD (5.1)    115426 adavis:
 ACE-4520: Merged 5.1.N (5.1.1) to 5.1-MNT1 (5.1.0)       << All the MNT-13871
 commits at the end of phase 2 testing of 4.2.5 >>       111899: Merged 5.0.N
 (5.0.3) to 5.1.N (5.1.0) (PARTIAL MERGE)          111834: Merged V4.2-BUG-FIX
 (4.2.6) to 5.0.N (5.0.3)             111589: Merged V4.1-BUG-FIX (4.1.11) to
 V4.2-BUG-FIX (4.2.6)                111531: MNT-13871: Count authorised users
 as those who've logged in, not total # of person objects                   - 
 Added small changes required for compilation of authorization module.,      
 111901: Merged 5.0.N (5.0.3) to 5.1.N (5.1.0) (PARTIAL MERGE)         
 111836: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)             111765:
 Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)                111600: Merged
 V4.1-BUG-FIX (4.1.11) to PATCHES/V4.2.5 (4.2.5)                   MNT-13871 :
 Count authorised users as those who've logged in, not total # of person
 objects                      - Extra changes that are required to make
 authorization module build green.,       112553: Merged 5.0.N (5.0.3) to
 5.1.N (5.1.1)          112540: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)  
           112447: MNT-13871: Count authorised users as those who've logged
 in, not total # of person objects                - Added configuration
 required to compile authorised-users module.,       113101: Merged 5.0.N
 (5.0.3) to 5.1.N (5.1.1)          112930: Merged V4.2-BUG-FIX (4.2.6) to
 5.0.N (5.0.3)             112707 adavis: Merged V4.2.5 (4.2.5) to
 V4.2-BUG-FIX (4.2.6)                112677 dvaserin: MNT-14780 (MNT-13871):
 Licence Error message when in overage                 - Place overage buffer
 information into License MBean and use it in admin license ftl.              
  112634 adavis: MNT-13871: Merged DEV (V4.2.5-MNT-13871-LATEST) to V4.2.5
 (4.2.5)                   111550: Merged DEV (4.1.11) to DEV (4.2.5)         
             MNT-13871 : Count authorised users as those who've logged in, not
 total # of person objects                         - Merged all made changes
 in core alfresco projects as single commit to fresh dev branch forked from
 V4.1-BUG-FIX.                      MNT-13871 : Count authorised users as
 those who've logged in, not total # of person objects                        
 - added try/finally approach to reset show delete users flag to default
 value.,                   111574: MNT-13871: Count authorised users as those
 who've logged in, not total # of person objects                      - Added
 V4.2.5 specific changes.,                   111582: MNT-13871: Count
 authorised users as those who've logged in, not total # of person objects    
                  - Updated the jar to correspond with the latest changes in
 authorised-users/4.2,                   111751: MNT-13871: Count authorised
 users as those who've logged in, not total # of person objects               
       - Removed unnecessary configuration.,                   111752: Merged
 DEV (V4.1.11) to DEV (V4.2.5)                      111632: MNT-13871 : Count
 authorised users as those who've logged in, not total # of person objects    
                     - Fixed unit tests for build plan:
 https://bamboo.alfresco.com/bamboo/browse/DEV-ENT414-1,                  
 111753: Merged DEV (4.1.11) to DEV (V4.2.5)                      111719:
 MNT-13871 : Count authorised users as those who've logged in, not total # of
 person objects                         - Updated authorization related icons
 with ones provided by Mark Howarth.                         - Information
 message in Deauthorize Dialog was changed to the on provided by Mark
 Howarth.,                   111754: MNT-13871 : Count authorised users as
 those who've logged in, not total # of person objects                      -
 Updated to the latest authorised-users lib.,                   111761:
 MNT-13871: Count authorised users as those who've logged in, not total # of
 person objects                      - Fix for the SchemaReferenceFileTest.,  
                 111800: MNT-13871: Count authorised users as those who've
 logged in, not total # of person objects                      - Modified the
 test to create a tenant in a retrying transaction to solve the
 DataIntegrityViolationException.,                   111801: Megred DEV
 (4.1.11) to DEV (4.2.5)                      111795: MNT-13871 : Count
 authorised users as those who've logged in, not total # of person objects    
                     - Updated Deleted column to display text instead of tick
 icon.                         - Added name for actions column.,              
     111813: MNT-13871: Count authorised users as those who've logged in, not
 total # of person objects                      - Updated to the latest
 authorisation jar to fix the Scema Reference test.,                   112020:
 MNT-14775: De-authorisation pop-up has similar title to first line of text   
                  - Remove the duplicated text from the pop-up body           
          - Updated link to point the 4.2 documentation,                  
 112134: MNT-14763: [UserAuth] New entries are added in the authorization
 table for each different username case                    - Update
 authorization jar,                   112144: MNT-13871: Optimized strings in
 users.get.properties,                   112184: MNT-14762 : [UserAuth]Users
 from the ALFRESCO_ADMINISTRATORS LDAP group are not pre-authorized           
           - Updated authorized-users jar with fix for ldap administrators
 pre-authorization.,                   112196: MNT-14729 : [UserAuth] The
 column header for the Deauthorize and Reauthorize button should have a name  
                    - Updated name for re/de-authorize actions column.,       
            112202: MNT-14763: [UserAuth] New entries are added in the
 authorization table for each different username case                    - Add
 new authorization jar to fix null errors,                   112203:
 MNT-14779: System behaviour when system set read only due to licence
 exception                    - Force read-write transaction for LoginPost
 script.,                   112225: MNT-14763: [UserAuth] New entries are
 added in the authorization table for each different username case            
        - Add new authorization jar after unit test fixing.,                  
 112226: MNT-14740 : [UserAuth] The message for the failed re authorization is
 not displayed onIE                      - Code for reloading page was wrapped
 with YAHOO.lang.later() function.,                   112247: MNT-14747 :
 [UserAuth]The Autorization State isn't change when the user logs via FTP.    
                  - Updated authorization jar with fix for kerberos unit
 test.,                   112259: MNT-14776: Heading banner text when using
 all allowed authorised users.                      - Changed the message.    
                  - Updated the authorised-users jar.,                  
 112269: MNT-13871: Count authorised users as those who've logged in, not
 total # of person objects                    - Wrap methods that uses
 'authenticationComponent.setCurrentUser' into RetryingTransaction for
 retrying on DataIntegrityViolationException.,                   112285:
 MNT-14747 : [UserAuth]The Autorization State isn't change when the user logs
 via FTP.                      - Updated version for authorized-users jar.,   
                112388: MNT-14809: [UserAuth] On a cluster setup after running
 the hourly job only one node goes into R/O mode                      -
 Updated the authorised-users.jar,                   112439: MNT-14815 : Wrong
 documentation link used in the deauthorize message window                    
  - Corrected link to documentation.,                   112445: MNT-14818 :
 [UserAuth] Missing quotation mark in the user reauthorization window message 
                     - Corrected message for reauthorization dialog.,         
          112450: MNT-14802: [UserAuth] License warning message displayed for
 all the users                      - Updated the authorised-users jar.,      
             112454: MNT-14780: Licence Error message when in overage         
           - Make license warn messages on admin console the same as banner
 warn messages.,                   112471: MNT-14773 : Sort state not
 persisted after authorisation action                      - Sorting/paging
 state is now persists in sessionStorage.,                   112478: MNT-14773
 : Sort state not persisted after authorisation action                      -
 Corrected previous fix.,                   112483: MNT-14814: [UserAuth]
 System goes into R/O mode after running the hourly job                      -
 Updated the authorised-users jar to the latest version.,                  
 112512: MNT-14833: [UserAuth] User cannot login on both nodes (cluster env.) 
                   - Update authorization jar.,                   112556:
 MNT-14787: [UserAuth] Login via NFS works when the license limit exceed      
                - Modified the exception handling of setCurrentUser method.
 Now all the exceptions are rethrown.,                   112570: MNT-14838:
 Correct the Max Users string in the Admin Console License Screen             
         - Corrected the string, remove the incorrect translations from the
 bundle.,                   112572: REVERSE MERGED  <<code is not worth to
 implement>>                      112471 : MNT-14773 : Sort state not
 persisted after authorisation action                         - Sorting/paging
 state is now persists in sessionStorage.                      112478 :
 MNT-14773 : Sort state not persisted after authorisation action              
           - Corrected previous fix. ,                   112610: MNT-14837 :
 Report license overage to the log files on authorization/deauthorization of
 users                      - Updated users authorization jar file.,          
         112627: MNT-14839: [UserAuth]Alfresco goes in read -only after
 reauthorize a user from LDAP ALFESCO_ADMINISTRATORS group                    
  - Updated the authorised-users jar to the latest version.          Merged
 DEV (V5.0.2-MNT-13871) to 5.0.N (5.0.3)             111954: MNT-13871: Count
 authorised users as those who've logged in, not total # of person objects    
            - Removed context reference to authorization.,             112003:
 MNT-13871: Count authorised users as those who've logged in, not total # of
 person objects                -  Added copying of sources and configuration
 from authorised-users to the output directory during build.,            
 112014: MNT-13871: Count authorised users as those who've logged in, not
 total # of person objects                - Modified the build configuration
 to unpack the resources to the test folders.,             112027: MNT-13871:
 Count authorised users as those who've logged in, not total # of person
 objects                - Added unpacking of authorisation resources to
 repoitory-crypto project.,             112067: MNT-13871: Count authorised
 users as those who've logged in, not total # of person objects               
 - Removed unpacking of resources, changed the context imports to point to
 authorization.,          112952: Merged DEV (V5.0.2-MNT-13871) to 5.0.N
 (5.0.3)             111887: MNT-13871: Count authorised users as those who've
 logged in, not total # of person objects                - Corrected the
 authorised-users version to correspond to 5.0.,          113060: Merged
 V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)             113059 adavis: Merged
 V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)                113058 adavis:
 MNT-13871: Count authorised users as those who've logged in, not total # of
 person objects                   - Version dependency for
 alfresco-authorised-users moved to top level pom,       113103: Merged 5.0.N
 (5.0.3) to 5.1.N (5.1.1)          113036 adavis: Merged V4.2-BUG-FIX (4.2.6)
 to 5.0.N (5.0.3)             113030 adavis: Merged V4.2.5 (4.2.5) to
 V4.2-BUG-FIX (4.2.6)                113019 amukha: MNT-14862 MNT-13871:
 [UserAuth] Login via FTP works when the license limit exceed                 
  - Corrected the AlfrescoFtpAuthenticator to rollback teh transaction if an
 exception was thrown.,       113215: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1)   
       113213 adavis: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3) (PARTIAL
 MERGE)             113209 adavis: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX
 (4.2.6)                113124: MNT-13871: MNT-14875: The table creation code
 for authorised-user (MNT-13871) need to be moved back into the main Alfresco
 code base                   - Added the scripts to the main code base.       
            - Updated the authorised-users.jar,                113203:
 MNT-13871: MNT-14875: The table creation code for authorised-user (MNT-13871)
 need to be moved back into the main Alfresco code base                   -
 Moved the patch to the main code.                   - Updated the
 authorised-users.jar                113128: MNT-14867 (MNT-13871) :
 [UserAuth] License user limit exceeded by adding users to
 ALFRESCO_ADMINISTRATORS LDAP group                   - Updated
 auhtorised-users jar.,,       113246: MNT-13871 : Count authorised users as
 those who've logged in, not total # of person objects          - Try to fix
 one of the two build errors on 5.1.N as a result of r113101,       113578:
 MNT-14901 MNT-13871: 4.2.5 User Auth code merged to 5.1.N caused 2 build
 failures          - Fixed the test SiteServiceImplTest.testGroupMembership , 
      113647: MNT-14901 MNT-13871: 4.2.5 User Auth code merged to 5.1.N caused
 2 build failures          - Fixed the test
 SiteServiceImplTest.testListSiteMemberships that failed after
 testGroupMembership was fixed, but didn't delete the created site.,      
 113935: MNT-13871: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1) (PARTIAL MERGE)     
     113924 adavis: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)            
 113914 adavis: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)               
 113903 gbroadbent: GERMAN: Updated bundle based on EN-rev112938,      
 113936: MNT-13871: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1) (PARTIAL MERGE)     
     113925 adavis: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)            
 113915 adavis: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)               
 113904 gbroadbent: SPANISH: Updated bundle based on EN-rev112938,      
 113937: MNT-13871: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1) (PARTIAL MERGE)     
     113926 adavis: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)            
 113916 adavis: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)               
 113905 gbroadbent: FRENCH: Updated bundle based on EN-rev112938,      
 113939: MNT-13871: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1) (PARTIAL MERGE)     
     113927 adavis: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)            
 113917 adavis: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)               
 113906 gbroadbent: ITALIAN: Updated bundle based on EN-rev112938,      
 113940: MNT-13871: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1) (PARTIAL MERGE)     
     113928 adavis: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)            
 113918 adavis: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)               
 113907 gbroadbent: JAPANESE: Updated bundle based on EN-rev112938,      
 113941: MNT-13871: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1) (PARTIAL MERGE)     
     113929 adavis: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)            
 113919 adavis: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)               
 113908 gbroadbent: NORWEGIAN Bokmal: Updated bundle based on EN-rev112938,   
    113942: MNT-13871: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1) (PARTIAL MERGE)  
        113930 adavis: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)           
  113920 adavis: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)               
 113909 gbroadbent: DUCTH: Updated bundle based on EN-rev112938,       113943:
 MNT-13871: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1) (PARTIAL MERGE)         
 113931 adavis: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)            
 113921 adavis: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)               
 113910 gbroadbent: BRAZILIAN PORTUGUESE: Updated bundle based on
 EN-rev112938,       113944: MNT-13871: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1)
 (PARTIAL MERGE)          113932 adavis: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N
 (5.0.3)             113922 adavis: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX
 (4.2.6)                113911 gbroadbent: SIMPLIFIED Chinese: Updated bundle
 based on EN-rev112938,       113945: MNT-13871: Merged 5.0.N (5.0.3) to 5.1.N
 (5.1.1) (PARTIAL MERGE)          113933 adavis: Merged V4.2-BUG-FIX (4.2.6)
 to 5.0.N (5.0.3)             113923 adavis: Merged V4.2.5 (4.2.5) to
 V4.2-BUG-FIX (4.2.6)                113912 gbroadbent: RUSSIAN: Updated
 bundle based on EN-rev112938,       114046: MNT-14901 MNT-13871: 4.2.5 User
 Auth code merged to 5.1.N caused 2 build failures          - Removed the
 hardcoded value in the test.,       114589: Merged 5.0.N (5.0.3) to 5.1.N
 (5.1.1)          114485 amorarasu: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N
 (5.0.3)             114335 amukha: Merged V4.1-BUG-FIX (4.1.11) to
 V4.2-BUG-FIX (4.2.6)                114334 amukha: MNT-14984 MNT-13871:
 Modification to the User Authentication Warning wording.                   -
 Changed the warning message.,       114828: Merged 5.0.N (5.0.3) to 5.1.N
 (5.1.1)          114749 rmunteanu: Merged V4.2-BUG-FIX (4.2.6) to 5.0.N
 (5.0.3)             114703 amorarasu: Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX
 (4.2.6)                114574 gbroadbent: GERMAN: Updated file based on
 EN-rev114472. Fix for MNT-14984 MNT-13871,       114829: Merged 5.0.N (5.0.3)
 to 5.1.N (5.1.1)          114750 rmunteanu: Merged V4.2-BUG-FIX (4.2.6) to
 5.0.N (5.0.3)             114704 amorarasu: Merged V4.2.5 (4.2.5) to
 V4.2-BUG-FIX (4.2.6)                114575 gbroadbent: SPANISH: Updated file
 based on EN-rev114472. Fix for MNT-14984 MNT-13871,       114830: Merged
 5.0.N (5.0.3) to 5.1.N (5.1.1)          114751 rmunteanu: Merged V4.2-BUG-FIX
 (4.2.6) to 5.0.N (5.0.3)             114705 amorarasu: Merged V4.2.5 (4.2.5)
 to V4.2-BUG-FIX (4.2.6)                114576 gbroadbent: FRENCH: Updated
 file based on EN-rev114472. Fix for MNT-14984 MNT-13871,       114831: Merged
 5.0.N (5.0.3) to 5.1.N (5.1.1)          114752 rmunteanu: Merged V4.2-BUG-FIX
 (4.2.6) to 5.0.N (5.0.3)             114706 amorarasu: Merged V4.2.5 (4.2.5)
 to V4.2-BUG-FIX (4.2.6)                114577 gbroadbent: ITALIAN: Updated
 file based on EN-rev114472. Fix for MNT-14984 MNT-13871,       114832: Merged
 5.0.N (5.0.3) to 5.1.N (5.1.1)          114753 rmunteanu: Merged V4.2-BUG-FIX
 (4.2.6) to 5.0.N (5.0.3)             114708 amorarasu: Merged V4.2.5 (4.2.5)
 to V4.2-BUG-FIX (4.2.6)                114578 gbroadbent: JAPANESE: Updated
 file based on EN-rev114472. Fix for MNT-14984 MNT-13871,       114833: Merged
 5.0.N (5.0.3) to 5.1.N (5.1.1)          114754 rmunteanu: Merged V4.2-BUG-FIX
 (4.2.6) to 5.0.N (5.0.3)             114709 amorarasu: Merged V4.2.5 (4.2.5)
 to V4.2-BUG-FIX (4.2.6)                114579 gbroadbent: DUTCH: Updated file
 based on EN-rev114472. Fix for MNT-14984 MNT-13871,       114834: Merged
 5.0.N (5.0.3) to 5.1.N (5.1.1)          114755 rmunteanu: Merged V4.2-BUG-FIX
 (4.2.6) to 5.0.N (5.0.3)             114710 amorarasu: Merged V4.2.5 (4.2.5)
 to V4.2-BUG-FIX (4.2.6)                114580 gbroadbent: RUSSIAN: Updated
 file based on EN-rev114472. Fix for MNT-14984 MNT-13871,       114835: Merged
 5.0.N (5.0.3) to 5.1.N (5.1.1)          114756 rmunteanu: Merged V4.2-BUG-FIX
 (4.2.6) to 5.0.N (5.0.3)             114711 amorarasu: Merged V4.2.5 (4.2.5)
 to V4.2-BUG-FIX (4.2.6)                114593 gbroadbent: SIMP CHINESE:
 Updated file based on EN-rev114472. Fix for MNT-14984 MNT-13871,      
 114836: Merged 5.0.N (5.0.3) to 5.1.N (5.1.1)          114757 rmunteanu:
 Merged V4.2-BUG-FIX (4.2.6) to 5.0.N (5.0.3)             114712 amorarasu:
 Merged V4.2.5 (4.2.5) to V4.2-BUG-FIX (4.2.6)                114594
 gbroadbent: NORWEGIAN Bokmal: Updated file based on EN-rev114472. Fix for
 MNT-14984 MNT-13871

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@115664 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 config/alfresco/application-context-core.xml  |    3 +
 config/alfresco/core-services-context.xml     |    1 +
 .../AlfrescoCreate-AuthorizationTables.sql    |   34 +
 .../Schema-Reference-ALF.xml                  |   58 +
 .../AlfrescoCreate-AuthorizationTables.sql    |   35 +
 .../Schema-Reference-ALF.xml                  |   59 +
 .../alfresco/dbscripts/db-schema-context.xml  |    2 +
 config/alfresco/encryption-context.xml        |    5 +
 .../messages/content-model_de.properties      |    4 +-
 .../messages/content-model_it.properties      |  106 +-
 .../messages/content-model_ja.properties      |    8 +-
 .../messages/content-model_nl.properties      |    2 +-
 .../messages/content-model_ru.properties      |    6 +-
 .../messages/system-messages.properties       |    1 +
 .../messages/system-messages_de.properties    |    1 +
 .../messages/system-messages_es.properties    |    1 +
 .../messages/system-messages_fr.properties    |    5 +-
 .../messages/system-messages_it.properties    |   13 +-
 .../messages/system-messages_ja.properties    |   13 +-
 .../messages/system-messages_nb.properties    |    7 +-
 .../messages/system-messages_nl.properties    |    1 +
 .../messages/system-messages_pt_BR.properties |   11 +-
 .../messages/system-messages_ru.properties    |    1 +
 .../messages/system-messages_zh_CN.properties |    3 +-
 config/alfresco/minimal-context.xml           |    2 +-
 config/alfresco/model/systemModel.xml         |    4 +
 .../alfresco/patch/patch-services-context.xml |   11 +
 config/alfresco/version.properties            |    2 +-
 .../auth/ftp/AlfrescoFtpAuthenticator.java    |   42 +-
 .../auth/nfs/AlfrescoRpcAuthenticator.java    |    1 +
 .../org/alfresco/repo/jscript/People.java     |   54 +-
 .../security/person/PersonServiceImpl.java    |   94 +-
 .../repo/site/SiteServiceImplTest.java        | 1575 ++++++++++-------
 .../repo/tenant/MultiTServiceImplTest.java    |  320 +++-
 .../repo/usage/RepoUsageComponentTest.java    |   16 +-
 35 files changed, 1525 insertions(+), 976 deletions(-)
 create mode 100644 config/alfresco/dbscripts/create/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoCreate-AuthorizationTables.sql
 create mode 100644 config/alfresco/dbscripts/create/org.hibernate.dialect.PostgreSQLDialect/AlfrescoCreate-AuthorizationTables.sql

diff --git a/config/alfresco/application-context-core.xml b/config/alfresco/application-context-core.xml
index ec272e3af7..fc0670ff70 100644
--- a/config/alfresco/application-context-core.xml
+++ b/config/alfresco/application-context-core.xml
@@ -49,4 +49,7 @@
     <import resource="classpath:alfresco/invitation-service-context.xml"/>
     <import resource="classpath:alfresco/webdav-context.xml"/>
     <import resource="classpath*:alfresco/patch/*-context.xml" />
+    <import resource="classpath*:alfresco/dbscripts/*-context.xml" />
+    <import resource="classpath*:alfresco/enterprise/authorization-context.xml" />
+    <import resource="classpath*:alfresco/enterprise/enterprise-usage-services-context.xml" />
 </beans>
diff --git a/config/alfresco/core-services-context.xml b/config/alfresco/core-services-context.xml
index c473dee35c..2ad28025b9 100644
--- a/config/alfresco/core-services-context.xml
+++ b/config/alfresco/core-services-context.xml
@@ -28,6 +28,7 @@
                 <value>classpath:alfresco/caches.properties</value>
                 <!-- Enterprise defaults -->
                 <!--  Overrides supplied if this is an enterprise install (none exist for community) -->
+                <value>classpath*:alfresco/enterprise/caches.properties</value>
                 <value>classpath*:alfresco/enterprise/repository.properties</value>
                 <!-- <value>classpath:alfresco/jndi.properties</value> -->
                 <!--  Overrides supplied by modules -->
diff --git a/config/alfresco/dbscripts/create/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoCreate-AuthorizationTables.sql b/config/alfresco/dbscripts/create/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoCreate-AuthorizationTables.sql
new file mode 100644
index 0000000000..b5f30b485f
--- /dev/null
+++ b/config/alfresco/dbscripts/create/org.hibernate.dialect.MySQLInnoDBDialect/AlfrescoCreate-AuthorizationTables.sql
@@ -0,0 +1,34 @@
+--
+-- Title:      Create Authorization Status
+-- Database:   MySQL InnoDB
+-- Since:      V4.1.11 Schema 5156
+-- Author:     Pavel Yurkevich
+--
+-- Please contact support@alfresco.com if you need assistance with the upgrade.
+--
+
+CREATE TABLE alf_auth_status
+(
+   id BIGINT NOT NULL AUTO_INCREMENT,
+   username VARCHAR(100) NOT NULL,
+   deleted BIT NOT NULL,
+   authorized BIT NOT NULL,
+   checksum BLOB NOT NULL,
+   authaction VARCHAR(10) NOT NULL,
+   UNIQUE INDEX idx_alf_auth_usr_stat (username, authorized),
+   INDEX idx_alf_auth_action (authaction),
+   INDEX idx_alf_auth_deleted (deleted),
+   PRIMARY KEY (id)
+) ENGINE=InnoDB;
+
+--
+-- Record script finish
+--
+DELETE FROM alf_applied_patch WHERE id = 'patch.db-V4.1-AuthorizationTables';
+INSERT INTO alf_applied_patch
+  (id, description, fixes_from_schema, fixes_to_schema, applied_to_schema, target_schema, applied_on_date, applied_to_server, was_executed, succeeded, report)
+  VALUES
+  (
+    'patch.db-V4.1-AuthorizationTables', 'Manually executed script upgrade V4.1: Authorization status tables',
+    0, 6075, -1, 6076, null, 'UNKNOWN', ${TRUE}, ${TRUE}, 'Script completed'
+  );
diff --git a/config/alfresco/dbscripts/create/org.hibernate.dialect.MySQLInnoDBDialect/Schema-Reference-ALF.xml b/config/alfresco/dbscripts/create/org.hibernate.dialect.MySQLInnoDBDialect/Schema-Reference-ALF.xml
index 173c35eeae..fb3afd9d32 100644
--- a/config/alfresco/dbscripts/create/org.hibernate.dialect.MySQLInnoDBDialect/Schema-Reference-ALF.xml
+++ b/config/alfresco/dbscripts/create/org.hibernate.dialect.MySQLInnoDBDialect/Schema-Reference-ALF.xml
@@ -765,6 +765,64 @@
         </index>
       </indexes>
     </table>
+    <table name="alf_auth_status">
+      <columns>
+        <column name="id" order="1">
+          <type>bigint</type>
+          <nullable>false</nullable>
+          <autoincrement>true</autoincrement>
+        </column>
+        <column name="username" order="2">
+          <type>varchar(100)</type>
+          <nullable>false</nullable>
+          <autoincrement>false</autoincrement>
+        </column>
+        <column name="deleted" order="3">
+          <type>bit</type>
+          <nullable>false</nullable>
+          <autoincrement>false</autoincrement>
+        </column>
+        <column name="authorized" order="4">
+          <type>bit</type>
+          <nullable>false</nullable>
+          <autoincrement>false</autoincrement>
+        </column>
+        <column name="checksum" order="5">
+          <type>blob</type>
+          <nullable>false</nullable>
+          <autoincrement>false</autoincrement>
+        </column>
+        <column name="authaction" order="6">
+          <type>varchar(10)</type>
+          <nullable>false</nullable>
+          <autoincrement>false</autoincrement>
+        </column>
+      </columns>
+      <primarykey name="PRIMARY">
+        <columnnames>
+          <columnname order="1">id</columnname>
+        </columnnames>
+      </primarykey>
+      <foreignkeys/>
+      <indexes>
+        <index name="idx_alf_auth_usr_stat" unique="true">
+          <columnnames>
+            <columnname>username</columnname>
+            <columnname>authorized</columnname>
+          </columnnames>
+        </index>
+        <index name="idx_alf_auth_deleted" unique="false">
+          <columnnames>
+            <columnname>deleted</columnname>
+          </columnnames>
+        </index>
+        <index name="idx_alf_auth_action" unique="false">
+          <columnnames>
+            <columnname>authaction</columnname>
+          </columnnames>
+        </index>
+      </indexes>
+    </table>
     <table name="alf_authority">
       <columns>
         <column name="id" order="1">
diff --git a/config/alfresco/dbscripts/create/org.hibernate.dialect.PostgreSQLDialect/AlfrescoCreate-AuthorizationTables.sql b/config/alfresco/dbscripts/create/org.hibernate.dialect.PostgreSQLDialect/AlfrescoCreate-AuthorizationTables.sql
new file mode 100644
index 0000000000..f7bdfc32e3
--- /dev/null
+++ b/config/alfresco/dbscripts/create/org.hibernate.dialect.PostgreSQLDialect/AlfrescoCreate-AuthorizationTables.sql
@@ -0,0 +1,35 @@
+--
+-- Title:      Create Authorization Status
+-- Database:   PostgreSQL
+-- Since:      V4.1.11 Schema 5156
+-- Author:     Alex Mukha
+--
+-- Please contact support@alfresco.com if you need assistance with the upgrade.
+--
+
+CREATE SEQUENCE alf_auth_status_seq START WITH 1 INCREMENT BY 1;
+CREATE TABLE alf_auth_status
+(
+    id INT8 NOT NULL,
+    username VARCHAR(100) NOT NULL,
+    deleted BOOL NOT NULL,
+    authorized BOOL NOT NULL,
+    checksum BYTEA NOT NULL,
+    authaction VARCHAR(10) NOT NULL,
+    PRIMARY KEY (id)
+);
+CREATE UNIQUE INDEX idx_alf_auth_usr_stat ON alf_auth_status (username, authorized);
+CREATE INDEX idx_alf_auth_deleted ON alf_auth_status (deleted);
+CREATE INDEX idx_alf_auth_action ON alf_auth_status (authaction);
+
+--
+-- Record script finish
+--
+DELETE FROM alf_applied_patch WHERE id = 'patch.db-V4.1-AuthorizationTables';
+INSERT INTO alf_applied_patch
+  (id, description, fixes_from_schema, fixes_to_schema, applied_to_schema, target_schema, applied_on_date, applied_to_server, was_executed, succeeded, report)
+  VALUES
+  (
+    'patch.db-V4.1-AuthorizationTables', 'Manually executed script upgrade V4.1: Authorization status tables',
+    0, 6075, -1, 6076, null, 'UNKNOWN', ${TRUE}, ${TRUE}, 'Script completed'
+  );
diff --git a/config/alfresco/dbscripts/create/org.hibernate.dialect.PostgreSQLDialect/Schema-Reference-ALF.xml b/config/alfresco/dbscripts/create/org.hibernate.dialect.PostgreSQLDialect/Schema-Reference-ALF.xml
index 4815ec0896..d97bce18d7 100644
--- a/config/alfresco/dbscripts/create/org.hibernate.dialect.PostgreSQLDialect/Schema-Reference-ALF.xml
+++ b/config/alfresco/dbscripts/create/org.hibernate.dialect.PostgreSQLDialect/Schema-Reference-ALF.xml
@@ -22,6 +22,7 @@
     <sequence name="alf_audit_model_seq"/>
     <sequence name="alf_authority_alias_seq"/>
     <sequence name="alf_authority_seq"/>
+    <sequence name="alf_auth_status_seq"/>
     <sequence name="alf_child_assoc_seq"/>
     <sequence name="alf_content_data_seq"/>
     <sequence name="alf_content_url_seq"/>
@@ -905,6 +906,64 @@
         </index>
       </indexes>
     </table>
+  <table name="alf_auth_status">
+    <columns>
+      <column name="id" order="1">
+        <type>int8</type>
+        <nullable>false</nullable>
+        <autoincrement>false</autoincrement>
+      </column>
+      <column name="username" order="2">
+        <type>varchar(100)</type>
+        <nullable>false</nullable>
+        <autoincrement>false</autoincrement>
+      </column>
+      <column name="deleted" order="3">
+        <type>bool</type>
+        <nullable>false</nullable>
+        <autoincrement>false</autoincrement>
+      </column>
+      <column name="authorized" order="4">
+        <type>bool</type>
+        <nullable>false</nullable>
+        <autoincrement>false</autoincrement>
+      </column>
+      <column name="checksum" order="5">
+        <type>bytea</type>
+        <nullable>false</nullable>
+        <autoincrement>false</autoincrement>
+      </column>
+      <column name="authaction" order="6">
+        <type>varchar(10)</type>
+        <nullable>false</nullable>
+        <autoincrement>false</autoincrement>
+      </column>
+    </columns>
+    <primarykey name="alf_auth_status_pkey">
+      <columnnames>
+        <columnname order="1">id</columnname>
+      </columnnames>
+    </primarykey>
+    <indexes>
+        <index name="idx_alf_auth_usr_stat" unique="true">
+          <columnnames>
+            <columnname>username</columnname>
+            <columnname>authorized</columnname>
+          </columnnames>
+        </index>
+        <index name="idx_alf_auth_deleted" unique="false">
+          <columnnames>
+             <columnname>deleted</columnname>
+          </columnnames>
+        </index>
+        <index name="idx_alf_auth_action" unique="false">
+          <columnnames>
+            <columnname>authaction</columnname>
+          </columnnames>
+        </index>
+    </indexes>
+    <foreignkeys/>
+  </table>
     <table name="alf_child_assoc">
       <columns>
         <column name="id" order="1">
diff --git a/config/alfresco/dbscripts/db-schema-context.xml b/config/alfresco/dbscripts/db-schema-context.xml
index 4e0bb43e57..94fffab14a 100644
--- a/config/alfresco/dbscripts/db-schema-context.xml
+++ b/config/alfresco/dbscripts/db-schema-context.xml
@@ -22,6 +22,7 @@
                 <value>classpath:alfresco/dbscripts/create/${db.script.dialect}/AlfrescoCreate-UsageTables.sql</value>
                 <value>classpath:alfresco/dbscripts/create/${db.script.dialect}/AlfrescoCreate-SubscriptionTables.sql</value>
                 <value>classpath:alfresco/dbscripts/create/${db.script.dialect}/AlfrescoCreate-TenantTables.sql</value>
+                <value>classpath:alfresco/dbscripts/create/${db.script.dialect}/AlfrescoCreate-AuthorizationTables.sql</value>
             </list>
         </property>
     </bean>
@@ -59,6 +60,7 @@
                 <ref bean="patch.db-V4.1-createIdxAlfNodeTQN" />
                 <ref bean="patch.db-V4.2-restructure-idx_alf_nprop_s-MSSQL" />
                 <ref bean="patch.db-V4.2-migrate-locale-multilingual" />
+                <ref bean="patch.db-V4.1-AuthorizationTables" />
                 <ref bean="patch.db-V5.0-ContentUrlEncryptionTables" />
                 <ref bean="patch.db-V5.1-metadata-query-indexes" />
             </list>
diff --git a/config/alfresco/encryption-context.xml b/config/alfresco/encryption-context.xml
index cc79bf6580..d1048874b5 100644
--- a/config/alfresco/encryption-context.xml
+++ b/config/alfresco/encryption-context.xml
@@ -84,6 +84,11 @@
        <property name="keyResourceLoader" ref="springKeyResourceLoader"/>
        <property name="validateKeyChanges" value="true"/>
        <property name="encryptionKeysRegistry" ref="encryptionKeysRegistry"/>
+       <property name="keysToValidate">
+         <set>
+            <value>metadata</value>
+         </set>	   
+       </property>	   
     </bean>
     
     <bean id="keyProvider" class="org.alfresco.encryption.KeystoreKeyProvider" init-method="init">
diff --git a/config/alfresco/messages/content-model_de.properties b/config/alfresco/messages/content-model_de.properties
index 9ed50a38fe..039b861d6a 100755
--- a/config/alfresco/messages/content-model_de.properties
+++ b/config/alfresco/messages/content-model_de.properties
@@ -47,7 +47,7 @@ cm_contentmodel.property.cm_lastName.title=Nachname
 cm_contentmodel.property.cm_lastName.description=Nachname der Person
 cm_contentmodel.property.cm_middleName.title=Zweitname
 cm_contentmodel.property.cm_middleName.description=Zweitname der Person
-cm_contentmodel.property.cm_email.title=E-Mail Adresse
+cm_contentmodel.property.cm_email.title=E-Mail-Adresse
 cm_contentmodel.property.cm_email.description=E-Mail-Adresse der Person
 cm_contentmodel.property.cm_homeFolderProvider.title=Home-Ordnerprovider
 cm_contentmodel.property.cm_homeFolderProvider.description=Home-Ordnerprovider
@@ -277,7 +277,7 @@ cm_contentmodel.property.cm_taggable.description=Tags
 
 cm_contentmodel.aspect.cm_attachable.title=Anhangf\u00e4hig
 cm_contentmodel.aspect.cm_attachable.description=L\u00e4sst andere Repository Objekte als Anhang zu
-cm_contentmodel.association.cm_attachments.title=Anlagen
+cm_contentmodel.association.cm_attachments.title=Anh\u00e4nge
 cm_contentmodel.association.cm_attachments.description=Angeh\u00e4ngte Repository-Objekte
 
 cm_contentmodel.aspect.cm_emailed.title=Per E-Mail versandt
diff --git a/config/alfresco/messages/content-model_it.properties b/config/alfresco/messages/content-model_it.properties
index 8c5313e769..861b10b650 100755
--- a/config/alfresco/messages/content-model_it.properties
+++ b/config/alfresco/messages/content-model_it.properties
@@ -23,7 +23,7 @@ cm_contentmodel.property.cm_content.description=Contenuto
 cm_contentmodel.property.cm_content.cm_content.size=Dimensioni
 cm_contentmodel.property.cm_content.cm_content.mimetype=Tipo MIME
 
-cm_contentmodel.type.cm_linkfile.title=Link a file
+cm_contentmodel.type.cm_linkfile.title=Collega file
 cm_contentmodel.type.cm_linkfile.description=Link a un altro file
 cm_contentmodel.property.cm_path.title=Percorso file collegato
 cm_contentmodel.property.cm_path.description=Percorso del file collegato
@@ -39,8 +39,8 @@ cm_contentmodel.type.cm_person.description=Persona
 
 cm_contentmodel.property.cm_userName.title=Nome utente
 cm_contentmodel.property.cm_userName.description=Nome utente della persona
-cm_contentmodel.property.cm_homeFolder.title=Cartella homepage
-cm_contentmodel.property.cm_homeFolder.description=Cartella della homepage della persona
+cm_contentmodel.property.cm_homeFolder.title=Cartella home page
+cm_contentmodel.property.cm_homeFolder.description=Cartella della home page della persona
 cm_contentmodel.property.cm_firstName.title=Nome
 cm_contentmodel.property.cm_firstName.description=Nome della persona
 cm_contentmodel.property.cm_lastName.title=Cognome
@@ -49,20 +49,20 @@ cm_contentmodel.property.cm_middleName.title=Secondo nome
 cm_contentmodel.property.cm_middleName.description=Secondo nome della persona
 cm_contentmodel.property.cm_email.title=Indirizzo e-mail
 cm_contentmodel.property.cm_email.description=Indirizzo e-mail della persona
-cm_contentmodel.property.cm_homeFolderProvider.title=Provider cartella homepage
-cm_contentmodel.property.cm_homeFolderProvider.description=Provider cartella homepage
-cm_contentmodel.property.cm_defaultHomeFolderPath.title=Percorso cartella homepage
-cm_contentmodel.property.cm_defaultHomeFolderPath.description=Percorso alla cartella homepage della persona
-cm_contentmodel.property.cm_presenceProvider.title=Provider Presense
-cm_contentmodel.property.cm_presenceProvider.description=Provider Presense
-cm_contentmodel.property.cm_presenceUsername.title=Nome utente Presense
-cm_contentmodel.property.cm_presenceUsername.description=Nome utente Presense
+cm_contentmodel.property.cm_homeFolderProvider.title=Provider cartella home page
+cm_contentmodel.property.cm_homeFolderProvider.description=Provider cartella home page
+cm_contentmodel.property.cm_defaultHomeFolderPath.title=Percorso cartella home page
+cm_contentmodel.property.cm_defaultHomeFolderPath.description=Percorso della cartella home page della persona
+cm_contentmodel.property.cm_presenceProvider.title=Presence Provider
+cm_contentmodel.property.cm_presenceProvider.description=Presence Provider
+cm_contentmodel.property.cm_presenceUsername.title=Nome utente Presence
+cm_contentmodel.property.cm_presenceUsername.description=Nome utente Presence
 cm_contentmodel.property.cm_jobtitle.title=Qualifica
 cm_contentmodel.property.cm_jobtitle.description=Qualifica della persona
 cm_contentmodel.property.cm_location.title=Localit\u00e0
 cm_contentmodel.property.cm_location.description=Localit\u00e0 della persona
-cm_contentmodel.property.cm_persondescription.title=Sommario
-cm_contentmodel.property.cm_persondescription.description=Sommario della persona
+cm_contentmodel.property.cm_persondescription.title=Riepilogo
+cm_contentmodel.property.cm_persondescription.description=Riepilogo della persona
 cm_contentmodel.property.cm_telephone.title=Telefono
 cm_contentmodel.property.cm_telephone.description=Numero di telefono della persona
 cm_contentmodel.property.cm_mobile.title=Cellulare
@@ -78,11 +78,11 @@ cm_contentmodel.property.cm_companyaddress2.description=Riga 2 dell'indirizzo de
 cm_contentmodel.property.cm_companyaddress3.title=Riga 3 indirizzo
 cm_contentmodel.property.cm_companyaddress3.description=Riga 3 dell'indirizzo dell'azienda della persona
 cm_contentmodel.property.cm_companypostcode.title=Codice postale
-cm_contentmodel.property.cm_companypostcode.description=Codice postale dell'azienda della persona
+cm_contentmodel.property.cm_companypostcode.description=Codice postale (CAP) dell'azienda della persona
 cm_contentmodel.property.cm_companytelephone.title=Telefono
 cm_contentmodel.property.cm_companytelephone.description=Numero di telefono dell'azienda della persona
 cm_contentmodel.property.cm_companyfax.title=Fax
-cm_contentmodel.property.cm_companyfax.description=Numero fax dell'azienda della persona
+cm_contentmodel.property.cm_companyfax.description=Numero di fax dell'azienda della persona
 cm_contentmodel.property.cm_companyemail.title=E-mail
 cm_contentmodel.property.cm_companyemail.description=Indirizzo e-mail dell'azienda della persona
 cm_contentmodel.property.cm_skype.title=Skype
@@ -90,9 +90,9 @@ cm_contentmodel.property.cm_skype.description=ID utente Skype della persona
 cm_contentmodel.property.cm_instantmsg.title=Messaggistica immediata
 cm_contentmodel.property.cm_instantmsg.description=ID utente messaggistica immediata della persona
 cm_contentmodel.property.cm_userStatus.title=Stato
-cm_contentmodel.property.cm_userStatus.description=Stato corrente della persona
+cm_contentmodel.property.cm_userStatus.description=Stato attuale della persona
 cm_contentmodel.property.cm_userStatusTime.title=Ora stato
-cm_contentmodel.property.cm_userStatusTime.description=Ora ultimo aggiornamento dello stato della persona
+cm_contentmodel.property.cm_userStatusTime.description=Ora dell'ultimo aggiornamento dello stato della persona
 cm_contentmodel.property.cm_googleusername.title=Nome utente Google
 cm_contentmodel.property.cm_googleusername.description=Nome utente Google della persona 
 cm_contentmodel.property.cm_sizeCurrent.title=Uso
@@ -114,8 +114,8 @@ cm_contentmodel.type.cm_category.description=Categoria
 cm_contentmodel.association.cm_subcategories.title=Categorie
 cm_contentmodel.association.cm_subcategories.description=Sottocategorie della categoria
 
-cm_contentmodel.aspect.cm_titled.title=Titolato
-cm_contentmodel.aspect.cm_titled.description=Titolato
+cm_contentmodel.aspect.cm_titled.title=Con titolo
+cm_contentmodel.aspect.cm_titled.description=Con titolo
 cm_contentmodel.property.cm_title.title=Titolo
 cm_contentmodel.property.cm_title.description=Titolo del contenuto
 cm_contentmodel.property.cm_description.title=Descrizione
@@ -139,18 +139,18 @@ cm_contentmodel.aspect.cm_author.description=Autore
 cm_contentmodel.property.cm_author.title=Autore
 cm_contentmodel.property.cm_author.description=Autore
 
-cm_contentmodel.aspect.cm_localizable.title=Localizable
-cm_contentmodel.aspect.cm_localizable.description=Localizable
+cm_contentmodel.aspect.cm_localizable.title=Localizzabile
+cm_contentmodel.aspect.cm_localizable.description=Localizzabile
 cm_contentmodel.property.cm_locale.title=Impostazioni locali
 cm_contentmodel.property.cm_locale.description=Impostazioni locali 
 
-cm_contentmodel.aspect.cm_translatable.title=Translatable
-cm_contentmodel.aspect.cm_translatable.description=Translatable
+cm_contentmodel.aspect.cm_translatable.title=Traducibile
+cm_contentmodel.aspect.cm_translatable.description=Traducibile
 cm_contentmodel.association.cm_translations.title=Traduzioni
 cm_contentmodel.association.cm_translations.description=Traduzioni
 
-cm_contentmodel.aspect.cm_transformable.title=Transformable
-cm_contentmodel.aspect.cm_transformable.description=Transformable
+cm_contentmodel.aspect.cm_transformable.title=Trasformabile
+cm_contentmodel.aspect.cm_transformable.description=Trasformabile
 cm_contentmodel.association.cm_formats.title=Formati
 cm_contentmodel.association.cm_formats.description=Elementi trasformati
 
@@ -188,23 +188,23 @@ cm_contentmodel.property.cm_rights.description=Diritti
 cm_contentmodel.property.cm_subject.title=Oggetto
 cm_contentmodel.property.cm_subject.description=Oggetto
 
-cm_contentmodel.aspect.cm_basable.title=Basable
-cm_contentmodel.aspect.cm_basable.description=Basable
+cm_contentmodel.aspect.cm_basable.title=Basabile
+cm_contentmodel.aspect.cm_basable.description=Basabile
 cm_contentmodel.association.cm_basis.title=Base
 cm_contentmodel.association.cm_basis.description=Base
 
-cm_contentmodel.aspect.cm_partable.title=Partable
-cm_contentmodel.aspect.cm_partable.description=Partable
+cm_contentmodel.aspect.cm_partable.title=Divisibile in parti
+cm_contentmodel.aspect.cm_partable.description=Divisibile in parti
 cm_contentmodel.association.cm_parts.title=Parti
 cm_contentmodel.association.cm_parts.description=Parti
 
-cm_contentmodel.aspect.cm_referencing.title=Referencing
-cm_contentmodel.aspect.cm_referencing.description=Referencing
+cm_contentmodel.aspect.cm_referencing.title=Gestibile con riferimenti
+cm_contentmodel.aspect.cm_referencing.description=Gestibile con riferimenti
 cm_contentmodel.association.cm_references.title=Riferimenti
 cm_contentmodel.association.cm_references.description=Riferimenti
 
-cm_contentmodel.aspect.cm_replacable.title=Replaceable
-cm_contentmodel.aspect.cm_replacable.description=Replaceable
+cm_contentmodel.aspect.cm_replacable.title=Sostituibile
+cm_contentmodel.aspect.cm_replacable.description=Sostituibile
 cm_contentmodel.association.cm_replaces.title=Sostituzioni
 cm_contentmodel.association.cm_replaces.description=Sostituzioni
 
@@ -217,16 +217,16 @@ cm_contentmodel.property.cm_to.description=Valido fino a
 
 cm_contentmodel.aspect.cm_summarizable.title=Riepilogabile
 cm_contentmodel.aspect.cm_summarizable.description=Riepilogabile
-cm_contentmodel.property.cm_summary.title=Sommario
-cm_contentmodel.property.cm_summary.description=Sommario
+cm_contentmodel.property.cm_summary.title=Riepilogo
+cm_contentmodel.property.cm_summary.description=Riepilogo
 
-cm_contentmodel.aspect.cm_countable.title=Countable
-cm_contentmodel.aspect.cm_countable.description=Countable
-cm_contentmodel.property.cm_hits.title=Conteggio
-cm_contentmodel.property.cm_hits.description=Conteggio
+cm_contentmodel.aspect.cm_countable.title=Contabile
+cm_contentmodel.aspect.cm_countable.description=Contabile
+cm_contentmodel.property.cm_hits.title=Riscontri
+cm_contentmodel.property.cm_hits.description=Riscontri
 
-cm_contentmodel.aspect.cm_copiedFrom.title=Copied From
-cm_contentmodel.aspect.cm_copiedFrom.description=Copied From
+cm_contentmodel.aspect.cm_copiedFrom.title=Copiato da
+cm_contentmodel.aspect.cm_copiedFrom.description=Copiato da
 cm_contentmodel.property.cm_source.title=Fonte
 cm_contentmodel.property.cm_source.description=Fonte
 
@@ -254,11 +254,11 @@ cm_contentmodel.property.cm_lockLifetime.title=Durata blocco
 cm_contentmodel.property.cm_lockLifetime.description=Durata blocco
 cm_contentmodel.property.cm_expiryDate.title=Data di scadenza
 cm_contentmodel.property.cm_expiryDate.description=Data di scadenza
-cm_contentmodel.property.cm_lockIsDeep.title=Blocco completo
-cm_contentmodel.property.cm_lockIsDeep.description=Blocco completo
+cm_contentmodel.property.cm_lockIsDeep.title=Deep Lock
+cm_contentmodel.property.cm_lockIsDeep.description=Deep Lock
 
-cm_contentmodel.aspect.cm_subscribable.title=Subscribable
-cm_contentmodel.aspect.cm_subscribable.description=Subscribable
+cm_contentmodel.aspect.cm_subscribable.title=Sottoscrivibile
+cm_contentmodel.aspect.cm_subscribable.description=Sottoscrivibile
 cm_contentmodel.association.cm_subscribedBy.title=Sottoscritto da
 cm_contentmodel.association.cm_subscribedBy.description=Sottoscritto da
 
@@ -270,12 +270,12 @@ cm_contentmodel.aspect.cm_generalclassifiable.description=Classificabile
 cm_contentmodel.property.cm_categories.title=Categorie
 cm_contentmodel.property.cm_categories.description=Categorie
 
-cm_contentmodel.aspect.cm_taggable.title=Etichettabile
-cm_contentmodel.aspect.cm_taggable.description=Etichettabile
+cm_contentmodel.aspect.cm_taggable.title=Taggabile
+cm_contentmodel.aspect.cm_taggable.description=Taggabile
 cm_contentmodel.property.cm_taggable.title=Tag
 cm_contentmodel.property.cm_taggable.description=Tag
 
-cm_contentmodel.aspect.cm_attachable.title=Associabile
+cm_contentmodel.aspect.cm_attachable.title=Allegabile
 cm_contentmodel.aspect.cm_attachable.description=Consente di allegare altri oggetti del repository
 cm_contentmodel.association.cm_attachments.title=Allegati
 cm_contentmodel.association.cm_attachments.description=Oggetti del repository allegati
@@ -345,25 +345,25 @@ cm_contentmodel.property.audio_engineer.title=Ingegnere
 cm_contentmodel.property.audio_engineer.description=Ingegnere di registrazione
 cm_contentmodel.property.audio_genre.title=Genere
 cm_contentmodel.property.audio_genre.description=Genere musicale
-cm_contentmodel.property.audio_trackNumber.title=Numero della traccia audio
+cm_contentmodel.property.audio_trackNumber.title=Numero di traccia
 cm_contentmodel.property.audio_trackNumber.description=Numero della traccia audio dell'album
 cm_contentmodel.property.audio_releaseDate.title=Data di pubblicazione
 cm_contentmodel.property.audio_releaseDate.description=Data di pubblicazione
 cm_contentmodel.property.audio_sampleRate.title=Frequenza di campionamento
 cm_contentmodel.property.audio_sampleRate.description=Frequenza di campionamento
 cm_contentmodel.property.audio_sampleType.title=Tipo di campionamento
-cm_contentmodel.property.audio_sampleType.description=Tipo di campionamento audio, tipicamennte uno tra 8Int, 16Int, 32Int o 32Float
+cm_contentmodel.property.audio_sampleType.description=Tipo di campionamento audio, tipicamente uno tra 8Int, 16Int, 32Int o 32Float
 cm_contentmodel.property.audio_channelType.title=Tipo di canale
 cm_contentmodel.property.audio_channelType.description=Tipo di canale audio, tipicamente uno tra Mono, Stereo, 5,1 o 7,1
 cm_contentmodel.property.audio_compressor.title=Compressore
 cm_contentmodel.property.audio_compressor.description=Compressore audio utilizzato, ad esempio MP3 o FLAC
 
 cm_contentmodel.aspect.cm_indexControl.title=Controllo indice
-cm_contentmodel.aspect.cm_indexControl.description=Il comportamento indice di controllo
+cm_contentmodel.aspect.cm_indexControl.description=Il comportamento per il controllo dell'indice
 cm_contentmodel.property.cm_isIndexed.title=Indicizzato
 cm_contentmodel.property.cm_isIndexed.description=Il nodo \u00e8 indicizzato e pu\u00f2 essere trovato tramite ricerca.
 cm_contentmodel.property.cm_isContentIndexed.title=Contenuto indicizzato
 cm_contentmodel.property.cm_isContentIndexed.description=Le propriet\u00e0 d:content del nodo sono indicizzate?
 
-cm_contentmodel.property.cm_tagScopeSummary.title=Sommario tag
-cm_contentmodel.property.cm_tagScopeSummary.description=Sommario tag
\ No newline at end of file
+cm_contentmodel.property.cm_tagScopeSummary.title=Riepilogo tag
+cm_contentmodel.property.cm_tagScopeSummary.description=Riepilogo tag
\ No newline at end of file
diff --git a/config/alfresco/messages/content-model_ja.properties b/config/alfresco/messages/content-model_ja.properties
index 3dff7bf9b7..6ed8be28fb 100755
--- a/config/alfresco/messages/content-model_ja.properties
+++ b/config/alfresco/messages/content-model_ja.properties
@@ -61,7 +61,7 @@ cm_contentmodel.property.cm_jobtitle.title=\u5f79\u8077\u540d
 cm_contentmodel.property.cm_jobtitle.description=\u3053\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u5f79\u8077
 cm_contentmodel.property.cm_location.title=\u5834\u6240
 cm_contentmodel.property.cm_location.description=\u3053\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u5834\u6240
-cm_contentmodel.property.cm_persondescription.title=\u6982\u8981
+cm_contentmodel.property.cm_persondescription.title=\u8981\u7d04
 cm_contentmodel.property.cm_persondescription.description=\u3053\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u6982\u8981
 cm_contentmodel.property.cm_telephone.title=\u96fb\u8a71
 cm_contentmodel.property.cm_telephone.description=\u3053\u306e\u30e6\u30fc\u30b6\u30fc\u306e\u96fb\u8a71\u756a\u53f7
@@ -123,11 +123,11 @@ cm_contentmodel.property.cm_description.description=\u30b3\u30f3\u30c6\u30f3\u30
 
 cm_contentmodel.aspect.cm_auditable.title=\u76e3\u67fb\u53ef\u80fd
 cm_contentmodel.aspect.cm_auditable.description=\u76e3\u67fb\u53ef\u80fd
-cm_contentmodel.property.cm_created.title=\u4f5c\u6210\u65e5
-cm_contentmodel.property.cm_created.description=\u4f5c\u6210\u65e5
+cm_contentmodel.property.cm_created.title=\u4f5c\u6210\u65e5\u6642
+cm_contentmodel.property.cm_created.description=\u4f5c\u6210\u65e5\u6642
 cm_contentmodel.property.cm_creator.title=\u4f5c\u6210\u8005
 cm_contentmodel.property.cm_creator.description=\u3053\u306e\u30a2\u30a4\u30c6\u30e0\u306e\u4f5c\u6210\u8005
-cm_contentmodel.property.cm_modified.title=\u5909\u66f4\u65e5
+cm_contentmodel.property.cm_modified.title=\u5909\u66f4\u65e5\u6642
 cm_contentmodel.property.cm_modified.description=\u3053\u306e\u30a2\u30a4\u30c6\u30e0\u306e\u6700\u7d42\u5909\u66f4\u65e5
 cm_contentmodel.property.cm_modifier.title=\u5909\u66f4\u8005
 cm_contentmodel.property.cm_modifier.description=\u3053\u306e\u30a2\u30a4\u30c6\u30e0\u306e\u6700\u7d42\u5909\u66f4\u8005
diff --git a/config/alfresco/messages/content-model_nl.properties b/config/alfresco/messages/content-model_nl.properties
index 3e4d9b6e7e..5ef4f502a6 100755
--- a/config/alfresco/messages/content-model_nl.properties
+++ b/config/alfresco/messages/content-model_nl.properties
@@ -128,7 +128,7 @@ cm_contentmodel.property.cm_created.description=Datum gemaakt
 cm_contentmodel.property.cm_creator.title=Maker
 cm_contentmodel.property.cm_creator.description=De persoon die dit object heeft gemaakt
 cm_contentmodel.property.cm_modified.title=Datum gewijzigd
-cm_contentmodel.property.cm_modified.description=Datum waarop dit object voor het laatst is gewijzigd
+cm_contentmodel.property.cm_modified.description=De datum waarop dit object voor het laatst is gewijzigd
 cm_contentmodel.property.cm_modifier.title=Gewijzigd door
 cm_contentmodel.property.cm_modifier.description=De persoon die dit object voor het laatst heeft gewijzigd
 cm_contentmodel.property.cm_accessed.title=Datum laatste toegang
diff --git a/config/alfresco/messages/content-model_ru.properties b/config/alfresco/messages/content-model_ru.properties
index aa7541979c..298b3b9840 100755
--- a/config/alfresco/messages/content-model_ru.properties
+++ b/config/alfresco/messages/content-model_ru.properties
@@ -128,7 +128,7 @@ cm_contentmodel.property.cm_created.description=\u0414\u0430\u0442\u0430 \u0441\
 cm_contentmodel.property.cm_creator.title=\u0421\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u044c
 cm_contentmodel.property.cm_creator.description=\u041a\u0442\u043e \u0441\u043e\u0437\u0434\u0430\u043b \u0434\u0430\u043d\u043d\u044b\u0439 \u044d\u043b\u0435\u043c\u0435\u043d\u0442
 cm_contentmodel.property.cm_modified.title=\u0414\u0430\u0442\u0430 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f
-cm_contentmodel.property.cm_modified.description=\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430
+cm_contentmodel.property.cm_modified.description=\u0412\u0440\u0435\u043c\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0434\u0430\u043d\u043d\u043e\u0433\u043e \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430
 cm_contentmodel.property.cm_modifier.title=\u0420\u0435\u0434\u0430\u043a\u0442\u043e\u0440
 cm_contentmodel.property.cm_modifier.description=\u041a\u0442\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u043c \u0438\u0437\u043c\u0435\u043d\u0438\u043b \u0434\u0430\u043d\u043d\u044b\u0439 \u044d\u043b\u0435\u043c\u0435\u043d\u0442
 cm_contentmodel.property.cm_accessed.title=\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430
@@ -361,9 +361,9 @@ cm_contentmodel.property.audio_compressor.description=\u041a\u043e\u0434\u0435\u
 cm_contentmodel.aspect.cm_indexControl.title=\u041a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0438\u043d\u0434\u0435\u043a\u0441\u043e\u0432
 cm_contentmodel.aspect.cm_indexControl.description=\u041f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435 \u043f\u0440\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0435 \u0438\u043d\u0434\u0435\u043a\u0441\u043e\u0432
 cm_contentmodel.property.cm_isIndexed.title=\u0418\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d
-cm_contentmodel.property.cm_isIndexed.description=\u0418\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d \u043b\u0438 \u043e\u0431\u044a\u0435\u043a\u0442 \u0438 \u043c\u043e\u0436\u043d\u043e \u043b\u0438 \u0435\u0433\u043e \u043d\u0430\u0439\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u0438\u0441\u043a\u0430.
+cm_contentmodel.property.cm_isIndexed.description=\u0418\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d \u043b\u0438 \u0443\u0437\u0435\u043b \u0438 \u043c\u043e\u0436\u043d\u043e \u043b\u0438 \u0435\u0433\u043e \u043d\u0430\u0439\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u0438\u0441\u043a\u0430.
 cm_contentmodel.property.cm_isContentIndexed.title=\u041a\u043e\u043d\u0442\u0435\u043d\u0442 \u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d
-cm_contentmodel.property.cm_isContentIndexed.description=\u0418\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043b\u0438 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0430 d:content \u043e\u0431\u044a\u0435\u043a\u0442\u0430?
+cm_contentmodel.property.cm_isContentIndexed.description=\u0418\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043b\u0438 \u0441\u0432\u043e\u0439\u0441\u0442\u0432\u0430 d:content \u0443\u0437\u043b\u0430?
 
 cm_contentmodel.property.cm_tagScopeSummary.title=\u0421\u0432\u043e\u0434\u043a\u0430 \u043f\u043e \u0442\u0435\u0433\u0430\u043c
 cm_contentmodel.property.cm_tagScopeSummary.description=\u0421\u0432\u043e\u0434\u043a\u0430 \u043f\u043e \u0442\u0435\u0433\u0430\u043c
diff --git a/config/alfresco/messages/system-messages.properties b/config/alfresco/messages/system-messages.properties
index 66fc98b023..6e8045752a 100644
--- a/config/alfresco/messages/system-messages.properties
+++ b/config/alfresco/messages/system-messages.properties
@@ -84,6 +84,7 @@ system.usage.warn.limit_documents_approached=The allowable content limit of {0}
 system.usage.warn.limit_documents_reached=The allowable content limit of {0} has been reached.  There are {1} content objects in the system.
 system.usage.err.limit_users_exceeded=The allowable user limit of {0} as per your license agreement has been exceeded.  There are currently {1} users in the system. Please contact your Alfresco sales representative to purchase additional user licenses.
 system.usage.err.limit_users_exceeded_verbose=The allowable user limit of {0} as per your license agreement has been exceeded. Users added: {1}. Please contact your Alfresco sales representative to purchase additional user licenses.
+system.usage.warn.limit_users_overage=The allowable user limit of {0} for your license agreement has been reached. There are {1} users in the system, {2} are temporarily permitted. Please contact your Alfresco sales representative to purchase additional user licenses.
 
 system.usage.err.limit_documents_exceeded=The allowable content limit of {0} has been exceeded.  There are currently {1} content objects in the system.
 system.usage.err.limit_license_expiring=The Alfresco license will expire in {0} days.
diff --git a/config/alfresco/messages/system-messages_de.properties b/config/alfresco/messages/system-messages_de.properties
index e446161fb4..12c7abb724 100755
--- a/config/alfresco/messages/system-messages_de.properties
+++ b/config/alfresco/messages/system-messages_de.properties
@@ -84,6 +84,7 @@ system.usage.warn.limit_documents_approached=Die zul\u00e4ssige Inhaltsbegrenzun
 system.usage.warn.limit_documents_reached=Die zul\u00e4ssige Inhaltsbegrenzung von {0} wurde erreicht.  Es gibt {1} Inhaltsobjekte im System.
 system.usage.err.limit_users_exceeded=Die gem\u00e4\u00df Ihrer Lizenzvereinbarung zul\u00e4ssige Benutzerzahl von {0} wurde \u00fcberschritten.  Es gibt derzeit {1} Benutzer im System. Bitte wenden Sie sich an Ihren Alfresco-Vertriebsvertreter, um weitere Benutzerlizenzen zu erwerben.
 system.usage.err.limit_users_exceeded_verbose=Die gem\u00e4\u00df Ihrer Lizenzvereinbarung zul\u00e4ssige Benutzerzahl von {0} wurde \u00fcberschritten. Benutzer hinzugef\u00fcgt: {1}. Bitte wenden Sie sich an Ihren Alfresco-Vertriebsvertreter, um weitere Benutzerlizenzen zu erwerben.
+system.usage.warn.limit_users_overage=Die gem\u00e4\u00df Ihrer Lizenzvereinbarung zul\u00e4ssige Benutzerzahl von {0} wurde erreicht. Es gibt {1} Benutzer im System, {2} sind kurzzeitig zul\u00e4ssig. Bitte wenden Sie sich an Ihren Alfresco-Vertriebsvertreter, um weitere Benutzerlizenzen zu erwerben.
 
 system.usage.err.limit_documents_exceeded=Die zul\u00e4ssige Inhaltsbegrenzung von {0} wurde erreicht.  Es gibt derzeit {1} Inhaltsobjekte im System.
 system.usage.err.limit_license_expiring=Die Alfresco Lizenz l\u00e4uft in {0}\u00a0Tagen ab.
diff --git a/config/alfresco/messages/system-messages_es.properties b/config/alfresco/messages/system-messages_es.properties
index a80a73ad8e..21209f25f6 100755
--- a/config/alfresco/messages/system-messages_es.properties
+++ b/config/alfresco/messages/system-messages_es.properties
@@ -84,6 +84,7 @@ system.usage.warn.limit_documents_approached=Se est\u00e1 llegando al l\u00edmit
 system.usage.warn.limit_documents_reached=Se ha alcanzado el l\u00edmite de contenido permitido de {0}.  Hay {1} objetos de contenido en el sistema.
 system.usage.err.limit_users_exceeded=Se ha superado el l\u00edmite de usuarios permitidos de {0} de su acuerdo de licencia.  En este momento, hay {1} usuarios en el sistema. P\u00f3ngase en contacto con un representante de ventas de Alfresco para adquirir licencias de usuario adicionales.
 system.usage.err.limit_users_exceeded_verbose=Se ha superado el l\u00edmite de usuarios permitidos de {0} de su acuerdo de licencia. Usuarios a\u00f1adidos: {1}. P\u00f3ngase en contacto con un representante de ventas de Alfresco para adquirir licencias de usuario adicionales.
+system.usage.warn.limit_users_overage=Se ha llegado al l\u00edmite de usuarios permitidos de {0} para su acuerdo de licencia. Hay {1} usuarios en el sistema; se permiten temporalmente {2} usuarios. P\u00f3ngase en contacto con un representante de ventas de Alfresco para adquirir licencias de usuario adicionales.
 
 system.usage.err.limit_documents_exceeded=Se ha superado el l\u00edmite de contenido permitido de {0}.  En este momento, hay {1} objetos de contenido el sistema.
 system.usage.err.limit_license_expiring=La licencia de Alfresco se vencer\u00e1 en {0} d\u00edas.
diff --git a/config/alfresco/messages/system-messages_fr.properties b/config/alfresco/messages/system-messages_fr.properties
index 37dcef9e2d..eadd3945f0 100755
--- a/config/alfresco/messages/system-messages_fr.properties
+++ b/config/alfresco/messages/system-messages_fr.properties
@@ -78,12 +78,13 @@ system.usage.err.no_txn=RepoUsageComponent must be called in a transaction.
 system.usage.err.no_txn_readwrite=RepoUsageComponent must be called in a read-write transaction.
 
 # START TRANSLATION
-system.usage.warn.limit_users_approached=Vous avez presque atteint le nombre maximum d''utilisateurs autoris\u00e9s d\u00e9fini dans votre contrat de licence, qui est de {0}.  Il y a {1} utilisateurs dans le syst\u00e8me. Pour l''achat de licences suppl\u00e9mentaires, veuillez contacter votre repr\u00e9sentant Alfresco.
-system.usage.warn.limit_users_reached=Vous avez atteint le nombre maximum d''utilisateurs autoris\u00e9s d\u00e9fini dans votre contrat de licence, qui est de {0}.  Il y a {1} utilisateurs dans le syst\u00e8me. Pour l''achat de licences suppl\u00e9mentaires, veuillez contacter votre repr\u00e9sentant Alfresco.
+system.usage.warn.limit_users_approached=Vous avez presque atteint le nombre maximum d''utilisateurs autoris\u00e9s d\u00e9fini dans votre contrat de licence, qui est de {0}.  Il y a {1} utilisateurs dans le syst\u00e8me. Pour l'achat de licences suppl\u00e9mentaires, veuillez contacter votre repr\u00e9sentant Alfresco.
+system.usage.warn.limit_users_reached=Vous avez atteint le nombre maximum d''utilisateurs autoris\u00e9s d\u00e9fini dans votre contrat de licence, qui est de {0}.  Il y a {1} utilisateurs dans le syst\u00e8me. Pour l'achat de licences suppl\u00e9mentaires, veuillez contacter votre repr\u00e9sentant Alfresco.
 system.usage.warn.limit_documents_approached=Le nombre maximum de contenus autoris\u00e9s de {0} est presque atteint.  Il y a {1} objets de contenu dans le syst\u00e8me. 
 system.usage.warn.limit_documents_reached=Le nombre maximum de contenus autoris\u00e9s de {0} a \u00e9t\u00e9 atteint.  Il y a {1} objets de contenu dans le syst\u00e8me.
 system.usage.err.limit_users_exceeded=Le nombre maximum d''utilisateurs autoris\u00e9s d\u00e9fini dans votre contrat de licence, qui est de {0}, a \u00e9t\u00e9 d\u00e9pass\u00e9.  Il y a actuellement {1} utilisateurs dans le syst\u00e8me. Pour l''achat de licences suppl\u00e9mentaires, veuillez contacter votre repr\u00e9sentant Alfresco.
 system.usage.err.limit_users_exceeded_verbose=Le nombre maximum d''utilisateurs autoris\u00e9s d\u00e9fini dans votre contrat de licence, qui est de {0}, a \u00e9t\u00e9 d\u00e9pass\u00e9. Utilisateurs ajout\u00e9s\u00a0: {1}. Pour l''achat de licences suppl\u00e9mentaires, veuillez contacter votre repr\u00e9sentant Alfresco.
+system.usage.warn.limit_users_overage=Vous avez atteint le nombre maximum d''utilisateurs autoris\u00e9s d\u00e9fini dans votre contrat de licence, qui est de {0}. Il y a {1} utilisateurs dans le syst\u00e8me\u00a0; le nombre temporairement autoris\u00e9 est de {2}. Pour l''achat de licences suppl\u00e9mentaires, veuillez contacter votre repr\u00e9sentant Alfresco.
 
 system.usage.err.limit_documents_exceeded=Le nombre maximum de contenus autoris\u00e9s de {0} a \u00e9t\u00e9 d\u00e9pass\u00e9.  Il y a actuellement {1} objets de contenu dans le syst\u00e8me.
 system.usage.err.limit_license_expiring=La licence Alfresco expirera dans {0} jours.
diff --git a/config/alfresco/messages/system-messages_it.properties b/config/alfresco/messages/system-messages_it.properties
index 480e91012f..502f5a9b65 100755
--- a/config/alfresco/messages/system-messages_it.properties
+++ b/config/alfresco/messages/system-messages_it.properties
@@ -78,12 +78,13 @@ system.usage.err.no_txn=RepoUsageComponent must be called in a transaction.
 system.usage.err.no_txn_readwrite=RepoUsageComponent must be called in a read-write transaction.
 
 # START TRANSLATION
-system.usage.warn.limit_users_approached=Il limite di utenti consentiti ({0}) previsto dall''accordo di licenza \u00e8 stato quasi raggiunto.  Esistono {1} utenti nel sistema. Contattare il proprio rappresentante vendite Alfresco per acquistare licenze utente aggiuntive.
-system.usage.warn.limit_users_reached=Il limite di utenti consentiti ({0}) previsto dall''accordo di licenza \u00e8 stato raggiunto.  Esistono {1} utenti nel sistema. Contattare il proprio rappresentante vendite Alfresco per acquistare licenze utente aggiuntive.
-system.usage.warn.limit_documents_approached=Il limite di contenuti consentiti ({0}) sta per essere raggiunto.  Esistono {1} oggetti contenuto nel sistema. 
-system.usage.warn.limit_documents_reached=Il limite di contenuti consentiti ({0}) \u00e8 stato raggiunto.  Esistono {1} oggetti contenuto nel sistema.
-system.usage.err.limit_users_exceeded=Il limite di utenti consentiti ({0}) previsto dall''accordo di licenza \u00e8 stato superato.  Attualmente esistono {1} utenti nel sistema. Contattare il proprio rappresentante vendite Alfresco per acquistare licenze utente aggiuntive.
-system.usage.err.limit_users_exceeded_verbose=Il limite di utenti consentiti ({0}) previsto dall''accordo di licenza \u00e8 stato superato. Utenti aggiunti: {1}. Contattare il proprio rappresentante vendite Alfresco per acquistare licenze utente aggiuntive.
+system.usage.warn.limit_users_approached=Il limite di utenti consentiti ({0}) previsto dall''accordo di licenza sta per essere raggiunto. Ci sono {1} utenti nel sistema. Contattare il proprio rappresentante di vendita Alfresco per acquistare licenze utente aggiuntive.
+system.usage.warn.limit_users_reached=Il limite di utenti consentiti ({0}) previsto dall''accordo di licenza \u00e8 stato raggiunto. Ci sono {1} utenti nel sistema. Contattare il proprio rappresentante di vendita Alfresco per acquistare licenze utente aggiuntive.
+system.usage.warn.limit_documents_approached=Il limite di contenuti consentiti ({0}) sta per essere raggiunto. Ci sono {1} oggetti contenuto nel sistema. 
+system.usage.warn.limit_documents_reached=Il limite di contenuti consentiti ({0}) \u00e8 stato raggiunto. Ci sono {1} oggetti contenuto nel sistema.
+system.usage.err.limit_users_exceeded=Il limite di utenti consentiti ({0}) previsto dall''accordo di licenza \u00e8 stato superato. Attualmente ci sono {1} utenti nel sistema. Contattare il proprio rappresentante di vendita Alfresco per acquistare licenze utente aggiuntive.
+system.usage.err.limit_users_exceeded_verbose=Il limite di utenti consentiti ({0}) previsto dall''accordo di licenza \u00e8 stato superato. Utenti aggiunti: {1}. Contattare il proprio rappresentante di vendita Alfresco per acquistare licenze utente aggiuntive.
+system.usage.warn.limit_users_overage=Il limite di utenti consentiti ({0}) previsto dall''accordo di licenza \u00e8 stato raggiunto. Ci sono {1} utenti nel sistema e sono ammessi temporaneamente {2} utenti. Contattare il proprio rappresentante di vendita Alfresco per acquistare licenze utente aggiuntive.
 
 system.usage.err.limit_documents_exceeded=Il limite di contenuti consentiti ({0}) \u00e8 stato superato.  Attualmente esistono {1} oggetti contenuto nel sistema.
 system.usage.err.limit_license_expiring=La licenza Alfresco scade tra {0} giorni.
diff --git a/config/alfresco/messages/system-messages_ja.properties b/config/alfresco/messages/system-messages_ja.properties
index 973f12d9a2..bcc8c5c21a 100755
--- a/config/alfresco/messages/system-messages_ja.properties
+++ b/config/alfresco/messages/system-messages_ja.properties
@@ -78,12 +78,13 @@ system.usage.err.no_txn=RepoUsageComponent must be called in a transaction.
 system.usage.err.no_txn_readwrite=RepoUsageComponent must be called in a read-write transaction.
 
 # START TRANSLATION
-system.usage.warn.limit_users_approached=\u3082\u3046\u5c11\u3057\u3067\u3001\u30e9\u30a4\u30bb\u30f3\u30b9\u4f7f\u7528\u8a31\u8afe\u5951\u7d04\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u9650\u754c\u306e\u30e6\u30fc\u30b6\u30fc\u6570 ({0} \u4eba) \u306b\u9054\u3057\u307e\u3059\u3002  \u30b7\u30b9\u30c6\u30e0\u306b {1} \u4eba\u306e\u30e6\u30fc\u30b6\u30fc\u304c\u3044\u307e\u3059\u3002 Alfresco \u306e\u55b6\u696d\u62c5\u5f53\u306b\u9023\u7d61\u3057\u3066\u3001\u8ffd\u52a0\u306e\u30e6\u30fc\u30b6\u30fc\u30e9\u30a4\u30bb\u30f3\u30b9\u3092\u8cfc\u5165\u3057\u3066\u304f\u3060\u3055\u3044\u3002
-system.usage.warn.limit_users_reached=\u30e9\u30a4\u30bb\u30f3\u30b9\u4f7f\u7528\u8a31\u8afe\u5951\u7d04\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u9650\u754c\u306e\u30e6\u30fc\u30b6\u30fc\u6570 ({0} \u4eba) \u306b\u9054\u3057\u307e\u3057\u305f\u3002  \u30b7\u30b9\u30c6\u30e0\u306b {1} \u4eba\u306e\u30e6\u30fc\u30b6\u30fc\u304c\u3044\u307e\u3059\u3002 Alfresco \u306e\u55b6\u696d\u62c5\u5f53\u306b\u9023\u7d61\u3057\u3066\u3001\u8ffd\u52a0\u306e\u30e6\u30fc\u30b6\u30fc\u30e9\u30a4\u30bb\u30f3\u30b9\u3092\u8cfc\u5165\u3057\u3066\u304f\u3060\u3055\u3044\u3002
-system.usage.warn.limit_documents_approached=\u3082\u3046\u5c11\u3057\u3067\u3001\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u9650\u754c\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u6570 ({0} \u500b) \u306b\u9054\u3057\u307e\u3059\u3002  \u30b7\u30b9\u30c6\u30e0\u306b {1} \u500b\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u3042\u308a\u307e\u3059\u3002 
-system.usage.warn.limit_documents_reached=\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u9650\u754c\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u6570 ({0}) \u306b\u9054\u3057\u307e\u3057\u305f\u3002  \u30b7\u30b9\u30c6\u30e0\u306b {1} \u500b\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u3042\u308a\u307e\u3059\u3002
-system.usage.err.limit_users_exceeded=\u30e9\u30a4\u30bb\u30f3\u30b9\u4f7f\u7528\u8a31\u8afe\u5951\u7d04\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u9650\u754c\u306e\u30e6\u30fc\u30b6\u30fc\u6570 ({0} \u4eba) \u3092\u8d85\u3048\u3066\u3044\u307e\u3059\u3002  \u73fe\u5728\u30b7\u30b9\u30c6\u30e0\u306b {1} \u4eba\u306e\u30e6\u30fc\u30b6\u30fc\u304c\u3044\u307e\u3059\u3002 Alfresco \u306e\u55b6\u696d\u62c5\u5f53\u306b\u9023\u7d61\u3057\u3066\u3001\u8ffd\u52a0\u306e\u30e6\u30fc\u30b6\u30fc\u30e9\u30a4\u30bb\u30f3\u30b9\u3092\u8cfc\u5165\u3057\u3066\u304f\u3060\u3055\u3044\u3002
-system.usage.err.limit_users_exceeded_verbose=\u30e9\u30a4\u30bb\u30f3\u30b9\u4f7f\u7528\u8a31\u8afe\u5951\u7d04\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u9650\u754c\u306e\u30e6\u30fc\u30b6\u30fc\u6570 ({0} \u4eba) \u3092\u8d85\u3048\u3066\u3044\u307e\u3059\u3002 \u8ffd\u52a0\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u6570: {1}\u3002 Alfresco \u306e\u55b6\u696d\u62c5\u5f53\u306b\u9023\u7d61\u3057\u3066\u3001\u8ffd\u52a0\u306e\u30e6\u30fc\u30b6\u30fc\u30e9\u30a4\u30bb\u30f3\u30b9\u3092\u8cfc\u5165\u3057\u3066\u304f\u3060\u3055\u3044\u3002
+system.usage.warn.limit_users_approached=\u3082\u3046\u5c11\u3057\u3067\u3001\u30e9\u30a4\u30bb\u30f3\u30b9\u4f7f\u7528\u8a31\u8afe\u5951\u7d04\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u6700\u5927\u30e6\u30fc\u30b6\u30fc\u6570 ({0} \u4eba) \u306b\u9054\u3057\u307e\u3059\u3002  \u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u304c  {1} \u4eba\u3044\u307e\u3059\u3002 Alfresco \u306e\u55b6\u696d\u62c5\u5f53\u306b\u9023\u7d61\u3057\u3066\u3001\u8ffd\u52a0\u306e\u30e6\u30fc\u30b6\u30fc\u30e9\u30a4\u30bb\u30f3\u30b9\u3092\u8cfc\u5165\u3057\u3066\u304f\u3060\u3055\u3044\u3002
+system.usage.warn.limit_users_reached=\u30e9\u30a4\u30bb\u30f3\u30b9\u4f7f\u7528\u8a31\u8afe\u5951\u7d04\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u6700\u5927\u30e6\u30fc\u30b6\u30fc\u6570 ({0} \u4eba) \u306b\u9054\u3057\u307e\u3057\u305f\u3002  \u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u304c  {1} \u4eba\u3044\u307e\u3059\u3002 Alfresco \u306e\u55b6\u696d\u62c5\u5f53\u306b\u9023\u7d61\u3057\u3066\u3001\u8ffd\u52a0\u306e\u30e6\u30fc\u30b6\u30fc\u30e9\u30a4\u30bb\u30f3\u30b9\u3092\u8cfc\u5165\u3057\u3066\u304f\u3060\u3055\u3044\u3002
+system.usage.warn.limit_documents_approached=\u3082\u3046\u5c11\u3057\u3067\u3001\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u6700\u5927\u30b3\u30f3\u30c6\u30f3\u30c4\u6570 ({0} \u500b) \u306b\u9054\u3057\u307e\u3059\u3002  \u30b7\u30b9\u30c6\u30e0\u306b {1} \u500b\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u3042\u308a\u307e\u3059\u3002 
+system.usage.warn.limit_documents_reached=\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u6700\u5927\u30b3\u30f3\u30c6\u30f3\u30c4\u6570 ({0}) \u306b\u9054\u3057\u307e\u3057\u305f\u3002  \u30b7\u30b9\u30c6\u30e0\u306b {1} \u500b\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u3042\u308a\u307e\u3059\u3002
+system.usage.err.limit_users_exceeded=\u30e9\u30a4\u30bb\u30f3\u30b9\u4f7f\u7528\u8a31\u8afe\u5951\u7d04\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u6700\u5927\u30e6\u30fc\u30b6\u30fc\u6570 ({0} \u4eba) \u3092\u8d85\u3048\u3066\u3044\u307e\u3059\u3002  \u73fe\u5728\u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u304c  {1} \u4eba\u3044\u307e\u3059\u3002 Alfresco \u306e\u55b6\u696d\u62c5\u5f53\u306b\u9023\u7d61\u3057\u3066\u3001\u8ffd\u52a0\u306e\u30e6\u30fc\u30b6\u30fc\u30e9\u30a4\u30bb\u30f3\u30b9\u3092\u8cfc\u5165\u3057\u3066\u304f\u3060\u3055\u3044\u3002
+system.usage.err.limit_users_exceeded_verbose=\u30e9\u30a4\u30bb\u30f3\u30b9\u4f7f\u7528\u8a31\u8afe\u5951\u7d04\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u6700\u5927\u30e6\u30fc\u30b6\u30fc\u6570 ({0} \u4eba) \u3092\u8d85\u3048\u3066\u3044\u307e\u3059\u3002 \u8ffd\u52a0\u3055\u308c\u305f\u30e6\u30fc\u30b6\u30fc\u6570: {1}\u3002 Alfresco \u306e\u55b6\u696d\u62c5\u5f53\u306b\u9023\u7d61\u3057\u3066\u3001\u8ffd\u52a0\u306e\u30e6\u30fc\u30b6\u30fc\u30e9\u30a4\u30bb\u30f3\u30b9\u3092\u8cfc\u5165\u3057\u3066\u304f\u3060\u3055\u3044\u3002
+system.usage.warn.limit_users_overage=\u30e9\u30a4\u30bb\u30f3\u30b9\u4f7f\u7528\u8a31\u8afe\u5951\u7d04\u3067\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u6700\u5927\u30e6\u30fc\u30b6\u30fc\u6570 ({0} \u4eba) \u306b\u9054\u3057\u307e\u3057\u305f\u3002 \u30b7\u30b9\u30c6\u30e0\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u304c {1} \u4eba\u3044\u307e\u3059\u304c\u3001\u4e00\u6642\u7684\u306b\u8a31\u53ef\u3055\u308c\u3066\u3044\u308b\u306e\u306f {2} \u4eba\u307e\u3067\u3067\u3059\u3002 Alfresco \u306e\u55b6\u696d\u62c5\u5f53\u306b\u9023\u7d61\u3057\u3066\u3001\u8ffd\u52a0\u306e\u30e6\u30fc\u30b6\u30fc\u30e9\u30a4\u30bb\u30f3\u30b9\u3092\u8cfc\u5165\u3057\u3066\u304f\u3060\u3055\u3044\u3002
 
 system.usage.err.limit_documents_exceeded=\u8a31\u53ef\u3055\u308c\u308b\u9650\u754c\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u6570{0}\u3092\u8d85\u3048\u307e\u3057\u305f\u3002  \u73fe\u5728\u30b7\u30b9\u30c6\u30e0\u306b {1} \u500b\u306e\u30b3\u30f3\u30c6\u30f3\u30c4\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u304c\u3042\u308a\u307e\u3059\u3002
 system.usage.err.limit_license_expiring=Alfresco \u306e\u30e9\u30a4\u30bb\u30f3\u30b9\u304c\u3042\u3068 {0} \u65e5\u3067\u671f\u9650\u5207\u308c\u306b\u306a\u308a\u307e\u3059\u3002
diff --git a/config/alfresco/messages/system-messages_nb.properties b/config/alfresco/messages/system-messages_nb.properties
index cb2e61ab1f..983f6f69c2 100755
--- a/config/alfresco/messages/system-messages_nb.properties
+++ b/config/alfresco/messages/system-messages_nb.properties
@@ -79,13 +79,14 @@ system.usage.err.no_txn_readwrite=RepoUsageComponent must be called in a read-wr
 
 # START TRANSLATION
 system.usage.warn.limit_users_approached=Den tillatte brukergrensen {0} if\u00f8lge din lisensavtale, n\u00e6rmer seg. Det er {1} brukere p\u00e5 systemet. Kontakt salgsrepresentanten hos Alfresco for \u00e5 kj\u00f8pe flere brukerlisenser.
-system.usage.warn.limit_users_reached=Den tillatte brukergrensen {0} if\u00f8lge din lisensavtale, er n\u00e5dd. Det er {1} brukere p\u00e5 systemet. Kontakt salgsrepresentanten hos Alfresco for \u00e5 kj\u00f8pe flere brukerlisenser.
-system.usage.warn.limit_documents_approached=Du n\u00e6rmer deg den tillatte innholdsgrensen p\u00e5 {0} innholdsobjekter. Det er {1} innholdsobjekter p\u00e5 systemet. 
+system.usage.warn.limit_users_reached=Den tillatte brukergrensen {0} if\u00f8lge din lisensavtale, er n\u00e5dd.  Det er {1} brukere p\u00e5 systemet. Kontakt salgsrepresentanten hos Alfresco for \u00e5 kj\u00f8pe flere brukerlisenser.
+system.usage.warn.limit_documents_approached=Du n\u00e6rmer deg den tillatte innholdsgrensen p\u00e5 {0} innholdsobjekter.  Det er {1} innholdsobjekter p\u00e5 systemet. 
 system.usage.warn.limit_documents_reached=Du har n\u00e5dd den tillatte innholdsgrensen p\u00e5 {0} innholdsobjekter. Det er {1} innholdsobjekter p\u00e5 systemet.
 system.usage.err.limit_users_exceeded=Den tillatte brukergrensen {0} if\u00f8lge din lisensavtale, er overskredet. Det er for \u00f8yeblikket {1} brukere p\u00e5 systemet. Kontakt salgsrepresentanten hos Alfresco for \u00e5 kj\u00f8pe flere brukerlisenser.
 system.usage.err.limit_users_exceeded_verbose=Den tillatte brukergrensen {0} if\u00f8lge din lisensavtale, er overskredet. Brukere lagt til: {1}. Kontakt salgsrepresentanten hos Alfresco for \u00e5 kj\u00f8pe flere brukerlisenser.
+system.usage.warn.limit_users_overage=Den tillatte brukergrensen {0} if\u00f8lge din lisensavtale, er n\u00e5dd. Det finnes {1} brukere i systemet, det tillates {2} midlertidig. Kontakt salgsrepresentanten hos Alfresco for \u00e5 kj\u00f8pe flere brukerlisenser.
 
-system.usage.err.limit_documents_exceeded=Den tillatte innholdsgrensen for {0} er overskredet.  Det er for \u00f8yeblikket {1} innholdsobjekter p\u00e5 systemet.
+system.usage.err.limit_documents_exceeded=Den tillatte innholdsgrensen for {0} er overskredet. Det er for \u00f8yeblikket {1} innholdsobjekter p\u00e5 systemet.
 system.usage.err.limit_license_expiring=Alfresco-lisensen utl\u00f8per om {0} dager.
 system.usage.err.limit_license_expired=Alresco-lisensen er utl\u00f8pt.
 
diff --git a/config/alfresco/messages/system-messages_nl.properties b/config/alfresco/messages/system-messages_nl.properties
index 4f6995dd87..105df8e827 100755
--- a/config/alfresco/messages/system-messages_nl.properties
+++ b/config/alfresco/messages/system-messages_nl.properties
@@ -84,6 +84,7 @@ system.usage.warn.limit_documents_approached=De toegestane contentlimiet van {0}
 system.usage.warn.limit_documents_reached=De toegestane contentlimiet van {0} is bereikt.  Er zijn {1} contentobjecten in het systeem.
 system.usage.err.limit_users_exceeded=De toegestane gebruikerslimiet van {0} conform uw licentieovereenkomst is overschreden.  Er zijn momenteel {1} gebruikers in het systeem. Neem contact op met uw Alfresco-verkoper om extra gebruikerslicenties aan te schaffen.
 system.usage.err.limit_users_exceeded_verbose=De toegestane gebruikerslimiet van {0} conform uw licentieovereenkomst is overschreden. Toegevoegde gebruikers: {1}. Neem contact op met uw Alfresco-verkoper om extra gebruikerslicenties aan te schaffen.
+system.usage.warn.limit_users_overage=De toegestane gebruikerslimiet van {0} voor uw licentieovereenkomst is bereikt. Er zijn {1} gebruikers in het systeem, er zijn er {2} tijdelijk toegestaan. Neem contact op met uw Alfresco-verkoper om extra gebruikerslicenties aan te schaffen.
 
 system.usage.err.limit_documents_exceeded=De toegestane contentlimiet van {0} is overschreden. Er zijn momenteel {1} contentobjecten aanwezig in het systeem.
 system.usage.err.limit_license_expiring=De Alfresco-licentie verloopt over {0} dagen.
diff --git a/config/alfresco/messages/system-messages_pt_BR.properties b/config/alfresco/messages/system-messages_pt_BR.properties
index 791a2d70b7..562f7a113c 100644
--- a/config/alfresco/messages/system-messages_pt_BR.properties
+++ b/config/alfresco/messages/system-messages_pt_BR.properties
@@ -78,12 +78,13 @@ system.usage.err.no_txn=RepoUsageComponent must be called in a transaction.
 system.usage.err.no_txn_readwrite=RepoUsageComponent must be called in a read-write transaction.
 
 # START TRANSLATION
-system.usage.warn.limit_users_approached=O limite permitido de usu\u00e1rio {0} para a sua licen\u00e7a est\u00e1 pr\u00f3ximo. H\u00e1 {1} usu\u00e1rios no sistema. Entre em contato com seu representante de vendas Alfresco para adquirir licen\u00e7as de usu\u00e1rio adicionais.
-system.usage.warn.limit_users_reached=O limite permitido de usu\u00e1rio {0} para a sua licen\u00e7a foi atingido. H\u00e1 {1} usu\u00e1rios no sistema. Entre em contato com seu representante de vendas Alfresco para adquirir licen\u00e7as de usu\u00e1rio adicionais.
-system.usage.warn.limit_documents_approached=O limite de conte\u00fado permitido de {0} est\u00e1 pr\u00f3ximo de ser atingido. H\u00e1 {1} objetos de conte\u00fado no sistema. 
-system.usage.warn.limit_documents_reached=O limite de conte\u00fado permitido de {0} foi atingido. H\u00e1 {1} objetos de conte\u00fado no sistema.
-system.usage.err.limit_users_exceeded=O limite permitido de usu\u00e1rio {0} para a sua licen\u00e7a foi excedido. Atualmente h\u00e1 {1} usu\u00e1rios no sistema. Entre em contato com seu representante de vendas Alfresco para adquirir licen\u00e7as de usu\u00e1rio adicionais.
+system.usage.warn.limit_users_approached=O limite permitido de usu\u00e1rio {0} para a sua licen\u00e7a est\u00e1 pr\u00f3ximo.  H\u00e1 {1} usu\u00e1rios no sistema. Entre em contato com seu representante de vendas Alfresco para adquirir licen\u00e7as de usu\u00e1rio adicionais.
+system.usage.warn.limit_users_reached=O limite permitido de usu\u00e1rio {0} para a sua licen\u00e7a foi atingido.  H\u00e1 {1} usu\u00e1rios no sistema. Entre em contato com seu representante de vendas Alfresco para adquirir licen\u00e7as de usu\u00e1rio adicionais.
+system.usage.warn.limit_documents_approached=O limite de conte\u00fado permitido de {0} est\u00e1 pr\u00f3ximo de ser atingido.  H\u00e1 {1} objetos de conte\u00fado no sistema. 
+system.usage.warn.limit_documents_reached=O limite de conte\u00fado permitido de {0} foi atingido.  H\u00e1 {1} objetos de conte\u00fado no sistema.
+system.usage.err.limit_users_exceeded=O limite permitido de usu\u00e1rio {0} para a sua licen\u00e7a foi excedido.  Atualmente h\u00e1 {1} usu\u00e1rios no sistema. Entre em contato com seu representante de vendas Alfresco para adquirir licen\u00e7as de usu\u00e1rio adicionais.
 system.usage.err.limit_users_exceeded_verbose=O limite permitido de usu\u00e1rio {0} para a sua licen\u00e7a foi excedido. Usu\u00e1rios adicionados: {1}. Entre em contato com seu representante de vendas Alfresco para adquirir licen\u00e7as de usu\u00e1rio adicionais.
+system.usage.warn.limit_users_overage=O limite permitido de usu\u00e1rio de {0} para a sua licen\u00e7a foi atingido. Existem {1} usu\u00e1rios no sistema, {2} s\u00e3o permitidos. Entre em contato com seu representante de vendas Alfresco para adquirir licen\u00e7as de usu\u00e1rio adicionais.
 
 system.usage.err.limit_documents_exceeded=O limite de conte\u00fado permitido de {0} foi ultrapassado. Atualmente h\u00e1 {1} objetos de conte\u00fado no sistema.
 system.usage.err.limit_license_expiring=A licen\u00e7a do Alfresco ir\u00e1 expirar em {0} dias.
diff --git a/config/alfresco/messages/system-messages_ru.properties b/config/alfresco/messages/system-messages_ru.properties
index ed06a5d865..f7ba13e07c 100755
--- a/config/alfresco/messages/system-messages_ru.properties
+++ b/config/alfresco/messages/system-messages_ru.properties
@@ -84,6 +84,7 @@ system.usage.warn.limit_documents_approached=\u0414\u043e\u043f\u0443\u0441\u044
 system.usage.warn.limit_documents_reached=\u0414\u043e\u0441\u0442\u0438\u0433\u043d\u0443\u0442 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u0439 \u043f\u0440\u0435\u0434\u0435\u043b \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 {0}.  \u0412 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430: {1}.
 system.usage.err.limit_users_exceeded=\u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 {0}, \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0435 \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u043e\u043d\u043d\u044b\u043c \u0441\u043e\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435\u043c, \u043f\u0440\u0435\u0432\u044b\u0448\u0435\u043d\u043e.  \u0421\u0435\u0439\u0447\u0430\u0441 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439: {1}. \u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435\u0441\u044c \u043a \u0441\u0432\u043e\u0435\u043c\u0443 \u0442\u043e\u0440\u0433\u043e\u0432\u043e\u043c\u0443 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u044e Alfresco \u0434\u043b\u044f \u043f\u0440\u0438\u043e\u0431\u0440\u0435\u0442\u0435\u043d\u0438\u044f \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u0439 \u043d\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.
 system.usage.err.limit_users_exceeded_verbose=\u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 {0}, \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0435 \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u043e\u043d\u043d\u044b\u043c \u0441\u043e\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435\u043c, \u043f\u0440\u0435\u0432\u044b\u0448\u0435\u043d\u043e. \u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438: {1} \u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435\u0441\u044c \u043a \u0441\u0432\u043e\u0435\u043c\u0443 \u0442\u043e\u0440\u0433\u043e\u0432\u043e\u043c\u0443 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u044e Alfresco \u0434\u043b\u044f \u043f\u0440\u0438\u043e\u0431\u0440\u0435\u0442\u0435\u043d\u0438\u044f \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u0439 \u043d\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.
+system.usage.warn.limit_users_overage=\u0414\u043e\u0441\u0442\u0438\u0433\u043d\u0443\u0442\u043e \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 ({0}), \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0435 \u0432 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u0438 \u0441 \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u043e\u043d\u043d\u044b\u043c \u0441\u043e\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u0435\u043c. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435: {1}; \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439: {2}. \u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435\u0441\u044c \u043a \u0441\u0432\u043e\u0435\u043c\u0443 \u0442\u043e\u0440\u0433\u043e\u0432\u043e\u043c\u0443 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u0435\u043b\u044e Alfresco \u0434\u043b\u044f \u043f\u0440\u0438\u043e\u0431\u0440\u0435\u0442\u0435\u043d\u0438\u044f \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u0439 \u043d\u0430 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.
 
 system.usage.err.limit_documents_exceeded=\u041f\u0440\u0435\u0432\u044b\u0448\u0435\u043d \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u0439 \u043f\u0440\u0435\u0434\u0435\u043b \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 {0}.  \u0421\u0435\u0439\u0447\u0430\u0441 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430: {1}.
 system.usage.err.limit_license_expiring=\u0427\u0438\u0441\u043b\u043e \u0434\u043d\u0435\u0439 \u0434\u043e \u0438\u0441\u0442\u0435\u0447\u0435\u043d\u0438\u044f \u0441\u0440\u043e\u043a\u0430 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u043b\u0438\u0446\u0435\u043d\u0437\u0438\u0438 Alfresco: {0}.
diff --git a/config/alfresco/messages/system-messages_zh_CN.properties b/config/alfresco/messages/system-messages_zh_CN.properties
index b925bd9b48..94f1e00e46 100755
--- a/config/alfresco/messages/system-messages_zh_CN.properties
+++ b/config/alfresco/messages/system-messages_zh_CN.properties
@@ -80,10 +80,11 @@ system.usage.err.no_txn_readwrite=RepoUsageComponent must be called in a read-wr
 # START TRANSLATION
 system.usage.warn.limit_users_approached=\u5373\u5c06\u8fbe\u5230\u8bb8\u53ef\u8bc1\u534f\u8bae\u5141\u8bb8\u7684\u7528\u6237\u9650\u989d {0}\u3002  \u7cfb\u7edf\u4e2d\u6709 {1} \u4f4d\u7528\u6237\u3002 \u8bf7\u8054\u7cfb\u60a8\u7684 Alfresco \u9500\u552e\u4ee3\u8868\u4ee5\u8d2d\u4e70\u989d\u5916\u7684\u7528\u6237\u8bb8\u53ef\u8bc1\u3002
 system.usage.warn.limit_users_reached=\u5df2\u7ecf\u8fbe\u5230\u8bb8\u53ef\u8bc1\u534f\u8bae\u5141\u8bb8\u7684\u7528\u6237\u9650\u989d {0}\u3002  \u7cfb\u7edf\u4e2d\u6709 {1} \u4f4d\u7528\u6237\u3002 \u8bf7\u8054\u7cfb\u60a8\u7684 Alfresco \u9500\u552e\u4ee3\u8868\u4ee5\u8d2d\u4e70\u989d\u5916\u7684\u7528\u6237\u8bb8\u53ef\u8bc1\u3002
-system.usage.warn.limit_documents_approached=\u5373\u5c06\u8fbe\u5230\u5141\u8bb8\u7684\u5185\u5bb9\u9650\u989d {0}\u3002  \u7cfb\u7edf\u4e2d\u6709 {1} \u4e2a\u5185\u5bb9\u5bf9\u8c61\u3002
+system.usage.warn.limit_documents_approached=\u5373\u5c06\u8fbe\u5230\u5141\u8bb8\u7684\u5185\u5bb9\u9650\u989d {0}\u3002  \u7cfb\u7edf\u4e2d\u6709 {1} \u4e2a\u5185\u5bb9\u5bf9\u8c61\u3002 
 system.usage.warn.limit_documents_reached=\u5df2\u7ecf\u8fbe\u5230\u5141\u8bb8\u7684\u5185\u5bb9\u9650\u989d {0}\u3002  \u7cfb\u7edf\u4e2d\u6709 {1} \u4e2a\u5185\u5bb9\u5bf9\u8c61\u3002
 system.usage.err.limit_users_exceeded=\u5df2\u7ecf\u8d85\u8fc7\u8bb8\u53ef\u8bc1\u534f\u8bae\u5141\u8bb8\u7684\u7528\u6237\u9650\u989d {0}\u3002  \u7cfb\u7edf\u4e2d\u76ee\u524d\u6709 {1} \u4f4d\u7528\u6237\u3002 \u8bf7\u8054\u7cfb\u60a8\u7684 Alfresco \u9500\u552e\u4ee3\u8868\u4ee5\u8d2d\u4e70\u989d\u5916\u7684\u7528\u6237\u8bb8\u53ef\u8bc1\u3002
 system.usage.err.limit_users_exceeded_verbose=\u5df2\u7ecf\u8d85\u8fc7\u8bb8\u53ef\u8bc1\u534f\u8bae\u5141\u8bb8\u7684\u7528\u6237\u9650\u989d {0}\u3002 \u6dfb\u52a0\u7684\u7528\u6237\u6570\uff1a {1} \u8bf7\u8054\u7cfb\u60a8\u7684 Alfresco \u9500\u552e\u4ee3\u8868\u4ee5\u8d2d\u4e70\u989d\u5916\u7684\u7528\u6237\u8bb8\u53ef\u8bc1\u3002
+system.usage.warn.limit_users_overage=\u5df2\u7ecf\u8fbe\u5230\u8bb8\u53ef\u8bc1\u534f\u8bae\u5141\u8bb8\u7684\u7528\u6237\u9650\u989d {0}\u3002 \u7cfb\u7edf\u4e2d\u6709 {1} \u4f4d\u7528\u6237\uff0c\u6682\u65f6\u5141\u8bb8\u7684\u7528\u6237\u6570\u4e3a {2}\u3002 \u8bf7\u8054\u7cfb\u60a8\u7684 Alfresco \u9500\u552e\u4ee3\u8868\u4ee5\u8d2d\u4e70\u989d\u5916\u7684\u7528\u6237\u8bb8\u53ef\u8bc1\u3002
 
 system.usage.err.limit_documents_exceeded=\u5df2\u7ecf\u8d85\u8fc7\u5141\u8bb8\u7684\u5185\u5bb9\u9650\u989d {0}\u3002  \u7cfb\u7edf\u4e2d\u76ee\u524d\u6709 {1} \u4e2a\u5185\u5bb9\u5bf9\u8c61\u3002
 system.usage.err.limit_license_expiring=Alfresco \u8bb8\u53ef\u8bc1\u5c06\u5728 {0} \u5929\u540e\u5230\u671f\u3002
diff --git a/config/alfresco/minimal-context.xml b/config/alfresco/minimal-context.xml
index 8c9e619da8..0736acd42c 100644
--- a/config/alfresco/minimal-context.xml
+++ b/config/alfresco/minimal-context.xml
@@ -26,7 +26,7 @@
          Import all modules and related components.
     -->
     <import resource="classpath*:alfresco/module-context.xml" />
-
+	
     <!--
          Import of the minimal extensions and bean overrides.
     -->
diff --git a/config/alfresco/model/systemModel.xml b/config/alfresco/model/systemModel.xml
index 0877ec34ae..96b9241172 100644
--- a/config/alfresco/model/systemModel.xml
+++ b/config/alfresco/model/systemModel.xml
@@ -77,6 +77,10 @@
                <type>d:content</type>
                <multiple>false</multiple>
             </property>               
+            <property name="sys:keyStore">
+               <type>d:content</type>
+               <multiple>false</multiple>
+            </property>    			
          </properties>
       </type>      
 
diff --git a/config/alfresco/patch/patch-services-context.xml b/config/alfresco/patch/patch-services-context.xml
index 9c84fe072c..c8b2490d44 100644
--- a/config/alfresco/patch/patch-services-context.xml
+++ b/config/alfresco/patch/patch-services-context.xml
@@ -1227,6 +1227,17 @@
              </bean>
         </property>
     </bean>
+
+    <bean id="patch.db-V4.1-AuthorizationTables" class="org.alfresco.repo.admin.patch.impl.SchemaUpgradeScriptPatch" parent="basePatch">
+        <property name="id"><value>patch.db-V4.1-AuthorizationTables</value></property>
+        <property name="description"><value>patch.schemaUpgradeScript.description</value></property>
+        <property name="fixesFromSchema"><value>0</value></property>
+        <property name="fixesToSchema"><value>9010</value></property>
+        <property name="targetSchema"><value>9011</value></property>
+        <property name="scriptUrl">
+            <value>classpath:alfresco/dbscripts/create/${db.script.dialect}/AlfrescoCreate-AuthorizationTables.sql</value>
+        </property>
+    </bean>
     
     <bean id="patch.addInviteAddDirectEmailTemplates" class="org.alfresco.repo.admin.patch.impl.GenericBootstrapPatch" parent="basePatch" >
         <property name="id"><value>patch.addInviteAddDirectEmailTemplates</value></property>
diff --git a/config/alfresco/version.properties b/config/alfresco/version.properties
index 54f06ac80f..90b9014584 100644
--- a/config/alfresco/version.properties
+++ b/config/alfresco/version.properties
@@ -23,4 +23,4 @@ version.build=r@scm-revision@-b@build-number@
 
 # Schema number
 
-version.schema=9010
+version.schema=9011
diff --git a/source/java/org/alfresco/filesys/auth/ftp/AlfrescoFtpAuthenticator.java b/source/java/org/alfresco/filesys/auth/ftp/AlfrescoFtpAuthenticator.java
index aa33999603..6f848d3159 100644
--- a/source/java/org/alfresco/filesys/auth/ftp/AlfrescoFtpAuthenticator.java
+++ b/source/java/org/alfresco/filesys/auth/ftp/AlfrescoFtpAuthenticator.java
@@ -1,24 +1,25 @@
 /*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
+ * Copyright (C) 2005-2010 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
  * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
  */
 package org.alfresco.filesys.auth.ftp;
 
 import javax.transaction.Status;
+import javax.transaction.SystemException;
 import javax.transaction.UserTransaction;
 
 import org.alfresco.filesys.alfresco.AlfrescoClientInfo;
@@ -117,6 +118,17 @@ public class AlfrescoFtpAuthenticator extends FTPAuthenticatorBase {
     {
       if ( logger.isDebugEnabled())
         logger.debug( ex);
+        try
+        {
+            tx.setRollbackOnly();
+        }
+        catch (SystemException e)
+        {
+            if (logger.isDebugEnabled())
+            {
+                logger.debug(e);
+            }
+        }
     }
     finally
     {
diff --git a/source/java/org/alfresco/filesys/auth/nfs/AlfrescoRpcAuthenticator.java b/source/java/org/alfresco/filesys/auth/nfs/AlfrescoRpcAuthenticator.java
index 1e5901a487..f7e3517b96 100644
--- a/source/java/org/alfresco/filesys/auth/nfs/AlfrescoRpcAuthenticator.java
+++ b/source/java/org/alfresco/filesys/auth/nfs/AlfrescoRpcAuthenticator.java
@@ -372,6 +372,7 @@ public class AlfrescoRpcAuthenticator implements RpcAuthenticator, InitializingB
       {
         if ( logger.isErrorEnabled())
           logger.error( "Error in RPC authenticator setting current user", ex);
+          throw ex;
       }
     }
     
diff --git a/source/java/org/alfresco/repo/jscript/People.java b/source/java/org/alfresco/repo/jscript/People.java
index 8f8b2503ba..c1f667da9a 100644
--- a/source/java/org/alfresco/repo/jscript/People.java
+++ b/source/java/org/alfresco/repo/jscript/People.java
@@ -95,7 +95,7 @@ public class People extends BaseScopableProcessorExtension implements Initializi
     private int defaultListMaxResults = 5000;
     private boolean honorHintUseCQ = true;
     
-    private static final String HINT_CQ_SUFFIX = " [hint:useCQ]";
+    protected static final String HINT_CQ_SUFFIX = " [hint:useCQ]";
     
     public void afterPropertiesSet() throws Exception
     {
@@ -165,11 +165,11 @@ public class People extends BaseScopableProcessorExtension implements Initializi
     /**
      * Set the service registry
      * 
-     * @param serviceRegistry	the service registry
+     * @param serviceRegistry   the service registry
      */
     public void setServiceRegistry(ServiceRegistry serviceRegistry)
     {
-    	this.services = serviceRegistry;
+        this.services = serviceRegistry;
     }
 
     /**
@@ -311,8 +311,8 @@ public class People extends BaseScopableProcessorExtension implements Initializi
     public ScriptNode createPerson(String userName, String firstName, String lastName, String emailAddress, 
             String password, boolean setAccountEnabled, boolean notifyByEmail)
     {
-    	ParameterCheck.mandatory("firstName", firstName);
-    	ParameterCheck.mandatory("emailAddress", emailAddress);
+        ParameterCheck.mandatory("firstName", firstName);
+        ParameterCheck.mandatory("emailAddress", emailAddress);
         
         ScriptNode person = null;
         
@@ -321,13 +321,13 @@ public class People extends BaseScopableProcessorExtension implements Initializi
         {
             for (int i=0; i < numRetries; i++)
             {
-            	userName = usernameGenerator.generateUserName(firstName, lastName, emailAddress, i);
-            	
-            	// create person if user name does not already exist
-            	if (!personService.personExists(userName))
-            	{
-            	    break;
-            	}
+                userName = usernameGenerator.generateUserName(firstName, lastName, emailAddress, i);
+                
+                // create person if user name does not already exist
+                if (!personService.personExists(userName))
+                {
+                    break;
+                }
             }
         }
         
@@ -344,19 +344,19 @@ public class People extends BaseScopableProcessorExtension implements Initializi
             
             person = createPerson(userName, firstName, lastName, emailAddress);
             
-    		if (person != null && password != null)
-    		{   			
-    			// create account for person with the userName and password
-    		    authenticationService.createAuthentication(userName, password.toCharArray());
-    		    authenticationService.setAuthenticationEnabled(userName, setAccountEnabled);
-    			
-    			person.save();
-    			
-    			if(notifyByEmail)
-    			{
-    			    personService.notifyPerson(userName, password);
-    			}
-    		}
+            if (person != null && password != null)
+            {               
+                // create account for person with the userName and password
+                authenticationService.createAuthentication(userName, password.toCharArray());
+                authenticationService.setAuthenticationEnabled(userName, setAccountEnabled);
+                
+                person.save();
+                
+                if(notifyByEmail)
+                {
+                    personService.notifyPerson(userName, password);
+                }
+            }
         }
         
         return person;
@@ -914,8 +914,8 @@ public class People extends BaseScopableProcessorExtension implements Initializi
 
                 if ("fullName".equalsIgnoreCase(sortBy))
                 {
-                    String firstName = nodeService.getProperty(nodeRef, ContentModel.PROP_FIRSTNAME).toString();
-                    String lastName = nodeService.getProperty(nodeRef, ContentModel.PROP_LASTNAME).toString();
+                    String firstName = (String)nodeService.getProperty(nodeRef, ContentModel.PROP_FIRSTNAME);
+                    String lastName = (String)nodeService.getProperty(nodeRef, ContentModel.PROP_LASTNAME);
                     String fullName = firstName;
                     if (lastName != null && lastName.length() > 0)
                     {
diff --git a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
index 27d89c71d0..416d6e7f73 100644
--- a/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2013 Alfresco Software Limited.
+ * Copyright (C) 2005-2015 Alfresco Software Limited.
  *
  * This file is part of Alfresco
  *
@@ -55,7 +55,6 @@ import org.alfresco.repo.policy.PolicyComponent;
 import org.alfresco.repo.search.SearcherException;
 import org.alfresco.repo.security.authentication.AuthenticationException;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
-import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.repo.security.permissions.PermissionServiceSPI;
 import org.alfresco.repo.tenant.TenantDomainMismatchException;
 import org.alfresco.repo.tenant.TenantService;
@@ -69,8 +68,6 @@ import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.action.Action;
 import org.alfresco.service.cmr.action.ActionService;
 import org.alfresco.service.cmr.admin.RepoAdminService;
-import org.alfresco.service.cmr.admin.RepoUsage.UsageType;
-import org.alfresco.service.cmr.admin.RepoUsageStatus;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.invitation.InvitationException;
 import org.alfresco.service.cmr.model.FileFolderService;
@@ -124,7 +121,6 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
     private static final String LEAVE = "LEAVE";
     public static final String SYSTEM_FOLDER_SHORT_QNAME = "sys:system";
     public static final String PEOPLE_FOLDER_SHORT_QNAME = "sys:people";
-    private static final String SYSTEM_USAGE_WARN_LIMIT_USERS_EXCEEDED_VERBOSE = "system.usage.err.limit_users_exceeded_verbose";
 
     private static final String KEY_POST_TXN_DUPLICATES = "PersonServiceImpl.KEY_POST_TXN_DUPLICATES";
     public static final String KEY_ALLOW_UID_UPDATE = "PersonServiceImpl.KEY_ALLOW_UID_UPDATE";
@@ -952,18 +948,6 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
             throw new IllegalArgumentException("No username specified when creating the person.");
         }
 
-        /*
-         * Check restrictions on the number of users
-         */
-        Long maxUsers = repoAdminService.getRestrictions().getUsers();
-        if (maxUsers != null)
-        {
-            // Get the set of users created in this transaction
-            Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
-            usersCreated.add(userName);
-            AlfrescoTransactionSupport.bindListener(this);
-        }
-
         AuthorityType authorityType = AuthorityType.getAuthorityType(userName);
         if (authorityType != AuthorityType.USER)
         {
@@ -1258,16 +1242,6 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
                 beforeDeleteNodeValidationBehaviour.enable();
             }
         }
-              
-        /*
-         * Kick off the transaction listener for create user.   It has the side-effect of 
-         * recalculating the number of users.
-         */
-        Long maxUsers = repoAdminService.getRestrictions().getUsers();
-        if (maxUsers != null)
-        {    
-            AlfrescoTransactionSupport.bindListener(this);
-        }
     }
     
     /**
@@ -2093,72 +2067,6 @@ public class PersonServiceImpl extends TransactionListenerAdapter implements Per
         AlfrescoTransactionSupport.bindListener(this);
     }
     
-    /**
-     * {@inheritDoc}
-     */
-    public void beforeCommit(boolean readOnly)
-    {
-        // check whether max users has been exceeded
-        RunAsWork<Long> getMaxUsersWork = new RunAsWork<Long>()
-        {
-            @Override
-            public Long doWork() throws Exception
-            {
-                return repoAdminService.getRestrictions().getUsers();
-            }
-        };
-        Long maxUsers = AuthenticationUtil.runAs(getMaxUsersWork, AuthenticationUtil.getSystemUserName());
-        if(maxUsers == null)
-        {
-            return;
-        }
-    
-        Long users = AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Long>()
-        {
-            public Long doWork() throws Exception
-            {
-                repoAdminService.updateUsage(UsageType.USAGE_USERS);
-                if(logger.isDebugEnabled())
-                {
-                    logger.debug("Number of users is " + repoAdminService.getUsage().getUsers());
-                }
-                return repoAdminService.getUsage().getUsers();
-            }
-        } , AuthenticationUtil.getSystemUserName());
-
-        // Get the set of users created in this transaction
-        Set<String> usersCreated = TransactionalResourceHelper.getSet(KEY_USERS_CREATED);
-        
-        // If we exceed the limit, generate decent message about which users were being created, etc.
-        if (users > maxUsers)
-        {
-            List<String> usersMsg = new ArrayList<String>(5);
-            int i = 0;
-            for (String userCreated : usersCreated)
-            {
-                i++;
-                if (i > 5)
-                {
-                    usersMsg.add(" ... more");
-                    break;
-                }
-                else
-                {
-                    usersMsg.add(userCreated);
-                }
-            }
-            if (logger.isDebugEnabled())
-            {
-                logger.debug("Maximum number of users exceeded: " + usersCreated);
-            }
-            throw AlfrescoRuntimeException.create(SYSTEM_USAGE_WARN_LIMIT_USERS_EXCEEDED_VERBOSE, maxUsers, usersMsg);
-        }
-        
-        // Get the usages and log any warnings
-        RepoUsageStatus usageStatus = repoAdminService.getUsageStatus();
-        usageStatus.logMessages(logger);
-    }
-    
     public int countPeople()
     {
         NodeRef peopleContainer = getPeopleContainer();
diff --git a/source/test-java/org/alfresco/repo/site/SiteServiceImplTest.java b/source/test-java/org/alfresco/repo/site/SiteServiceImplTest.java
index e5c29e20eb..5818547044 100644
--- a/source/test-java/org/alfresco/repo/site/SiteServiceImplTest.java
+++ b/source/test-java/org/alfresco/repo/site/SiteServiceImplTest.java
@@ -50,21 +50,26 @@ import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.repo.security.authority.UnknownAuthorityException;
 import org.alfresco.repo.security.person.UserNameMatcherImpl;
+import org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback;
 import org.alfresco.service.ServiceRegistry;
+import org.alfresco.service.cmr.action.ActionService;
 import org.alfresco.service.cmr.dictionary.DictionaryService;
 import org.alfresco.service.cmr.dictionary.TypeDefinition;
 import org.alfresco.service.cmr.model.FileFolderService;
 import org.alfresco.service.cmr.model.FileInfo;
+import org.alfresco.service.cmr.repository.ContentService;
 import org.alfresco.service.cmr.repository.ContentWriter;
 import org.alfresco.service.cmr.repository.CopyService;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
 import org.alfresco.service.cmr.repository.ScriptLocation;
 import org.alfresco.service.cmr.repository.ScriptService;
+import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.cmr.security.AccessPermission;
 import org.alfresco.service.cmr.security.AccessStatus;
 import org.alfresco.service.cmr.security.AuthorityService;
 import org.alfresco.service.cmr.security.AuthorityType;
+import org.alfresco.service.cmr.security.MutableAuthenticationService;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.cmr.security.PersonService;
 import org.alfresco.service.cmr.site.SiteInfo;
@@ -74,6 +79,7 @@ import org.alfresco.service.cmr.site.SiteVisibility;
 import org.alfresco.service.cmr.tagging.TaggingService;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
+import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.test_category.BaseSpringTestsCategory;
 import org.alfresco.util.ApplicationContextHelper;
 import org.alfresco.util.BaseAlfrescoSpringTest;
@@ -93,6 +99,8 @@ import static org.mockito.Mockito.when;
 @Category(BaseSpringTestsCategory.class)
 public class SiteServiceImplTest extends BaseAlfrescoSpringTest 
 {
+    public static final StoreRef SITE_STORE = new StoreRef("workspace://SpacesStore");
+    
     private static final String TEST_SITE_PRESET = "testSitePreset";
     private static final String TEST_SITE_PRESET_2 = "testSitePreset2";
     private static final String TEST_TITLE = "TitleTest This is my title";
@@ -109,6 +117,8 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
     private static final String GROUP_ONE_DISPLAY = "DisplayOfGrpOne-SiteServiceImplTest";
     private static final String GROUP_TWO_DISPLAY = "DisplayOfGrpTwo-SiteServiceImplTest";
     
+    private static boolean IS_FIRST_SETUP = true;
+    
     private CopyService copyService;
     private ScriptService scriptService;
     private NodeService nodeService;
@@ -141,50 +151,90 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
     @SuppressWarnings("deprecation")
     protected void onSetUpInTransaction() throws Exception
     {
-        super.onSetUpInTransaction();
-        
-        // Get the required services
-        this.copyService = (CopyService)this.applicationContext.getBean("CopyService");
-        this.scriptService = (ScriptService)this.applicationContext.getBean("ScriptService");
-        this.nodeService = (NodeService)this.applicationContext.getBean("NodeService");
-        this.authenticationComponent = (AuthenticationComponent)this.applicationContext.getBean("authenticationComponent");
-        this.taggingService = (TaggingService)this.applicationContext.getBean("TaggingService");
-        this.personService = (PersonService)this.applicationContext.getBean("PersonService");
-        this.authorityService = (AuthorityService)this.applicationContext.getBean("AuthorityService");
-        this.fileFolderService = (FileFolderService)this.applicationContext.getBean("FileFolderService");
-        this.nodeArchiveService = (NodeArchiveService)this.applicationContext.getBean("nodeArchiveService");
-        this.permissionService = (PermissionService)this.applicationContext.getBean("PermissionService");
-        this.dictionaryService = (DictionaryService)this.applicationContext.getBean("DictionaryService");
-        this.namespaceService = (NamespaceService)this.applicationContext.getBean("namespaceService");
-        this.siteService = (SiteService)this.applicationContext.getBean("SiteService"); // Big 'S'
-        this.siteServiceImpl = (SiteServiceImpl) applicationContext.getBean("siteService"); // Small 's'
-        this.sysAdminParams = (SysAdminParams)this.applicationContext.getBean("sysAdminParams");
-        this.userNameMatcherImpl = (UserNameMatcherImpl)this.applicationContext.getBean("userNameMatcher");
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
+        {
 
-        // Create the test users
-        createUser(USER_ONE, "UserOne");
-        createUser(USER_TWO, "UserTwo");
-        createUser(USER_THREE, "UsRthree");
-        createUser(USER_FOUR, "UsRFoUr");
-     
-        // Create the test groups
-        this.groupOne = this.authorityService.createAuthority(AuthorityType.GROUP, GROUP_ONE, GROUP_ONE_DISPLAY, null);
-        this.authorityService.addAuthority(this.groupOne, USER_TWO);
-        
-        this.groupTwo = this.authorityService.createAuthority(AuthorityType.GROUP, GROUP_TWO, GROUP_TWO_DISPLAY, null);
-        this.authorityService.addAuthority(this.groupTwo, USER_TWO);
-        this.authorityService.addAuthority(this.groupTwo, USER_THREE);
-        
-        this.groupThree = this.authorityService.createAuthority(AuthorityType.GROUP, GROUP_THREE);
-        this.authorityService.addAuthority(this.groupThree, USER_TWO);
-        this.authorityService.addAuthority(this.groupThree, USER_THREE);
-        
-        this.groupFour = this.authorityService.createAuthority(AuthorityType.GROUP, GROUP_FOUR);
-        this.authorityService.addAuthority(this.groupThree, this.groupFour);
-        this.authorityService.addAuthority(this.groupFour, USER_FOUR);
+            @Override
+            public Object execute() throws Throwable
+            {
+                // from super.onSetUpInTransaction();
 
-        // Set the current authentication
-        this.authenticationComponent.setCurrentUser(USER_ONE);
+                // Get a reference to the node service
+                nodeService = (NodeService) applicationContext.getBean("nodeService");
+                contentService = (ContentService) applicationContext.getBean("contentService");
+                authenticationService = (MutableAuthenticationService) applicationContext.getBean("authenticationService");
+                actionService = (ActionService) applicationContext.getBean("actionService");
+                transactionService = (TransactionService) applicationContext.getBean("transactionComponent");
+
+                // Authenticate as the system user
+                authenticationComponent = (AuthenticationComponent) applicationContext.getBean("authenticationComponent");
+                authenticationComponent.setSystemUserAsCurrentUser();
+
+                // Create the store and get the root node
+                storeRef = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "Test_" + System.currentTimeMillis());
+                rootNodeRef = nodeService.getRootNode(storeRef);
+
+                // Get the required services
+                copyService = (CopyService) applicationContext.getBean("CopyService");
+                scriptService = (ScriptService) applicationContext.getBean("ScriptService");
+                nodeService = (NodeService) applicationContext.getBean("NodeService");
+                authenticationComponent = (AuthenticationComponent) applicationContext.getBean("authenticationComponent");
+                taggingService = (TaggingService) applicationContext.getBean("TaggingService");
+                personService = (PersonService) applicationContext.getBean("PersonService");
+                authorityService = (AuthorityService) applicationContext.getBean("AuthorityService");
+                fileFolderService = (FileFolderService) applicationContext.getBean("FileFolderService");
+                nodeArchiveService = (NodeArchiveService) applicationContext.getBean("nodeArchiveService");
+                permissionService = (PermissionService) applicationContext.getBean("PermissionService");
+                dictionaryService = (DictionaryService) applicationContext.getBean("DictionaryService");
+                namespaceService = (NamespaceService) applicationContext.getBean("namespaceService");
+                siteService = (SiteService) applicationContext.getBean("SiteService"); // Big 'S'
+                siteServiceImpl = (SiteServiceImpl) applicationContext.getBean("siteService"); // Small 's'
+                sysAdminParams = (SysAdminParams) applicationContext.getBean("sysAdminParams");
+                userNameMatcherImpl = (UserNameMatcherImpl) applicationContext.getBean("userNameMatcher");
+
+                if (IS_FIRST_SETUP)
+                {
+                    // Create the test users
+                    createUser(USER_ONE, "UserOne");
+                    createUser(USER_TWO, "UserTwo");
+                    createUser(USER_THREE, "UsRthree");
+                    createUser(USER_FOUR, "UsRFoUr");
+
+                    // Create the test groups
+                    groupOne = authorityService.createAuthority(AuthorityType.GROUP, GROUP_ONE, GROUP_ONE_DISPLAY, null);
+                    authorityService.addAuthority(groupOne, USER_TWO);
+
+                    groupTwo = authorityService.createAuthority(AuthorityType.GROUP, GROUP_TWO, GROUP_TWO_DISPLAY, null);
+                    authorityService.addAuthority(groupTwo, USER_TWO);
+                    authorityService.addAuthority(groupTwo, USER_THREE);
+
+                    groupThree = authorityService.createAuthority(AuthorityType.GROUP, GROUP_THREE);
+                    authorityService.addAuthority(groupThree, USER_TWO);
+                    authorityService.addAuthority(groupThree, USER_THREE);
+
+                    groupFour = authorityService.createAuthority(AuthorityType.GROUP, GROUP_FOUR);
+                    authorityService.addAuthority(groupThree, groupFour);
+                    authorityService.addAuthority(groupFour, USER_FOUR);
+                    
+                    IS_FIRST_SETUP = false;
+                }
+                else
+                {
+                    groupOne = authorityService.getName(AuthorityType.GROUP, GROUP_ONE);
+                    groupTwo = authorityService.getName(AuthorityType.GROUP, GROUP_TWO);
+                    groupThree = authorityService.getName(AuthorityType.GROUP, GROUP_THREE);
+                    groupFour = authorityService.getName(AuthorityType.GROUP, GROUP_FOUR);
+                }
+                // Set the current authentication
+                authenticationComponent.setCurrentUser(USER_ONE);
+
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService = (TransactionService)this.applicationContext.getBean("transactionComponent");
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
     }
     
     @Override
@@ -281,18 +331,36 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
     
     public void testHasSite() throws Exception
     {
-        this.authenticationComponent.setCurrentUser(USER_ONE);
-        // Create a Public site
-        createSite("publicsite1", "doclib", SiteVisibility.PUBLIC);
-        // Create a Private site
-        createSite("privatesite1", "doclib", SiteVisibility.PRIVATE);
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
+        {
+
+            @Override
+            public Object execute() throws Throwable
+            {
+                authenticationComponent.setCurrentUser(USER_ONE);
+                // Create a Public site
+                createSite("publicsite1", "doclib", SiteVisibility.PUBLIC);
+                // Create a Private site
+                createSite("privatesite1", "doclib", SiteVisibility.PRIVATE);
+
+                // ensure USER_TWO has correct visibility - can "get" public site but not a private one, can "has" exist check both
+                authenticationComponent.setCurrentUser(USER_TWO);
+                assertTrue(siteService.getSite("publicsite1") != null);
+                assertTrue(siteService.getSite("privatesite1") == null); // should not be visible to get()
+                assertTrue(siteService.hasSite("publicsite1"));
+                assertTrue(siteService.hasSite("privatesite1")); // should be visible to has() exist check
+
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.deleteSite("publicsite1");
+                siteService.deleteSite("privatesite1");
+                
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
 
-        // ensure USER_TWO has correct visibility - can "get" public site but not a private one, can "has" exist check both
-        this.authenticationComponent.setCurrentUser(USER_TWO);
-        assertTrue(this.siteService.getSite("publicsite1") != null);
-        assertTrue(this.siteService.getSite("privatesite1") == null);  // should not be visible to get()
-        assertTrue(this.siteService.hasSite("publicsite1"));
-        assertTrue(this.siteService.hasSite("privatesite1"));   // should be visible to has() exist check
     }
     
     /**
@@ -302,21 +370,38 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
      */
     public void testETHREEOH_2133() throws Exception
     {
-        // Test for duplicate site error with a private site
-        
-        this.siteService.createSite(TEST_SITE_PRESET, "wibble", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        
-        authenticationComponent.setCurrentUser(USER_THREE);
-        
-        try
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
         {
-            this.siteService.createSite(TEST_SITE_PRESET, "wibble", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-            fail("Shouldn't allow duplicate site short names.");
-        }
-        catch (AlfrescoRuntimeException exception)
-        {
-            // Expected
-        }
+
+            @Override
+            public Object execute() throws Throwable
+            {
+                // Test for duplicate site error with a private site
+
+                siteService.createSite(TEST_SITE_PRESET, "wibble", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+
+                authenticationComponent.setCurrentUser(USER_THREE);
+
+                try
+                {
+                    siteService.createSite(TEST_SITE_PRESET, "wibble", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+                    fail("Shouldn't allow duplicate site short names.");
+                }
+                catch (AlfrescoRuntimeException exception)
+                {
+                    // Expected
+                }
+
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.deleteSite("wibble");
+                
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
+
     }
 
     /**
@@ -421,36 +506,56 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
      */
     public void testETHREEOH_15() throws Exception
     {
-        SiteInfo siteInfo = this.siteService.createSite(TEST_SITE_PRESET, "mySiteTest", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
-        checkSiteInfo(siteInfo, TEST_SITE_PRESET, "mySiteTest", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
-        
-        authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
-        this.siteService.setMembership(siteInfo.getShortName(), USER_TWO, SiteModel.SITE_MANAGER);
-        
-        authenticationComponent.setCurrentUser(USER_TWO);
-        this.siteService.setMembership(siteInfo.getShortName(), USER_THREE, SiteModel.SITE_CONTRIBUTOR);
-        this.siteService.removeMembership(siteInfo.getShortName(), USER_THREE);
-        
-        authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
-        this.siteService.removeMembership(siteInfo.getShortName(), USER_TWO);
-        
-        authenticationComponent.setSystemUserAsCurrentUser();
-        this.siteService.setMembership(siteInfo.getShortName(), USER_THREE, SiteModel.SITE_CONTRIBUTOR);
-        
-        authenticationComponent.setCurrentUser(USER_THREE);
-        try
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
         {
-            this.siteService.setMembership(siteInfo.getShortName(), USER_TWO, SiteModel.SITE_CONTRIBUTOR);
-            fail("Shouldn't be able to do this cos you don't have permissions");
-        }
-        catch (Exception exception) {}
-        try
-        {
-            this.siteService.removeMembership(siteInfo.getShortName(), USER_ONE);
-            fail("Shouldn't be able to do this cos you don't have permissions");
-        }
-        catch (Exception exception) {}        
-        this.siteService.removeMembership(siteInfo.getShortName(), USER_THREE);
+
+            @Override
+            public Object execute() throws Throwable
+            {
+                SiteInfo siteInfo = siteService.createSite(TEST_SITE_PRESET, "mySiteTest", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
+                checkSiteInfo(siteInfo, TEST_SITE_PRESET, "mySiteTest", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
+
+                authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
+                siteService.setMembership(siteInfo.getShortName(), USER_TWO, SiteModel.SITE_MANAGER);
+
+                authenticationComponent.setCurrentUser(USER_TWO);
+                siteService.setMembership(siteInfo.getShortName(), USER_THREE, SiteModel.SITE_CONTRIBUTOR);
+                siteService.removeMembership(siteInfo.getShortName(), USER_THREE);
+
+                authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
+                siteService.removeMembership(siteInfo.getShortName(), USER_TWO);
+
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.setMembership(siteInfo.getShortName(), USER_THREE, SiteModel.SITE_CONTRIBUTOR);
+
+                authenticationComponent.setCurrentUser(USER_THREE);
+                try
+                {
+                    siteService.setMembership(siteInfo.getShortName(), USER_TWO, SiteModel.SITE_CONTRIBUTOR);
+                    fail("Shouldn't be able to do this cos you don't have permissions");
+                }
+                catch (Exception exception)
+                {
+                }
+                try
+                {
+                    siteService.removeMembership(siteInfo.getShortName(), USER_ONE);
+                    fail("Shouldn't be able to do this cos you don't have permissions");
+                }
+                catch (Exception exception)
+                {
+                }
+                siteService.removeMembership(siteInfo.getShortName(), USER_THREE);
+
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.deleteSite("mySiteTest");
+
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
     }
     
     private void checkSiteInfo(SiteInfo siteInfo, 
@@ -714,34 +819,47 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
     
     public void testMNT_13710() throws Exception
     {
-        String siteName = "test" + System.currentTimeMillis();
-        
-        List<String> roleList = new ArrayList<String>();
-        roleList.add("test_customrole");
-        roleList.add("testCustomrole");
-        
-        try
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
         {
-            authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
-        
-            SiteInfo siteInfo = this.siteService.createSite(siteName, siteName, siteName, siteName, SiteVisibility.PUBLIC);
 
-            for(String role : roleList)
+            @Override
+            public Object execute() throws Throwable
             {
-                this.siteService.setMembership(siteInfo.getShortName(), USER_ONE, role);
-                
-                List<String> list = this.siteServiceImpl.getMembersRoles(siteName, USER_ONE);
-                
-                assertTrue(list.contains(role));
+                String siteName = "test" + System.currentTimeMillis();
+
+                List<String> roleList = new ArrayList<String>();
+                roleList.add("test_customrole");
+                roleList.add("testCustomrole");
+
+                try
+                {
+                    authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
+
+                    SiteInfo siteInfo = siteService.createSite(siteName, siteName, siteName, siteName, SiteVisibility.PUBLIC);
+
+                    for (String role : roleList)
+                    {
+                        siteService.setMembership(siteInfo.getShortName(), USER_ONE, role);
+
+                        List<String> list = siteServiceImpl.getMembersRoles(siteName, USER_ONE);
+
+                        assertTrue(list.contains(role));
+                    }
+                }
+                finally
+                {
+                    if (siteService.getSite(siteName) != null)
+                    {
+                        siteService.deleteSite(siteName);
+                    }
+                }
+
+                return null;
             }
-        }
-        finally
-        {
-            if (siteService.getSite(siteName) != null)
-            {
-                siteService.deleteSite(siteName);
-            }
-        }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
     }
     
     /**
@@ -1108,96 +1226,119 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
     
     public void testIsPublic()
     {
-        List<SiteInfo> sites = this.siteService.listSites(null, null);
-        assertNotNull("initial sites list was null.", sites);
-        final int preexistingSiteCount = sites.size();
-       
-        // Create a couple of sites as user one
-        this.siteService.createSite(TEST_SITE_PRESET, "isPublicTrue", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
-        this.siteService.createSite(TEST_SITE_PRESET, "isPublicFalse", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        
-        // Get the sites as user one
-        sites = this.siteService.listSites(null, null);
-        assertNotNull(sites);
-        assertEquals(preexistingSiteCount + 2, sites.size());
-        
-        // Now get the sites as user two
-        this.authenticationComponent.setCurrentUser(USER_TWO);
-        sites = this.siteService.listSites(null, null);
-        assertNotNull(sites);
-        assertEquals(preexistingSiteCount + 1, sites.size());
-        SiteInfo userTwoSite = siteService.getSite("isPublicTrue");
-        checkSiteInfo(userTwoSite, TEST_SITE_PRESET, "isPublicTrue", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
-        
-        // Make user 2 a member of the site
-        //TestWithUserUtils.authenticateUser(USER_ONE, "PWD", this.authenticationService, this.authenticationComponent);
-        this.authenticationComponent.setCurrentUser(USER_ONE);
-        this.siteService.setMembership("isPublicFalse", USER_TWO, SiteModel.SITE_CONSUMER);
-        
-        // Now get the sites as user two
-        this.authenticationComponent.setCurrentUser(USER_TWO);
-        sites = this.siteService.listSites(null, null);
-        assertNotNull(sites);
-        assertEquals(preexistingSiteCount + 2, sites.size());
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
+        {
+
+            @Override
+            public Object execute() throws Throwable
+            {
+                List<SiteInfo> sites = siteService.listSites(null, null);
+                assertNotNull("initial sites list was null.", sites);
+                final int preexistingSiteCount = sites.size();
+
+                // Create a couple of sites as user one
+                siteService.createSite(TEST_SITE_PRESET, "isPublicTrue", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
+                siteService.createSite(TEST_SITE_PRESET, "isPublicFalse", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+
+                // Get the sites as user one
+                sites = siteService.listSites(null, null);
+                assertNotNull(sites);
+                assertEquals(preexistingSiteCount + 2, sites.size());
+
+                // Now get the sites as user two
+                authenticationComponent.setCurrentUser(USER_TWO);
+                sites = siteService.listSites(null, null);
+                assertNotNull(sites);
+                assertEquals(preexistingSiteCount + 1, sites.size());
+                SiteInfo userTwoSite = siteService.getSite("isPublicTrue");
+                checkSiteInfo(userTwoSite, TEST_SITE_PRESET, "isPublicTrue", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
+
+                // Make user 2 a member of the site
+                // TestWithUserUtils.authenticateUser(USER_ONE, "PWD", this.authenticationService, this.authenticationComponent);
+                authenticationComponent.setCurrentUser(USER_ONE);
+                siteService.setMembership("isPublicFalse", USER_TWO, SiteModel.SITE_CONSUMER);
+
+                // Now get the sites as user two
+                authenticationComponent.setCurrentUser(USER_TWO);
+                sites = siteService.listSites(null, null);
+                assertNotNull(sites);
+                assertEquals(preexistingSiteCount + 2, sites.size());
+
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.deleteSite("isPublicTrue");
+                siteService.deleteSite("isPublicFalse");
+
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
     }
     
     public void testMembership()
     {
-        // Create a site as user one
-        this.siteService.createSite(TEST_SITE_PRESET, "testMembership", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        
-        // Get the members of the site and check that user one is a manager
-        Map<String, String> members = this.siteService.listMembers("testMembership", null, null, 0);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-     
-        // Add user two as a consumer and user three as a collaborator
-        this.siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_CONSUMER);
-        this.siteService.setMembership("testMembership", USER_THREE, SiteModel.SITE_COLLABORATOR);
-        
-        // Get the members of the site
-        members = this.siteService.listMembers("testMembership", null, null, 0);
-        assertNotNull(members);
-        assertEquals(3, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        assertTrue(members.containsKey(USER_TWO));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
-        assertTrue(members.containsKey(USER_THREE));
-        assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
-        
-        // Get only the site managers
-        members = this.siteService.listMembers("testMembership", null, SiteModel.SITE_MANAGER, 0);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        
-        // Get only user two
-        members = this.siteService.listMembers("testMembership", USER_TWO, null, 0);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        assertTrue(members.containsKey(USER_TWO));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
-        
-        // Change the membership of user two
-        this.siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_COLLABORATOR);
-        
-        // Check the members of the site
-        members = this.siteService.listMembers("testMembership", null, null, 0);
-        assertNotNull(members);
-        assertEquals(3, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        assertTrue(members.containsKey(USER_TWO));
-        assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_TWO));
-        assertTrue(members.containsKey(USER_THREE));
-        assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
+        {
+
+            @Override
+            public Object execute() throws Throwable
+            {
+                // Create a site as user one
+                siteService.createSite(TEST_SITE_PRESET, "testMembership", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+
+                // Get the members of the site and check that user one is a manager
+                Map<String, String> members = siteService.listMembers("testMembership", null, null, 0);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+
+                // Add user two as a consumer and user three as a collaborator
+                siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_CONSUMER);
+                siteService.setMembership("testMembership", USER_THREE, SiteModel.SITE_COLLABORATOR);
+
+                // Get the members of the site
+                members = siteService.listMembers("testMembership", null, null, 0);
+                assertNotNull(members);
+                assertEquals(3, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                assertTrue(members.containsKey(USER_TWO));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
+                assertTrue(members.containsKey(USER_THREE));
+                assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
+
+                // Get only the site managers
+                members = siteService.listMembers("testMembership", null, SiteModel.SITE_MANAGER, 0);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+
+                // Get only user two
+                members = siteService.listMembers("testMembership", USER_TWO, null, 0);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+                assertTrue(members.containsKey(USER_TWO));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
+
+                // Change the membership of user two
+                siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_COLLABORATOR);
+
+                // Check the members of the site
+                members = siteService.listMembers("testMembership", null, null, 0);
+                assertNotNull(members);
+                assertEquals(3, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                assertTrue(members.containsKey(USER_TWO));
+                assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_TWO));
+                assertTrue(members.containsKey(USER_THREE));
+                assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
 
         //Check other listMember calls
-        this.siteService.listMembers("testMembership", null, null, false, new SiteService.SiteMembersCallback(){
+        siteService.listMembers("testMembership", null, null, false, new SiteService.SiteMembersCallback(){
 
             List<String> USERS = Arrays.asList(USER_ONE, USER_TWO, USER_THREE);
             int userCount = 0;
@@ -1217,92 +1358,102 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
         });
 
 
-        
-        // Remove user two's membership
-        this.siteService.removeMembership("testMembership", USER_TWO);
-        
-        // Check the members of the site
-        members = this.siteService.listMembers("testMembership", null, null, 0);
-        assertNotNull(members);
-        assertEquals(2, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        assertTrue(members.containsKey(USER_THREE));
-        assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
-        
-        // Ensure that size limiting works correctly
-        members = this.siteService.listMembers("testMembership", null, null, 1);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        
-        members = this.siteService.listMembers("testMembership", null, null, 2);
-        assertNotNull(members);
-        assertEquals(2, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        assertTrue(members.containsKey(USER_THREE));
-        assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
-        
-        // Check that a non-manager and non-member cannot edit the memberships
-        this.authenticationComponent.setCurrentUser(USER_TWO);
-        try
-        {
-            this.siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_COLLABORATOR);
-            fail("A non member shouldnt be able to set memberships");
-        }
-        catch (AlfrescoRuntimeException e)
-        {
-            // As expected
-        }
-        try
-        {
-            this.siteService.removeMembership("testMembership", USER_THREE);
-            fail("A non member shouldnt be able to remove a membership");
-        }
-        catch (AlfrescoRuntimeException e)
-        {
-            // As expected            
-        }
-        this.authenticationComponent.setCurrentUser(USER_THREE);
-        try
-        {
-            this.siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_COLLABORATOR);
-            fail("A member who isn't a manager shouldnt be able to set memberships");
-        }
-        catch (AlfrescoRuntimeException e)
-        {
-            // As expected
-        }
-        this.siteService.removeMembership("testMembership", USER_THREE);
-        
-        this.authenticationComponent.setCurrentUser(USER_ONE);        
-        // Try and change the permissions of the only site manager
-        this.siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_MANAGER);
-        this.siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_COLLABORATOR);
-        try
-        {
-            this.siteService.setMembership("testMembership", USER_ONE, SiteModel.SITE_COLLABORATOR);
-            fail("You can not change the role of the last site memnager");
-        }
-        catch (AlfrescoRuntimeException exception)
-        {
-            // Expected
-            //exception.printStackTrace();
-        }
-        
-        // Try and remove the only site manager and should get a failure
-        this.siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_MANAGER);
-        this.siteService.removeMembership("testMembership", USER_ONE);
-        try
-        {
-            this.siteService.removeMembership("testMembership", USER_TWO);
-            fail("You can not remove the last site memnager from a site");
-        }
-        catch (AlfrescoRuntimeException exception)
-        {
-            // Expected
-            //exception.printStackTrace();
-        }
+
+                // Remove user two's membership
+                siteService.removeMembership("testMembership", USER_TWO);
+
+                // Check the members of the site
+                members = siteService.listMembers("testMembership", null, null, 0);
+                assertNotNull(members);
+                assertEquals(2, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                assertTrue(members.containsKey(USER_THREE));
+                assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
+
+                // Ensure that size limiting works correctly
+                members = siteService.listMembers("testMembership", null, null, 1);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+
+                members = siteService.listMembers("testMembership", null, null, 2);
+                assertNotNull(members);
+                assertEquals(2, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                assertTrue(members.containsKey(USER_THREE));
+                assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
+
+                // Check that a non-manager and non-member cannot edit the memberships
+                authenticationComponent.setCurrentUser(USER_TWO);
+                try
+                {
+                    siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_COLLABORATOR);
+                    fail("A non member shouldnt be able to set memberships");
+                }
+                catch (AlfrescoRuntimeException e)
+                {
+                    // As expected
+                }
+                try
+                {
+                    siteService.removeMembership("testMembership", USER_THREE);
+                    fail("A non member shouldnt be able to remove a membership");
+                }
+                catch (AlfrescoRuntimeException e)
+                {
+                    // As expected
+                }
+                authenticationComponent.setCurrentUser(USER_THREE);
+                try
+                {
+                    siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_COLLABORATOR);
+                    fail("A member who isn't a manager shouldnt be able to set memberships");
+                }
+                catch (AlfrescoRuntimeException e)
+                {
+                    // As expected
+                }
+                siteService.removeMembership("testMembership", USER_THREE);
+
+                authenticationComponent.setCurrentUser(USER_ONE);
+                // Try and change the permissions of the only site manager
+                siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_MANAGER);
+                siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_COLLABORATOR);
+                try
+                {
+                    siteService.setMembership("testMembership", USER_ONE, SiteModel.SITE_COLLABORATOR);
+                    fail("You can not change the role of the last site memnager");
+                }
+                catch (AlfrescoRuntimeException exception)
+                {
+                    // Expected
+                    // exception.printStackTrace();
+                }
+
+                // Try and remove the only site manager and should get a failure
+                siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_MANAGER);
+                siteService.removeMembership("testMembership", USER_ONE);
+                try
+                {
+                    siteService.removeMembership("testMembership", USER_TWO);
+                    fail("You can not remove the last site memnager from a site");
+                }
+                catch (AlfrescoRuntimeException exception)
+                {
+                    // Expected
+                    // exception.printStackTrace();
+                }
+
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.deleteSite("testMembership");
+
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
     }
 
     public void testDefaults()
@@ -1315,114 +1466,148 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
 
     public void testListSiteMemberships()
     {
-        String siteName1 = "testMembership1";
-        String siteName2 = "testMembership2";
-        String siteName3 = "testMembership3";
-        // Create a site as user one
-        this.siteService.createSite(TEST_SITE_PRESET, siteName1, TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        
-        // Get the members of the site and check that user one is a manager
-        List<SiteMembership> members = this.siteService.listSiteMemberships(USER_ONE, 0);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        assertEquals(USER_ONE, members.get(0).getPersonId());
-        assertEquals(SiteModel.SITE_MANAGER, members.get(0).getRole());
-        
-        PagingResults<SiteMembership> siteM = this.siteService.listSitesPaged(USER_ONE, null, new PagingRequest(1000));
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
+        {
+
+            @Override
+            public Object execute() throws Throwable
+            {
+                String siteName1 = "testMembership1";
+                String siteName2 = "testMembership2";
+                String siteName3 = "testMembership3";
+                // Create a site as user one
+                siteService.createSite(TEST_SITE_PRESET, siteName1, TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+
+                // Get the members of the site and check that user one is a manager
+                List<SiteMembership> members = siteService.listSiteMemberships(USER_ONE, 0);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+                assertEquals(USER_ONE, members.get(0).getPersonId());
+                assertEquals(SiteModel.SITE_MANAGER, members.get(0).getRole());
+     
+        PagingResults<SiteMembership> siteM = siteService.listSitesPaged(USER_ONE, null, new PagingRequest(1000));
         assertNotNull(siteM);
         assertFalse(siteM.hasMoreItems());
 
-        // Create a site as user two and add user one
-        this.authenticationComponent.setCurrentUser(USER_TWO);
-        this.siteService.createSite(TEST_SITE_PRESET, siteName2, TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        this.siteService.setMembership("testMembership2", USER_ONE, SiteModel.SITE_CONSUMER);
-        
-        // Create a site as user three and add user one
-        this.authenticationComponent.setCurrentUser(USER_THREE);
-        this.siteService.createSite(TEST_SITE_PRESET, siteName3, TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        this.siteService.setMembership("testMembership3", USER_ONE, SiteModel.SITE_COLLABORATOR);
-        
-        this.authenticationComponent.setCurrentUser(USER_ONE);
-        members = this.siteService.listSiteMemberships(USER_ONE, 0);
-        assertNotNull(members);
-        assertEquals(3, members.size());
-        assertEquals(USER_ONE, members.get(0).getPersonId());
-        assertEquals(SiteModel.SITE_MANAGER, members.get(0).getRole());
-        assertEquals(siteName1, members.get(0).getSiteInfo().getShortName());
-        assertEquals(USER_ONE, members.get(1).getPersonId());
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(1).getRole());
-        assertEquals(siteName2, members.get(1).getSiteInfo().getShortName());
-        assertEquals(USER_ONE, members.get(2).getPersonId());
-        assertEquals(SiteModel.SITE_COLLABORATOR, members.get(2).getRole());
-        assertEquals(siteName3, members.get(2).getSiteInfo().getShortName());
+                // Create a site as user two and add user one
+                authenticationComponent.setCurrentUser(USER_TWO);
+                siteService.createSite(TEST_SITE_PRESET, siteName2, TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+                siteService.setMembership("testMembership2", USER_ONE, SiteModel.SITE_CONSUMER);
+
+                // Create a site as user three and add user one
+                authenticationComponent.setCurrentUser(USER_THREE);
+                siteService.createSite(TEST_SITE_PRESET, siteName3, TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+                siteService.setMembership("testMembership3", USER_ONE, SiteModel.SITE_COLLABORATOR);
+
+                authenticationComponent.setCurrentUser(USER_ONE);
+                members = siteService.listSiteMemberships(USER_ONE, 0);
+                assertNotNull(members);
+                assertEquals(3, members.size());
+                assertEquals(USER_ONE, members.get(0).getPersonId());
+                assertEquals(SiteModel.SITE_MANAGER, members.get(0).getRole());
+                assertEquals(siteName1, members.get(0).getSiteInfo().getShortName());
+                assertEquals(USER_ONE, members.get(1).getPersonId());
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(1).getRole());
+                assertEquals(siteName2, members.get(1).getSiteInfo().getShortName());
+                assertEquals(USER_ONE, members.get(2).getPersonId());
+                assertEquals(SiteModel.SITE_COLLABORATOR, members.get(2).getRole());
+                assertEquals(siteName3, members.get(2).getSiteInfo().getShortName());
+
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.deleteSite(siteName1);
+                siteService.deleteSite(siteName2);
+                siteService.deleteSite(siteName3);
+
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
     }
     
     public void testJoinLeave()
     {
-        // Create a site as user one
-        this.siteService.createSite(TEST_SITE_PRESET, "testMembership", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
-        this.siteService.createSite(TEST_SITE_PRESET, "testMembershipPrivate", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        
-        // Become user two
-        //TestWithUserUtils.authenticateUser(USER_TWO, "PWD", this.authenticationService, this.authenticationComponent);
-        this.authenticationComponent.setCurrentUser(USER_TWO);
-        
-        // As user two try and add self as contributor
-        try
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
         {
-            this.siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_COLLABORATOR);
-            fail("This should have failed because you don't have permissions");
-        }
-        catch (AlfrescoRuntimeException exception)
-        {
-            // Ignore because as expected
-        }
-        
-        // As user two try and add self as consumer to public site
-        this.siteService.setMembership("testMembership", USER_TWO, SiteModel.SITE_CONSUMER);
-        
-        // As user two try and add self as consumer to private site
-        try
-        {
-            this.siteService.setMembership("testMembershipPrivate", USER_TWO, SiteModel.SITE_CONSUMER);
-            fail("This should have failed because you can't do this to a private site unless you are site manager");
-        }
-        catch (AlfrescoRuntimeException exception)
-        {
-            // Ignore because as expected
-        }
-        
-        // As user two try and add user three as a consumer to a public site
-        try
-        {
-            this.siteService.setMembership("testMembership", USER_THREE, SiteModel.SITE_CONSUMER);
-            fail("This should have failed because you can't add another user as a consumer of a public site");
-        }
-        catch (AlfrescoRuntimeException exception)
-        {
-            // Ignore because as expected
-        }
-        
-        
-        // add some members use in remove tests
-        this.authenticationComponent.setCurrentUser(USER_ONE);
-        this.siteService.setMembership("testMembership", USER_THREE, SiteModel.SITE_COLLABORATOR);
-        this.siteService.setMembership("testMembershipPrivate", USER_TWO, SiteModel.SITE_CONSUMER);
-        this.authenticationComponent.setCurrentUser(USER_TWO);
-        
-        // Try and remove user threes membership from public site
-        try
-        {
-            this.siteService.removeMembership("testMembership", USER_THREE);
-            fail("Cannot remove membership");
-        }
-        catch (Exception exception)
-        {
-            // Ignore because as expected
-        }
-        
-        // Try and remove own membership
-        this.siteService.removeMembership("testMembership", USER_TWO);
+
+            @Override
+            public Object execute() throws Throwable
+            {
+                // Create a site as user one
+                siteService.createSite(TEST_SITE_PRESET, "testMembershipPublic", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
+                siteService.createSite(TEST_SITE_PRESET, "testMembershipPrivate", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+
+                // Become user two
+                // TestWithUserUtils.authenticateUser(USER_TWO, "PWD", this.authenticationService, this.authenticationComponent);
+                authenticationComponent.setCurrentUser(USER_TWO);
+
+                // As user two try and add self as contributor
+                try
+                {
+                    siteService.setMembership("testMembershipPublic", USER_TWO, SiteModel.SITE_COLLABORATOR);
+                    fail("This should have failed because you don't have permissions");
+                }
+                catch (AlfrescoRuntimeException exception)
+                {
+                    // Ignore because as expected
+                }
+
+                // As user two try and add self as consumer to public site
+                siteService.setMembership("testMembershipPublic", USER_TWO, SiteModel.SITE_CONSUMER);
+
+                // As user two try and add self as consumer to private site
+                try
+                {
+                    siteService.setMembership("testMembershipPrivate", USER_TWO, SiteModel.SITE_CONSUMER);
+                    fail("This should have failed because you can't do this to a private site unless you are site manager");
+                }
+                catch (AlfrescoRuntimeException exception)
+                {
+                    // Ignore because as expected
+                }
+
+                // As user two try and add user three as a consumer to a public site
+                try
+                {
+                    siteService.setMembership("testMembershipPublic", USER_THREE, SiteModel.SITE_CONSUMER);
+                    fail("This should have failed because you can't add another user as a consumer of a public site");
+                }
+                catch (AlfrescoRuntimeException exception)
+                {
+                    // Ignore because as expected
+                }
+
+                // add some members use in remove tests
+                authenticationComponent.setCurrentUser(USER_ONE);
+                siteService.setMembership("testMembershipPublic", USER_THREE, SiteModel.SITE_COLLABORATOR);
+                siteService.setMembership("testMembershipPrivate", USER_TWO, SiteModel.SITE_CONSUMER);
+                authenticationComponent.setCurrentUser(USER_TWO);
+
+                // Try and remove user threes membership from public site
+                try
+                {
+                    siteService.removeMembership("testMembershipPublic", USER_THREE);
+                    fail("Cannot remove membership");
+                }
+                catch (Exception exception)
+                {
+                    // Ignore because as expected
+                }
+
+                // Try and remove own membership
+                siteService.removeMembership("testMembershipPublic", USER_TWO);
+
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.deleteSite("testMembershipPublic");
+                siteService.deleteSite("testMembershipPrivate");
+
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
     }
         
     public void testContainer()
@@ -1667,209 +1852,229 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
    
     public void testGroupMembership()
     {
-        // USER_ONE - SiteAdmin
-        // GROUP_ONE - USER_TWO
-        // GROUP_TWO - USER_TWO, USER_THREE
-        
-        // Create a site as user one
-        this.siteService.createSite(TEST_SITE_PRESET, "testMembership", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-
-        // Get the members of the site and check that user one is a manager
-        Map<String, String> members = this.siteService.listMembers("testMembership", null, null, 0);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        
-        /**
-         * Test of isMember - ONE is member, TWO and THREE are not
-         */
-        assertTrue(this.siteService.isMember("testMembership", USER_ONE));
-        assertTrue(!this.siteService.isMember("testMembership", USER_TWO));
-        assertTrue(!this.siteService.isMember("testMembership", USER_THREE));
-
-        /**
-         *  Add a group (GROUP_TWO) with role consumer
-         */
-        this.siteService.setMembership("testMembership", this.groupTwo, SiteModel.SITE_CONSUMER);        
-        //   - is the group in the list of all members?
-        members = this.siteService.listMembers("testMembership", null, null, 0);
-        
-        assertNotNull(members);
-        assertEquals(2, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        assertTrue(members.containsKey(this.groupTwo));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(this.groupTwo));
-        
-        //   - is the user in the expanded list?      
-        members = this.siteService.listMembers("testMembership", null, null, 0, true);
-        assertNotNull(members);
-        assertEquals(3, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        assertTrue(members.containsKey(USER_TWO));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
-        assertTrue(members.containsKey(USER_THREE));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_THREE));
-        
-        //   - is the user a member?
-        assertTrue(this.siteService.isMember("testMembership", USER_ONE));
-        assertTrue(this.siteService.isMember("testMembership", USER_TWO));
-        assertTrue(this.siteService.isMember("testMembership", USER_THREE));
-        
-        //   - is the group a member?
-        assertTrue(this.siteService.isMember("testMembership", this.groupTwo));
-        
-        //   - can we get the roles for the various members directly
-        assertEquals(SiteModel.SITE_MANAGER, this.siteService.getMembersRole("testMembership", USER_ONE));
-        assertEquals(SiteModel.SITE_CONSUMER, this.siteService.getMembersRole("testMembership", USER_TWO));
-        assertEquals(SiteModel.SITE_CONSUMER, this.siteService.getMembersRole("testMembership", USER_THREE));
-        assertEquals(SiteModel.SITE_CONSUMER, this.siteService.getMembersRole("testMembership", this.groupTwo));
-
-        //Uses Members role info
-        assertEquals(SiteModel.SITE_MANAGER, this.siteService.getMembersRoleInfo("testMembership", USER_ONE).getMemberRole());
-        /** 
-         * Check we can filter this list by name and role correctly 
-         */
-        
-        //   - filter by authority
-        members = this.siteService.listMembers("testMembership", null, SiteModel.SITE_MANAGER, 0, true);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        
-        members = this.siteService.listMembers("testMembership", null, SiteModel.SITE_CONSUMER, 0, true);
-        assertNotNull(members);
-        assertEquals(2, members.size());
-        assertTrue(members.containsKey(USER_TWO));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
-        assertTrue(members.containsKey(USER_THREE));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_THREE));
-        
-        //    - filter by name - person name
-        members = this.siteService.listMembers("testMembership", "UserOne*", null, 0, true);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        
-        //    - filter by name - person name as part of group
-        members = this.siteService.listMembers("testMembership", "UserTwo*", null, 0, true);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        assertTrue(members.containsKey(USER_TWO));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
-        
-        //    - filter by name - person name without group expansion
-        // (won't match as the group name doesn't contain the user's name) 
-        members = this.siteService.listMembers("testMembership", "UserTwo*", null, 0, false);
-        assertNotNull(members);
-        assertEquals(0, members.size());
-        
-        
-        //    - filter by name - group name
-        members = this.siteService.listMembers("testMembership", GROUP_TWO, null, 0, false);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        assertTrue(members.containsKey(this.groupTwo));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(this.groupTwo));
-        
-        //     - filter by name - group display name
-        members = this.siteService.listMembers("testMembership", GROUP_TWO_DISPLAY, null, 0, false);
-        assertNotNull(members);
-        assertEquals(1, members.size());
-        assertTrue(members.containsKey(this.groupTwo));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(this.groupTwo));
-
-        //     - filter by name - group name with expansion
-        // (won't match anyone as the group name won't hit people too)
-        members = this.siteService.listMembers("testMembership", GROUP_TWO, null, 0, true);
-        assertNotNull(members);
-        assertEquals(0, members.size());
-        
-        
-        /**
-         *  Add a group member (USER_THREE) as an explicit member
-         */
-        this.siteService.setMembership("testMembership", USER_THREE, SiteModel.SITE_COLLABORATOR);
-        //   - check the explicit members list
-        members = this.siteService.listMembers("testMembership", null, null, 0);
-        assertNotNull(members);
-        assertEquals(3, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        assertTrue(members.containsKey(USER_THREE));
-        assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
-        assertTrue(members.containsKey(this.groupTwo));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(this.groupTwo));        
-        //   - check the expanded members list      
-        members = this.siteService.listMembers("testMembership", null, null, 0, true);
-        assertNotNull(members);
-        assertEquals(3, members.size());
-        assertTrue(members.containsKey(USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
-        assertTrue(members.containsKey(USER_TWO));
-        assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
-        assertTrue(members.containsKey(USER_THREE));
-        assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
-        
-        //   - check is member
-        assertTrue(this.siteService.isMember("testMembership", USER_ONE));
-        assertTrue(this.siteService.isMember("testMembership", USER_TWO));
-        assertTrue(this.siteService.isMember("testMembership", USER_THREE));
-        assertTrue(!this.siteService.isMember("testMembership", USER_FOUR));
-        
-        //   - is the group a member?
-        assertTrue(this.siteService.isMember("testMembership", this.groupTwo));
-        //   - check get role directly
-        assertEquals(SiteModel.SITE_MANAGER, this.siteService.getMembersRole("testMembership", USER_ONE));
-        assertEquals(SiteModel.SITE_CONSUMER, this.siteService.getMembersRole("testMembership", USER_TWO));
-        assertEquals(SiteModel.SITE_COLLABORATOR, this.siteService.getMembersRole("testMembership", USER_THREE));
-        assertEquals(SiteModel.SITE_CONSUMER, this.siteService.getMembersRole("testMembership", this.groupTwo));
-                
-        // Check permissions of added group
-        
-        // Update the permissions of the group
-        this.siteService.setMembership("testMembership", USER_THREE, SiteModel.SITE_CONTRIBUTOR);
-
-        /**
-         *  Add other group (GROUP_3) with higher (MANAGER) role
-         *
-         *  - is group in list?
-         *  - is new user a member?
-         *  - does redefined user have highest role?
-         *  USER_TWO should be Manager from group 3 having higher priority than group 2
-         *  USER_THREE should still be Contributor from explicit membership.
-         *  USER_FOUR should be Manager - from group 4 sub-group
-         */
-        this.siteService.setMembership("testMembership", this.groupThree, SiteModel.SITE_MANAGER);
-        
-        assertTrue(this.siteService.isMember("testMembership", USER_ONE));
-        assertTrue(this.siteService.isMember("testMembership", USER_TWO));
-        assertTrue(this.siteService.isMember("testMembership", USER_THREE));
-        assertTrue(this.siteService.isMember("testMembership", USER_FOUR));
-        
-        assertEquals(SiteModel.SITE_MANAGER, this.siteService.getMembersRole("testMembership", USER_ONE));
-        assertEquals(SiteModel.SITE_MANAGER, this.siteService.getMembersRole("testMembership", USER_TWO));
-        assertEquals(SiteModel.SITE_CONTRIBUTOR, this.siteService.getMembersRole("testMembership", USER_THREE));
-        assertEquals(SiteModel.SITE_MANAGER, this.siteService.getMembersRole("testMembership", this.groupThree));
-                
-        // From sub group four
-        assertEquals(SiteModel.SITE_MANAGER, this.siteService.getMembersRole("testMembership", USER_FOUR));
-
-        // Set a membership with an illegal role. See ALF-619.
-        // I'm checking that the exception type thrown is what it should be.
-        try
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
         {
-            this.siteService.setMembership("testMembership", this.groupThree, "rubbish");
-        }
-        catch (UnknownAuthorityException expected)
-        {
-            return;
-        }
-        fail("Expected exception not thrown.");
+            @Override
+            public Object execute() throws Throwable
+            {
+                // USER_ONE - SiteAdmin
+                // GROUP_ONE - USER_TWO
+                // GROUP_TWO - USER_TWO, USER_THREE
+                
+                // Create a site as user one
+                siteService.createSite(TEST_SITE_PRESET, "testGroupMembership", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+
+                // Get the members of the site and check that user one is a manager
+                Map<String, String> members = siteService.listMembers("testGroupMembership", null, null, 0);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                
+                /**
+                 * Test of isMember - ONE is member, TWO and THREE are not
+                 */
+                assertTrue(siteService.isMember("testGroupMembership", USER_ONE));
+                assertTrue(!siteService.isMember("testGroupMembership", USER_TWO));
+                assertTrue(!siteService.isMember("testGroupMembership", USER_THREE));
+
+                /**
+                 *  Add a group (GROUP_TWO) with role consumer
+                 */
+                siteService.setMembership("testGroupMembership", groupTwo, SiteModel.SITE_CONSUMER);        
+                //   - is the group in the list of all members?
+                members = siteService.listMembers("testGroupMembership", null, null, 0);
+                
+                assertNotNull(members);
+                assertEquals(2, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                assertTrue(members.containsKey(groupTwo));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(groupTwo));
+                
+                //   - is the user in the expanded list?      
+                members = siteService.listMembers("testGroupMembership", null, null, 0, true);
+                assertNotNull(members);
+                assertEquals(3, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                assertTrue(members.containsKey(USER_TWO));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
+                assertTrue(members.containsKey(USER_THREE));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_THREE));
+                
+                //   - is the user a member?
+                assertTrue(siteService.isMember("testGroupMembership", USER_ONE));
+                assertTrue(siteService.isMember("testGroupMembership", USER_TWO));
+                assertTrue(siteService.isMember("testGroupMembership", USER_THREE));
+                
+                //   - is the group a member?
+                assertTrue(siteService.isMember("testGroupMembership", groupTwo));
+                
+                //   - can we get the roles for the various members directly
+                assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole("testGroupMembership", USER_ONE));
+                assertEquals(SiteModel.SITE_CONSUMER, siteService.getMembersRole("testGroupMembership", USER_TWO));
+                assertEquals(SiteModel.SITE_CONSUMER, siteService.getMembersRole("testGroupMembership", USER_THREE));
+                assertEquals(SiteModel.SITE_CONSUMER, siteService.getMembersRole("testGroupMembership", groupTwo));
+
+                //Uses Members role info
+                assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRoleInfo("testGroupMembership", USER_ONE).getMemberRole());
+                /** 
+                 * Check we can filter this list by name and role correctly 
+                 */
+                
+                //   - filter by authority
+                members = siteService.listMembers("testGroupMembership", null, SiteModel.SITE_MANAGER, 0, true);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                
+                members = siteService.listMembers("testGroupMembership", null, SiteModel.SITE_CONSUMER, 0, true);
+                assertNotNull(members);
+                assertEquals(2, members.size());
+                assertTrue(members.containsKey(USER_TWO));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
+                assertTrue(members.containsKey(USER_THREE));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_THREE));
+                
+                //    - filter by name - person name
+                members = siteService.listMembers("testGroupMembership", "UserOne*", null, 0, true);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                
+                //    - filter by name - person name as part of group
+                members = siteService.listMembers("testGroupMembership", "UserTwo*", null, 0, true);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+                assertTrue(members.containsKey(USER_TWO));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
+                
+                //    - filter by name - person name without group expansion
+                // (won't match as the group name doesn't contain the user's name) 
+                members = siteService.listMembers("testGroupMembership", "UserTwo*", null, 0, false);
+                assertNotNull(members);
+                assertEquals(0, members.size());
+                
+                
+                //    - filter by name - group name
+                members = siteService.listMembers("testGroupMembership", GROUP_TWO, null, 0, false);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+                assertTrue(members.containsKey(groupTwo));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(groupTwo));
+                
+                //     - filter by name - group display name
+                members = siteService.listMembers("testGroupMembership", GROUP_TWO_DISPLAY, null, 0, false);
+                assertNotNull(members);
+                assertEquals(1, members.size());
+                assertTrue(members.containsKey(groupTwo));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(groupTwo));
+
+                //     - filter by name - group name with expansion
+                // (won't match anyone as the group name won't hit people too)
+                members = siteService.listMembers("testGroupMembership", GROUP_TWO, null, 0, true);
+                assertNotNull(members);
+                assertEquals(0, members.size());
+                
+                
+                /**
+                 *  Add a group member (USER_THREE) as an explicit member
+                 */
+                siteService.setMembership("testGroupMembership", USER_THREE, SiteModel.SITE_COLLABORATOR);
+                //   - check the explicit members list
+                members = siteService.listMembers("testGroupMembership", null, null, 0);
+                assertNotNull(members);
+                assertEquals(3, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                assertTrue(members.containsKey(USER_THREE));
+                assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
+                assertTrue(members.containsKey(groupTwo));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(groupTwo));        
+                //   - check the expanded members list      
+                members = siteService.listMembers("testGroupMembership", null, null, 0, true);
+                assertNotNull(members);
+                assertEquals(3, members.size());
+                assertTrue(members.containsKey(USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, members.get(USER_ONE));
+                assertTrue(members.containsKey(USER_TWO));
+                assertEquals(SiteModel.SITE_CONSUMER, members.get(USER_TWO));
+                assertTrue(members.containsKey(USER_THREE));
+                assertEquals(SiteModel.SITE_COLLABORATOR, members.get(USER_THREE));
+                
+                //   - check is member
+                assertTrue(siteService.isMember("testGroupMembership", USER_ONE));
+                assertTrue(siteService.isMember("testGroupMembership", USER_TWO));
+                assertTrue(siteService.isMember("testGroupMembership", USER_THREE));
+                assertTrue(!siteService.isMember("testGroupMembership", USER_FOUR));
+                
+                //   - is the group a member?
+                assertTrue(siteService.isMember("testGroupMembership", groupTwo));
+                //   - check get role directly
+                assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole("testGroupMembership", USER_ONE));
+                assertEquals(SiteModel.SITE_CONSUMER, siteService.getMembersRole("testGroupMembership", USER_TWO));
+                assertEquals(SiteModel.SITE_COLLABORATOR, siteService.getMembersRole("testGroupMembership", USER_THREE));
+                assertEquals(SiteModel.SITE_CONSUMER, siteService.getMembersRole("testGroupMembership", groupTwo));
+                        
+                // Check permissions of added group
+                
+                // Update the permissions of the group
+                siteService.setMembership("testGroupMembership", USER_THREE, SiteModel.SITE_CONTRIBUTOR);
+
+                /**
+                 *  Add other group (GROUP_3) with higher (MANAGER) role
+                 *
+                 *  - is group in list?
+                 *  - is new user a member?
+                 *  - does redefined user have highest role?
+                 *  USER_TWO should be Manager from group 3 having higher priority than group 2
+                 *  USER_THREE should still be Contributor from explicit membership.
+                 *  USER_FOUR should be Manager - from group 4 sub-group
+                 */
+                siteService.setMembership("testGroupMembership", groupThree, SiteModel.SITE_MANAGER);
+                
+                assertTrue(siteService.isMember("testGroupMembership", USER_ONE));
+                assertTrue(siteService.isMember("testGroupMembership", USER_TWO));
+                assertTrue(siteService.isMember("testGroupMembership", USER_THREE));
+                assertTrue(siteService.isMember("testGroupMembership", USER_FOUR));
+                
+                assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole("testGroupMembership", USER_ONE));
+                assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole("testGroupMembership", USER_TWO));
+                assertEquals(SiteModel.SITE_CONTRIBUTOR, siteService.getMembersRole("testGroupMembership", USER_THREE));
+                assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole("testGroupMembership", groupThree));
+                        
+                // From sub group four
+                assertEquals(SiteModel.SITE_MANAGER, siteService.getMembersRole("testGroupMembership", USER_FOUR));
+
+                // Set a membership with an illegal role. See ALF-619.
+                // I'm checking that the exception type thrown is what it should be.
+                boolean failed = false;
+                try
+                {
+                    siteService.setMembership("testGroupMembership", groupThree, "rubbish");
+                }
+                catch (UnknownAuthorityException expected)
+                {
+                    failed = true;
+                }
+                
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.deleteSite("testGroupMembership");
+                
+                if (!failed)
+                {
+                    fail("Expected exception not thrown.");
+                }
+                
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
     }
     
     /**
@@ -1904,63 +2109,82 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
      */
     public void testSiteVisibility()
     {
-        // Create a public site
-        SiteInfo siteInfo = createTestSiteWithContent("testSiteVisibilityPublicSite", "testComp", SiteVisibility.PUBLIC);        
-        //   - is the value on the site nodeRef correct?
-        assertEquals(SiteVisibility.PUBLIC.toString(), this.nodeService.getProperty(siteInfo.getNodeRef(), SiteModel.PROP_SITE_VISIBILITY));
-        //   - is the site info correct?
-        checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityPublicSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
-        siteInfo = this.siteService.getSite("testSiteVisibilityPublicSite");
-        checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityPublicSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
-        //   - are the permissions correct for non-members?
-        testVisibilityPermissions("Testing visibility of public site", USER_TWO, siteInfo, true, true);
-        
-        // Create a moderated site
-        siteInfo = createTestSiteWithContent("testSiteVisibilityModeratedSite", "testComp", SiteVisibility.MODERATED);
-        //  - is the value on the site nodeRef correct?
-        assertEquals(SiteVisibility.MODERATED.toString(), this.nodeService.getProperty(siteInfo.getNodeRef(), SiteModel.PROP_SITE_VISIBILITY));
-        //  - is the site info correct?
-        checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityModeratedSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.MODERATED);
-        siteInfo = this.siteService.getSite("testSiteVisibilityModeratedSite");
-        checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityModeratedSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.MODERATED);
-        //  - are the permissions correct for non-members?
-        testVisibilityPermissions("Testing visibility of moderated site", USER_TWO, siteInfo, true, false);
-        
-        // Create a private site
-        siteInfo = createTestSiteWithContent("testSiteVisibilityPrivateSite", "testComp", SiteVisibility.PRIVATE);
-        //  - is the value on the site nodeRef correct?
-        assertEquals(SiteVisibility.PRIVATE.toString(), this.nodeService.getProperty(siteInfo.getNodeRef(), SiteModel.PROP_SITE_VISIBILITY));
-        //  - is the site info correct?
-        checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityPrivateSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        siteInfo = this.siteService.getSite("testSiteVisibilityPrivateSite");
-        checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityPrivateSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        //  - are the permissions correct for non-members?
-        testVisibilityPermissions("Testing visibility of private site", USER_TWO, siteInfo, false, false);
-        
-        SiteInfo changeSite = createTestSiteWithContent("testSiteVisibilityChangeSite", "testComp", SiteVisibility.PUBLIC);        
-        // Switch from public -> moderated
-        changeSite.setVisibility(SiteVisibility.MODERATED);
-        this.siteService.updateSite(changeSite);
-        //  - check the updated sites visibility
-        siteInfo = this.siteService.getSite("testSiteVisibilityChangeSite");
-        checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityChangeSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.MODERATED);
-        testVisibilityPermissions("Testing visibility of moderated site", USER_TWO, siteInfo, true, false);
-        
-        // Switch from moderated -> private
-        changeSite.setVisibility(SiteVisibility.PRIVATE);
-        this.siteService.updateSite(changeSite);
-        //  - check the updated sites visibility
-        siteInfo = this.siteService.getSite("testSiteVisibilityChangeSite");
-        checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityChangeSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        testVisibilityPermissions("Testing visibility of moderated site", USER_TWO, siteInfo, false, false);
-        
-        // Switch from private -> public
-        changeSite.setVisibility(SiteVisibility.PUBLIC);
-        this.siteService.updateSite(changeSite);
-        //  - check the updated sites visibility
-        siteInfo = this.siteService.getSite("testSiteVisibilityChangeSite");
-        checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityChangeSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
-        testVisibilityPermissions("Testing visibility of moderated site", USER_TWO, siteInfo, true, true);
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
+        {
+
+            @Override
+            public Object execute() throws Throwable
+            {
+                // Create a public site
+                SiteInfo siteInfo = createTestSiteWithContent("testSiteVisibilityPublicSite", "testComp", SiteVisibility.PUBLIC);
+                // - is the value on the site nodeRef correct?
+                assertEquals(SiteVisibility.PUBLIC.toString(), nodeService.getProperty(siteInfo.getNodeRef(), SiteModel.PROP_SITE_VISIBILITY));
+                // - is the site info correct?
+                checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityPublicSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
+                siteInfo = siteService.getSite("testSiteVisibilityPublicSite");
+                checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityPublicSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
+                // - are the permissions correct for non-members?
+                testVisibilityPermissions("Testing visibility of public site", USER_TWO, siteInfo, true, true);
+
+                // Create a moderated site
+                siteInfo = createTestSiteWithContent("testSiteVisibilityModeratedSite", "testComp", SiteVisibility.MODERATED);
+                // - is the value on the site nodeRef correct?
+                assertEquals(SiteVisibility.MODERATED.toString(), nodeService.getProperty(siteInfo.getNodeRef(), SiteModel.PROP_SITE_VISIBILITY));
+                // - is the site info correct?
+                checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityModeratedSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.MODERATED);
+                siteInfo = siteService.getSite("testSiteVisibilityModeratedSite");
+                checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityModeratedSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.MODERATED);
+                // - are the permissions correct for non-members?
+                testVisibilityPermissions("Testing visibility of moderated site", USER_TWO, siteInfo, true, false);
+
+                // Create a private site
+                siteInfo = createTestSiteWithContent("testSiteVisibilityPrivateSite", "testComp", SiteVisibility.PRIVATE);
+                // - is the value on the site nodeRef correct?
+                assertEquals(SiteVisibility.PRIVATE.toString(), nodeService.getProperty(siteInfo.getNodeRef(), SiteModel.PROP_SITE_VISIBILITY));
+                // - is the site info correct?
+                checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityPrivateSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+                siteInfo = siteService.getSite("testSiteVisibilityPrivateSite");
+                checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityPrivateSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+                // - are the permissions correct for non-members?
+                testVisibilityPermissions("Testing visibility of private site", USER_TWO, siteInfo, false, false);
+
+                SiteInfo changeSite = createTestSiteWithContent("testSiteVisibilityChangeSite", "testComp", SiteVisibility.PUBLIC);
+                // Switch from public -> moderated
+                changeSite.setVisibility(SiteVisibility.MODERATED);
+                siteService.updateSite(changeSite);
+                // - check the updated sites visibility
+                siteInfo = siteService.getSite("testSiteVisibilityChangeSite");
+                checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityChangeSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.MODERATED);
+                testVisibilityPermissions("Testing visibility of moderated site", USER_TWO, siteInfo, true, false);
+
+                // Switch from moderated -> private
+                changeSite.setVisibility(SiteVisibility.PRIVATE);
+                siteService.updateSite(changeSite);
+                // - check the updated sites visibility
+                siteInfo = siteService.getSite("testSiteVisibilityChangeSite");
+                checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityChangeSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+                testVisibilityPermissions("Testing visibility of moderated site", USER_TWO, siteInfo, false, false);
+
+                // Switch from private -> public
+                changeSite.setVisibility(SiteVisibility.PUBLIC);
+                siteService.updateSite(changeSite);
+                // - check the updated sites visibility
+                siteInfo = siteService.getSite("testSiteVisibilityChangeSite");
+                checkSiteInfo(siteInfo, TEST_SITE_PRESET, "testSiteVisibilityChangeSite", TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PUBLIC);
+                testVisibilityPermissions("Testing visibility of moderated site", USER_TWO, siteInfo, true, true);
+
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.deleteSite("testSiteVisibilityPublicSite");
+                siteService.deleteSite("testSiteVisibilityModeratedSite");
+                siteService.deleteSite("testSiteVisibilityPrivateSite");
+                siteService.deleteSite("testSiteVisibilityChangeSite");
+                
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
     }
     
     /**
@@ -2326,26 +2550,39 @@ public class SiteServiceImplTest extends BaseAlfrescoSpringTest
      */
     public void testETHREEOH_1268()
     {
-        // USER_ONE - SiteManager
-        // GROUP_TWO - Manager
-        
-        String siteName = "testALFCOM_XXXX";
-        
-        // Create a site as user one
-        this.siteService.createSite(TEST_SITE_PRESET, siteName, TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
-        
-        SiteInfo si = this.siteService.getSite(siteName);
-        
-        assertNotNull("site info is null", si);
-        
-        authenticationComponent.setCurrentUser(USER_TWO);
-        
-        si = this.siteService.getSite(siteName);
-        
-        assertNull("site info is not null", si);
-        
-        
-        
+        RetryingTransactionCallback<Object> work = new RetryingTransactionCallback<Object>()
+        {
+
+            @Override
+            public Object execute() throws Throwable
+            {
+                // USER_ONE - SiteManager
+                // GROUP_TWO - Manager
+
+                String siteName = "testALFCOM_XXXX";
+
+                // Create a site as user one
+                siteService.createSite(TEST_SITE_PRESET, siteName, TEST_TITLE, TEST_DESCRIPTION, SiteVisibility.PRIVATE);
+
+                SiteInfo si = siteService.getSite(siteName);
+
+                assertNotNull("site info is null", si);
+
+                authenticationComponent.setCurrentUser(USER_TWO);
+
+                si = siteService.getSite(siteName);
+
+                assertNull("site info is not null", si);
+
+                authenticationComponent.setSystemUserAsCurrentUser();
+                siteService.deleteSite(siteName);
+                
+                return null;
+            }
+        };
+        endTransaction();
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
+        startNewTransaction();
     }
 
     /**
diff --git a/source/test-java/org/alfresco/repo/tenant/MultiTServiceImplTest.java b/source/test-java/org/alfresco/repo/tenant/MultiTServiceImplTest.java
index 118d713c72..7804577e00 100644
--- a/source/test-java/org/alfresco/repo/tenant/MultiTServiceImplTest.java
+++ b/source/test-java/org/alfresco/repo/tenant/MultiTServiceImplTest.java
@@ -24,12 +24,12 @@ import java.io.Serializable;
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.transaction.UserTransaction;
-
 import org.alfresco.model.ContentModel;
+import org.alfresco.repo.policy.BehaviourFilter;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
 import org.alfresco.repo.tenant.TenantUtil.TenantRunAsWork;
+import org.alfresco.repo.transaction.RetryingTransactionHelper;
 import org.alfresco.service.cmr.repository.AssociationRef;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
 import org.alfresco.service.cmr.repository.NodeRef;
@@ -42,6 +42,7 @@ import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.util.ApplicationContextHelper;
+import org.alfresco.util.GUID;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
@@ -66,41 +67,40 @@ public class MultiTServiceImplTest
     private SearchService searchService;
     private NamespaceService namespaceService;
     
-    private UserTransaction txn;
-    
     private boolean mtEnabled;
     
     // Test variables 
     private static final String DEFAULT_ADMIN_PW = "admin";
     private static final String PASS = "password";
-    private static final String DOMAIN = MultiTServiceImplTest.class.getName().toLowerCase();
-    private static final String USER1 = "USER1";
-    private static final String USER2 = "USER2";
-    private static final String USER3 = "USER3";
-    private static final String USER2_WITH_DOMAIN = USER2 + TenantService.SEPARATOR + DOMAIN;
-    private static final String STRING = "stringwithouttenant";
-    private static final String TENANT_STRING = addDomainToId(STRING, DOMAIN);
-    private static final String STRING_WITH_EXISTENT_DOMAIN = TenantService.SEPARATOR + DOMAIN + TenantService.SEPARATOR;
-    private static final String STRING_WITH_NONEXITENT_DOMAIN = TenantService.SEPARATOR + STRING + TenantService.SEPARATOR;
     private static final String PROTOCOL = "testprotocol";
     private static final String IDENTIFIER = "testidentifier";
     private static final String ID = "id";
     private static final String ROOT_PATH = "/";
     private static final StoreRef DEFAULT_STORE = StoreRef.STORE_REF_WORKSPACE_SPACESSTORE;
-    private static final StoreRef TENANT_STORE = new StoreRef(StoreRef.PROTOCOL_WORKSPACE, addDomainToId("SpacesStore", DOMAIN));
     private static final NodeRef NODE_REF = new NodeRef(PROTOCOL, IDENTIFIER, ID);
-    private static final NodeRef TENANT_NODE_REF = new NodeRef(PROTOCOL, addDomainToId(IDENTIFIER, DOMAIN), ID);
     private static final StoreRef STORE_REF = new StoreRef(PROTOCOL, IDENTIFIER);
-    private static final StoreRef TENANT_STORE_REF = new StoreRef(PROTOCOL, addDomainToId(IDENTIFIER, DOMAIN));
     private static final String NAMESPACE_URI = "testassoctypenamespace";
     private static final String LOCAL_NAME = "testassoctypelocalname";
     private static final QName QNAME = QName.createQName(NAMESPACE_URI, LOCAL_NAME);
-    private static final QName TENANT_QNAME = QName.createQName(addDomainToId(NAMESPACE_URI, DOMAIN), LOCAL_NAME);
     private static final AssociationRef assocRef = new AssociationRef(NODE_REF, QNAME, NODE_REF);
-    private static final AssociationRef tenantAssocRef = new AssociationRef(TENANT_NODE_REF, QNAME, TENANT_NODE_REF);
-    private static final ChildAssociationRef childAssocRef = new ChildAssociationRef(QNAME, NODE_REF, QNAME, NODE_REF);
-    private static final ChildAssociationRef tenantChildAssocRef = new ChildAssociationRef(QNAME, TENANT_NODE_REF, QNAME, TENANT_NODE_REF);
-    
+
+    private static String DOMAIN = null;
+    private static String USER1 = null;
+    private static String USER2 = null;
+    private static String USER3 = null;
+    private static String USER2_WITH_DOMAIN = null;
+    private static String STRING = null;
+    private static String TENANT_STRING = null;
+    private static String STRING_WITH_EXISTENT_DOMAIN = null;
+    private static String STRING_WITH_NONEXITENT_DOMAIN = null;
+    private static StoreRef TENANT_STORE = null;
+    private static NodeRef TENANT_NODE_REF = null;
+    private static StoreRef TENANT_STORE_REF = null;
+    private static QName TENANT_QNAME = null;
+    private static AssociationRef tenantAssocRef = null;
+    private static ChildAssociationRef childAssocRef = null;
+    private static ChildAssociationRef tenantChildAssocRef = null;
+
     @Before
     public void setUp() throws Exception
     {
@@ -113,19 +113,34 @@ public class MultiTServiceImplTest
         nodeService = ctx.getBean("NodeService", NodeService.class);
         searchService = ctx.getBean("SearchService", SearchService.class);
         namespaceService = ctx.getBean("NamespaceService", NamespaceService.class);
-        
+
+        DOMAIN = GUID.generate();
+        USER1 = GUID.generate();
+        USER2 = GUID.generate();
+        USER3 = GUID.generate();
+        USER2_WITH_DOMAIN = USER2 + TenantService.SEPARATOR + DOMAIN;
+        STRING = GUID.generate();
+        TENANT_STRING = addDomainToId(STRING, DOMAIN);
+        STRING_WITH_EXISTENT_DOMAIN = TenantService.SEPARATOR + DOMAIN + TenantService.SEPARATOR;
+        STRING_WITH_NONEXITENT_DOMAIN = TenantService.SEPARATOR + STRING + TenantService.SEPARATOR;
+        TENANT_STORE = new StoreRef(StoreRef.PROTOCOL_WORKSPACE, addDomainToId("SpacesStore", DOMAIN));
+        TENANT_NODE_REF = new NodeRef(PROTOCOL, addDomainToId(IDENTIFIER, DOMAIN), ID);
+        TENANT_STORE_REF = new StoreRef(PROTOCOL, addDomainToId(IDENTIFIER, DOMAIN));
+        TENANT_QNAME = QName.createQName(addDomainToId(NAMESPACE_URI, DOMAIN), LOCAL_NAME);
+        tenantAssocRef = new AssociationRef(TENANT_NODE_REF, QNAME, TENANT_NODE_REF);
+        childAssocRef = new ChildAssociationRef(QNAME, NODE_REF, QNAME, NODE_REF);
+        tenantChildAssocRef = new ChildAssociationRef(QNAME, TENANT_NODE_REF, QNAME, TENANT_NODE_REF);
+
         AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
         
         mtEnabled = AuthenticationUtil.isMtEnabled();
-        txn = transactionService.getUserTransaction();
-        txn.begin();
         AuthenticationUtil.setMtEnabled(false);
     }
     
     @After
     public void tearDown() throws Exception
     {
-        txn.rollback();
+        deleteTenant(DOMAIN);
         AuthenticationUtil.setMtEnabled(mtEnabled);
         AuthenticationUtil.clearCurrentSecurityContext();
     }
@@ -133,6 +148,13 @@ public class MultiTServiceImplTest
     @Test
     public void testIsTenantUser()
     {
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+
+
         // Create a user with a plain user name without a domain
         NodeRef userNodeRef = createUser(USER1, TenantService.DEFAULT_DOMAIN, PASS);
         assertNotNull("The user was not created.", userNodeRef);
@@ -148,11 +170,21 @@ public class MultiTServiceImplTest
         userNodeRef = createUser(USER3, DOMAIN, PASS);
         assertNotNull("The user was not created.", userNodeRef);
         assertTrue("The user is from a tenant, but was reported otherwise.", multiTServiceImpl.isTenantUser(USER3 + MultiTServiceImpl.SEPARATOR + DOMAIN));
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     @Test
     public void testGetCurrentUserDomain()
     {
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+
         // Test a tenant user
         createTenant(DOMAIN);
         NodeRef userNodeRef = createUser(USER1, DOMAIN, PASS);
@@ -185,11 +217,21 @@ public class MultiTServiceImplTest
         
         result = TenantUtil.runAsUserTenant(work, USER2, TenantService.DEFAULT_DOMAIN);
         assertEquals("The domains do not match.", TenantService.DEFAULT_DOMAIN, result);
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     @Test
     public void testGetName()
     {
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+
         NodeRef userNodeRef = createUser(USER1, TenantService.DEFAULT_DOMAIN, PASS);
         assertNotNull("The user was not created.", userNodeRef);
         TenantRunAsWork<NodeRef> work1 = new TenantRunAsWork<NodeRef>()
@@ -288,7 +330,7 @@ public class MultiTServiceImplTest
             @Override
             public QName doWork() throws Exception
             {
-                return tenantService.getName(TENANT_NODE_REF ,QNAME);
+                return tenantService.getName(TENANT_NODE_REF, QNAME);
             }
         };
         QName result7 = TenantUtil.runAsUserTenant(work7, USER2, DOMAIN);
@@ -304,11 +346,21 @@ public class MultiTServiceImplTest
         };
         String result8 = TenantUtil.runAsUserTenant(work8, USER2, DOMAIN);
         assertEquals("The String should contain domain.", TENANT_STRING, result8);
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     @Test
     public void testGetBaseName()
     {
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+
         NodeRef userNodeRef = createUser(USER1, TenantService.DEFAULT_DOMAIN, PASS);
         assertNotNull("The user was not created.", userNodeRef);
         TenantRunAsWork<NodeRef> work1 = new TenantRunAsWork<NodeRef>()
@@ -412,11 +464,21 @@ public class MultiTServiceImplTest
         };
         String result6 = TenantUtil.runAsUserTenant(work6, USER2, DOMAIN);
         assertEquals("The String should not contain domain.", STRING, result6);
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     @Test
     public void testCheckDomainUser()
     {
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+
         String nonExistentDomain = "nonExistentDomain";
         createUser(USER1, TenantService.DEFAULT_DOMAIN, PASS);
         createTenant(DOMAIN);
@@ -458,56 +520,75 @@ public class MultiTServiceImplTest
         {
             // Expected
         }
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     @Test
     public void testCheckDomain()
     {
-        createUser(USER1, TenantService.DEFAULT_DOMAIN, PASS);
-        createTenant(DOMAIN);
-        createUser(USER2, DOMAIN, PASS);
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+                createUser(USER1, TenantService.DEFAULT_DOMAIN, PASS);
+                createTenant(DOMAIN);
+                createUser(USER2, DOMAIN, PASS);
         try
         {
-            createUser(USER3, STRING, PASS);
+        createUser(USER3, STRING, PASS);
             fail("The string has a domain, but there is no such tenant");
         }
         catch (Exception e)
         {
             // Expected
         }
-        try
-        {
-            checkDomainWork(STRING_WITH_EXISTENT_DOMAIN, TenantService.DEFAULT_DOMAIN, USER1);
-            fail("The string has a domain, which should not match the default one.");
-        }
-        catch (Exception e)
-        {
-            // Expected
-        }
+                try
+                {
+                    checkDomainWork(STRING_WITH_EXISTENT_DOMAIN, TenantService.DEFAULT_DOMAIN, USER1);
+                    fail("The string has a domain, which should not match the default one.");
+                }
+                catch (Exception e)
+                {
+                    // Expected
+                }
 
-        try
-        {
-            checkDomainWork(STRING_WITH_EXISTENT_DOMAIN, DOMAIN, USER2);
-        }
-        catch (Exception e)
-        {
-            fail("The string has a tenant domain and should match the execution context tenant.");
-        }
-        
-        try
-        {
-            checkDomainWork(STRING_WITH_NONEXITENT_DOMAIN, DOMAIN, USER2);
-            fail("The string has a domain, which should not match the execution context tenant.");
-        }
-        catch (Exception e)
-        {
-            // Expected
-        }
+                try
+                {
+                    checkDomainWork(STRING_WITH_EXISTENT_DOMAIN, DOMAIN, USER2);
+                }
+                catch (Exception e)
+                {
+                    fail("The string has a tenant domain and should match the execution context tenant.");
+                }
+
+                try
+                {
+                    checkDomainWork(STRING_WITH_NONEXITENT_DOMAIN, DOMAIN, USER2);
+                    fail("The string has a domain, which should not match the execution context tenant.");
+                }
+                catch (Exception e)
+                {
+                    // Expected
+                }
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     @Test
     public void testGetRootNode()
     {
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+
         NodeRef rootNodeRefDefault = nodeService.getRootNode(DEFAULT_STORE);
         NodeRef rootNodeRef = new NodeRef(DEFAULT_STORE, IDENTIFIER);
         NodeRef nodeRef = tenantService.getRootNode(nodeService, searchService, namespaceService, ROOT_PATH, rootNodeRef);
@@ -518,6 +599,10 @@ public class MultiTServiceImplTest
         rootNodeRef = new NodeRef(TENANT_STORE, IDENTIFIER);
         nodeRef = tenantService.getRootNode(nodeService, searchService, namespaceService, ROOT_PATH, rootNodeRef);
         assertEquals("The reported rootNodeRef for the tenant domain is not correct.", rootNodeRefDefault, nodeRef);
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     /**
@@ -526,33 +611,58 @@ public class MultiTServiceImplTest
     @Test
     public void testIsTenantName()
     {
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+
         boolean result = tenantService.isTenantName(STRING);
         assertFalse("The string was reported as domain, but it is not", result);
         
         result = tenantService.isTenantName(STRING_WITH_EXISTENT_DOMAIN);
         assertTrue("The string was not reported as domain.", result);
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     @Test
     public void testGetPrimaryDomain()
     {
-        String result = tenantService.getPrimaryDomain(USER1);
-        assertNull("The primary domain should be null for a non tenant user without a tenant in name.", result);
-        
-        result = tenantService.getPrimaryDomain(USER2_WITH_DOMAIN);
-        assertNull("The primary domain should be null for a tenant user if multi tenancy is not enabled.", result);
-        
-        createTenant(DOMAIN);
-        result = tenantService.getPrimaryDomain(USER2_WITH_DOMAIN);
-        assertEquals("The primary domain should be of the USER2 is " + DOMAIN + ", but was reported as " + result, DOMAIN, result);
-        
-        result = tenantService.getPrimaryDomain(USER1);
-        assertTrue("The primary domain should be the default one (empty string) for a non tenant user without a tenant in name.", result.equals(TenantService.DEFAULT_DOMAIN));
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+                String result = tenantService.getPrimaryDomain(USER1);
+                assertNull("The primary domain should be null for a non tenant user without a tenant in name.", result);
+
+                result = tenantService.getPrimaryDomain(USER2_WITH_DOMAIN);
+                assertNull("The primary domain should be null for a tenant user if multi tenancy is not enabled.", result);
+
+                createTenant(DOMAIN);
+                result = tenantService.getPrimaryDomain(USER2_WITH_DOMAIN);
+                assertEquals("The primary domain of the USER2 should be " + DOMAIN + ", but was reported as " + result, DOMAIN, result);
+
+                result = tenantService.getPrimaryDomain(USER1);
+                assertTrue("The primary domain should be the default one (empty string) for a non tenant user without a tenant in name.", result.equals(TenantService.DEFAULT_DOMAIN));
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     @Test
     public void testGetDomain() throws Exception
     {
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+
         createUser(USER1, TenantService.DEFAULT_DOMAIN, PASS);
         String result = getDomainWork(STRING, TenantService.DEFAULT_DOMAIN, USER1, false);
         assertEquals("The domain should be reported as default.", TenantService.DEFAULT_DOMAIN, result);
@@ -584,24 +694,43 @@ public class MultiTServiceImplTest
         {
             // Expected
         }
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     @Test
     public void testGetTenant()
     {
-        Tenant tenant = tenantService.getTenant(DOMAIN);
-        assertNull("The tenant should not exist.", tenant);
-        
-        createTenant(DOMAIN);
-        tenant = tenantService.getTenant(DOMAIN);
-        assertNotNull("The tenant should exist.", tenant);
-        assertTrue("The tenant should have the correct domain.", DOMAIN.equals(tenant.getTenantDomain()));
-        assertTrue("The tenant should be enabled.", tenant.isEnabled());
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+                Tenant tenant = tenantService.getTenant(DOMAIN);
+                assertNull("The tenant should not exist.", tenant);
+
+                createTenant(DOMAIN);
+                tenant = tenantService.getTenant(DOMAIN);
+                assertNotNull("The tenant should exist.", tenant);
+                assertTrue("The tenant should have the correct domain.", DOMAIN.equals(tenant.getTenantDomain()));
+                assertTrue("The tenant should be enabled.", tenant.isEnabled());
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     @Test
     public void testGetUserDomain()
     {
+        RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+        {
+            @Override
+            public Void execute() throws Throwable
+            {
+
         String result = tenantService.getUserDomain(USER1);
         assertEquals("The user domain should be the default one for a non tenant user without a tenant in name.", TenantService.DEFAULT_DOMAIN, result);
         
@@ -614,6 +743,10 @@ public class MultiTServiceImplTest
         
         result = tenantService.getUserDomain(USER1);
         assertTrue("The user domain should be the default one (empty string) for a non tenant user without a tenant in name.", result.equals(TenantService.DEFAULT_DOMAIN));
+                return null;
+            }
+        };
+        transactionService.getRetryingTransactionHelper().doInTransaction(work);
     }
     
     /**
@@ -736,7 +869,38 @@ public class MultiTServiceImplTest
 
         return personNodeRef;
     }
-    
+
+    private void deleteTenant(final String tenantDomain)
+    {
+        AuthenticationUtil.runAs(new RunAsWork<Object>()
+        {
+            public Object doWork() throws Exception
+            {
+                RetryingTransactionHelper.RetryingTransactionCallback<Void> work = new RetryingTransactionHelper.RetryingTransactionCallback<Void>()
+                {
+                    public Void execute() throws Throwable
+                    {
+                        // delete tenant (if it exists)
+                        if (tenantAdminService.existsTenant(tenantDomain))
+                        {
+                            // TODO: WARNING: HACK for ALF-19155: MT deleteTenant does not work
+                            //       PersonService prevents 'guest' authorities from being deleted
+                            {
+                                BehaviourFilter behaviourFilter = (BehaviourFilter) ctx.getBean("policyBehaviourFilter");
+                                behaviourFilter.disableBehaviour(ContentModel.TYPE_PERSON);
+                                behaviourFilter.disableBehaviour(ContentModel.ASPECT_UNDELETABLE);
+                            }
+                            tenantAdminService.deleteTenant(tenantDomain);
+                        }
+                        return null;
+                    }
+                };
+                transactionService.getRetryingTransactionHelper().doInTransaction(work);
+                return null;
+            }
+        }, AuthenticationUtil.getSystemUserName());
+    }
+
     /**
      * Utility method to add a domain to an string id
      * @param id String
diff --git a/source/test-java/org/alfresco/repo/usage/RepoUsageComponentTest.java b/source/test-java/org/alfresco/repo/usage/RepoUsageComponentTest.java
index 790de46d38..786db7551b 100644
--- a/source/test-java/org/alfresco/repo/usage/RepoUsageComponentTest.java
+++ b/source/test-java/org/alfresco/repo/usage/RepoUsageComponentTest.java
@@ -166,11 +166,14 @@ public class RepoUsageComponentTest extends TestCase
     
     public void test4FullUse() throws Exception
     {
-        // Set the restrictions
+        // Update usage
+        updateUsage(UsageType.USAGE_ALL);
+
+    	// Set the restrictions
         RepoUsage restrictions = new RepoUsage(
                 System.currentTimeMillis(),
-                7L,
-                600L,
+                getUsage().getUsers(),
+                getUsage().getDocuments(),
                 LicenseMode.TEAM,
                 System.currentTimeMillis() + 24*3600000,
                 false);
@@ -178,12 +181,13 @@ public class RepoUsageComponentTest extends TestCase
         // Get the restrictions (should not need a txn for this)
         RepoUsage restrictionsCheck = repoUsageComponent.getRestrictions();
         assertEquals("Restrictions should return without change.", restrictions, restrictionsCheck);
-        
+
         // Update use
         updateUsage(UsageType.USAGE_ALL);
-        
+
         // Get the usage
-        RepoUsage usage = getUsage();
+        RepoUsage usage = getUsage();        
+        
         // Check
         assertNotNull("Usage is null", usage);
         assertNotNull("Invalid user count", usage.getUsers());