From 7edcb18bc0874ab372947561d09e17e1ef5f9262 Mon Sep 17 00:00:00 2001
From: Derek Hulley <derek.hulley@alfresco.com>
Date: Fri, 28 Apr 2006 12:54:29 +0000
Subject: [PATCH] Schema changes and ID-based node storage

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2727 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 config/alfresco/application-context.xml       |   1 +
 config/alfresco/core-services-context.xml     |  17 +-
 .../alfresco/domain/hibernate-cfg.properties  |   1 +
 config/alfresco/ehcache-default.xml           |  25 +-
 config/alfresco/hibernate-context.xml         |  59 +-
 .../messages/patch-service.properties         |   6 +-
 config/alfresco/node-services-context.xml     |  65 +-
 .../public-services-security-context.xml      |  17 +-
 .../patch/impl/ContentPermissionPatch.java    | 175 ++----
 .../impl/GuestPersonPermissionPatch.java      |   2 +-
 .../admin/patch/impl/PermissionDataPatch.java |  83 +--
 .../patch/impl/SpacesRootPermissionPatch.java |   2 +-
 .../impl/UpdateGuestPermissionPatch.java      | 170 ++----
 .../repo/domain/DbAccessControlEntry.java     |  75 +++
 .../DbAccessControlList.java}                 |  39 +-
 .../DbAuthority.java}                         |  23 +-
 .../alfresco/repo/domain/DbPermission.java    |  54 ++
 .../java/org/alfresco/repo/domain/Node.java   |  44 +-
 .../org/alfresco/repo/domain/NodeKey.java     |  28 +-
 .../org/alfresco/repo/domain/NodeStatus.java  |   6 +-
 .../repo/domain/dao/QNameDaoComponent.java    |  49 ++
 .../hibernate/DbAccessControlEntryImpl.java   | 174 ++++++
 .../hibernate/DbAccessControlListImpl.java    | 143 +++++
 .../domain/hibernate/DbAuthorityImpl.java     | 118 ++++
 .../domain/hibernate/DbPermissionImpl.java    | 161 +++++
 .../domain/hibernate/HibernateHelper.java     |  69 +++
 .../domain/hibernate/HibernateNodeTest.java   | 176 ++----
 .../domain/hibernate/LifecycleAdapter.java    |  70 +++
 .../repo/domain/hibernate/Node.hbm.xml        | 167 +++---
 .../repo/domain/hibernate/NodeAssocImpl.java  |   1 +
 .../repo/domain/hibernate/NodeImpl.java       | 173 ++++--
 .../repo/domain/hibernate/NodeStatusImpl.java |  49 +-
 .../repo/domain/hibernate/Permission.hbm.xml  | 200 +++++++
 .../PermissionsDaoComponentImpl.java          | 561 ++++++++++++++++++
 .../repo/domain/hibernate/Store.hbm.xml       |   6 +-
 .../repo/domain/hibernate/StoreImpl.java      | 103 +++-
 .../domain/hibernate/VersionCountImpl.java    |   5 +-
 .../VersionCounterDaoComponentImpl.java}      |   9 +-
 .../repo/node/BaseNodeServiceTest.java        |   6 +-
 .../repo/node/db/DbNodeServiceImpl.java       |  35 +-
 .../repo/node/db/DbNodeServiceImplTest.java   |  10 +-
 .../alfresco/repo/node/db/NodeDaoService.java |  41 +-
 .../HibernateNodeDaoServiceImpl.java          | 171 +++---
 .../impl/AbstractPermissionEntry.java         |   6 +-
 .../impl/AbstractPermissionTest.java          |  10 +-
 .../impl/PermissionServiceImpl.java           |  53 +-
 .../impl/PermissionServiceTest.java           | 494 +++++----------
 ...sDAO.java => PermissionsDaoComponent.java} |  57 +-
 .../hibernate/HibernatePermissionTest.java    | 255 ++++----
 .../hibernate/HibernatePermissionsDAO.java    | 422 -------------
 .../hibernate/NodePermissionEntryImpl.java    | 117 ----
 .../impl/hibernate/Permission.hbm.xml         | 174 ------
 .../impl/hibernate/PermissionEntry.java       |  73 ---
 .../impl/hibernate/PermissionEntryImpl.java   | 181 ------
 .../impl/hibernate/PermissionReference.java   |  69 ---
 .../hibernate/PermissionReferenceImpl.java    | 110 ----
 .../impl/hibernate/RecipientImpl.java         |  88 ---
 .../noop/PermissionServiceNOOPImpl.java       |   2 +-
 .../repo/version/BaseVersionStoreTest.java    |   6 +-
 .../repo/version/VersionServiceImpl.java      |  87 ++-
 .../repo/version/VersionTestSuite.java        |   4 +-
 ...ervice.java => VersionCounterService.java} |   4 +-
 ...st.java => VersionCounterServiceTest.java} |   6 +-
 .../cmr/security/PermissionService.java       |  11 +-
 64 files changed, 2798 insertions(+), 2820 deletions(-)
 create mode 100644 source/java/org/alfresco/repo/domain/DbAccessControlEntry.java
 rename source/java/org/alfresco/repo/{security/permissions/impl/hibernate/NodePermissionEntry.java => domain/DbAccessControlList.java} (52%)
 rename source/java/org/alfresco/repo/{security/permissions/impl/hibernate/Recipient.java => domain/DbAuthority.java} (66%)
 create mode 100644 source/java/org/alfresco/repo/domain/DbPermission.java
 create mode 100644 source/java/org/alfresco/repo/domain/dao/QNameDaoComponent.java
 create mode 100644 source/java/org/alfresco/repo/domain/hibernate/DbAccessControlEntryImpl.java
 create mode 100644 source/java/org/alfresco/repo/domain/hibernate/DbAccessControlListImpl.java
 create mode 100644 source/java/org/alfresco/repo/domain/hibernate/DbAuthorityImpl.java
 create mode 100644 source/java/org/alfresco/repo/domain/hibernate/DbPermissionImpl.java
 create mode 100644 source/java/org/alfresco/repo/domain/hibernate/HibernateHelper.java
 create mode 100644 source/java/org/alfresco/repo/domain/hibernate/LifecycleAdapter.java
 create mode 100644 source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml
 create mode 100644 source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
 rename source/java/org/alfresco/repo/{version/common/counter/hibernate/HibernateVersionCounterDaoServiceImpl.java => domain/hibernate/VersionCounterDaoComponentImpl.java} (92%)
 rename source/java/org/alfresco/repo/security/permissions/impl/{PermissionsDAO.java => PermissionsDaoComponent.java} (69%)
 delete mode 100644 source/java/org/alfresco/repo/security/permissions/impl/hibernate/HibernatePermissionsDAO.java
 delete mode 100644 source/java/org/alfresco/repo/security/permissions/impl/hibernate/NodePermissionEntryImpl.java
 delete mode 100644 source/java/org/alfresco/repo/security/permissions/impl/hibernate/Permission.hbm.xml
 delete mode 100644 source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionEntry.java
 delete mode 100644 source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionEntryImpl.java
 delete mode 100644 source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionReference.java
 delete mode 100644 source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionReferenceImpl.java
 delete mode 100644 source/java/org/alfresco/repo/security/permissions/impl/hibernate/RecipientImpl.java
 rename source/java/org/alfresco/repo/version/common/counter/{VersionCounterDaoService.java => VersionCounterService.java} (92%)
 rename source/java/org/alfresco/repo/version/common/counter/{VersionCounterDaoServiceTest.java => VersionCounterServiceTest.java} (94%)

diff --git a/config/alfresco/application-context.xml b/config/alfresco/application-context.xml
index 4193a16672..25df276103 100644
--- a/config/alfresco/application-context.xml
+++ b/config/alfresco/application-context.xml
@@ -24,6 +24,7 @@
     <import resource="classpath:alfresco/import-export-context.xml" />
     <import resource="classpath:alfresco/bootstrap-context.xml" />
     <import resource="classpath*:alfresco/patch/*-context.xml" />
+    <import resource="classpath*:alfresco/domain/*-context.xml" />
 
     <!-- import of general extensions and bean overrides -->
     <import resource="classpath*:alfresco/extension/*-context.xml" />
diff --git a/config/alfresco/core-services-context.xml b/config/alfresco/core-services-context.xml
index 16d1c821ef..5010836d9d 100644
--- a/config/alfresco/core-services-context.xml
+++ b/config/alfresco/core-services-context.xml
@@ -292,8 +292,8 @@
         <property name="dbNodeService">
             <ref bean="dbNodeService" />
         </property>
-        <property name="versionCounterDaoService">
-            <ref bean="versionCounterDaoService" />
+        <property name="versionCounterService">
+            <ref bean="versionCounterService" />
         </property>
         <property name="searcher">
             <ref bean="searchService" />
@@ -318,22 +318,15 @@
         </property>
     </bean>
 
-    <bean id="versionCounterDaoService" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
+    <bean id="versionCounterService" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
         <property name="proxyInterfaces">
-            <value>org.alfresco.repo.version.common.counter.VersionCounterDaoService</value>
+            <value>org.alfresco.repo.version.common.counter.VersionCounterService</value>
         </property>
         <property name="transactionManager">
             <ref bean="transactionManager" />
         </property>
         <property name="target">
-            <bean class="org.alfresco.repo.version.common.counter.hibernate.HibernateVersionCounterDaoServiceImpl" init-method="init">
-                <property name="sessionFactory">
-                    <ref bean="sessionFactory" />
-                </property>
-                <property name="policyComponent">
-                    <ref bean="policyComponent" />
-                </property>
-            </bean>
+            <ref bean="versionCounterDaoComponent" />
         </property>
         <property name="transactionAttributes">
             <props>
diff --git a/config/alfresco/domain/hibernate-cfg.properties b/config/alfresco/domain/hibernate-cfg.properties
index fffc43b392..7fb803806a 100644
--- a/config/alfresco/domain/hibernate-cfg.properties
+++ b/config/alfresco/domain/hibernate-cfg.properties
@@ -12,3 +12,4 @@ hibernate.cache.use_second_level_cache=true
 hibernate.default_batch_fetch_size=1
 hibernate.jdbc.batch_size=32
 hibernate.connection.release_mode=auto
+hibernate.connection.isolation=4
\ No newline at end of file
diff --git a/config/alfresco/ehcache-default.xml b/config/alfresco/ehcache-default.xml
index bd8ef12029..0c3902f42c 100644
--- a/config/alfresco/ehcache-default.xml
+++ b/config/alfresco/ehcache-default.xml
@@ -31,6 +31,15 @@
         timeToLiveSeconds="0" 
         overflowToDisk="false" 
         />
+    <!-- approx XXX MB memory required -->
+    <cache 
+        name="org.alfresco.repo.domain.hibernate.QNameEntityImpl" 
+        maxElementsInMemory="100"
+        eternal="true" 
+        timeToIdleSeconds="0" 
+        timeToLiveSeconds="0" 
+        overflowToDisk="false" 
+        />
     <!-- approx 20MB memory required -->
     <cache 
         name="org.alfresco.repo.domain.hibernate.NodeStatusImpl" 
@@ -142,36 +151,30 @@
     <!-- Permission related caches -->
     <!-- approx 40MB memory required -->
     <cache 
-        name="org.alfresco.repo.security.permissions.impl.hibernate.RecipientImpl" 
+        name="org.alfresco.repo.domain.hibernate.DbAuthorityImpl" 
         maxElementsInMemory="10000"        
         eternal="true" 
         overflowToDisk="false"/>
     <!-- approx 2MB memory required -->
     <cache 
-        name="org.alfresco.repo.security.permissions.impl.hibernate.PermissionReferenceImpl" 
+        name="org.alfresco.repo.domain.hibernate.DbPermissionImpl" 
         maxElementsInMemory="500"          
         eternal="true" 
         overflowToDisk="false"/>
     <!-- approx 35MB memory required -->
     <cache 
-        name="org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntryImpl" 
+        name="org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl" 
         maxElementsInMemory="25000"        
         eternal="true" 
         overflowToDisk="false"/>
     <!-- approx 40MB memory required -->
     <cache 
-        name="org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntryImpl" 
+        name="org.alfresco.repo.domain.hibernate.DbAccessControlListImpl" 
         maxElementsInMemory="10000"        
         eternal="true" 
         overflowToDisk="false"/>
-    <!-- approx 40MB memory required -->
     <cache 
-        name="org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntryImpl.permissionEntries" 
-        maxElementsInMemory="10000"
-        eternal="true" 
-        overflowToDisk="false"/>
-    <cache 
-        name="org.alfresco.repo.security.permissions.impl.hibernate.RecipientImpl.externalKeys" 
+        name="org.alfresco.repo.domain.hibernate.DbAuthorityImpl.externalKeys" 
         maxElementsInMemory="5000"
         eternal="true" 
         overflowToDisk="false"/>
diff --git a/config/alfresco/hibernate-context.xml b/config/alfresco/hibernate-context.xml
index a43ac54af7..9e4866e27f 100644
--- a/config/alfresco/hibernate-context.xml
+++ b/config/alfresco/hibernate-context.xml
@@ -36,7 +36,7 @@
                 <value>org/alfresco/repo/domain/hibernate/Store.hbm.xml</value>
                 <value>org/alfresco/repo/domain/hibernate/VersionCount.hbm.xml</value>
                 <value>org/alfresco/repo/domain/hibernate/AppliedPatch.hbm.xml</value>
-                <value>org/alfresco/repo/security/permissions/impl/hibernate/Permission.hbm.xml</value>
+                <value>org/alfresco/repo/domain/hibernate/Permission.hbm.xml</value>
             </list>
         </property>
         <property name="hibernateProperties" ref="hibernateConfigProperties" />
@@ -50,10 +50,10 @@
                 <prop key="org.alfresco.repo.domain.hibernate.VersionCountImpl">${cache.strategy}</prop>
                 <prop key="org.alfresco.repo.domain.hibernate.AppliedPatchImpl">${cache.strategy}</prop>
                 
-                <prop key="org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntryImpl">${cache.strategy}</prop>
-                <prop key="org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntryImpl">${cache.strategy}</prop>
-                <prop key="org.alfresco.repo.security.permissions.impl.hibernate.PermissionReferenceImpl">${cache.strategy}</prop>
-                <prop key="org.alfresco.repo.security.permissions.impl.hibernate.RecipientImpl">${cache.strategy}</prop>
+                <prop key="org.alfresco.repo.domain.hibernate.DbAccessControlListImpl">${cache.strategy}</prop>
+                <prop key="org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl">${cache.strategy}</prop>
+                <prop key="org.alfresco.repo.domain.hibernate.DbPermissionImpl">${cache.strategy}</prop>
+                <prop key="org.alfresco.repo.domain.hibernate.DbAuthorityImpl">${cache.strategy}</prop>
             </props>
         </property>
         <property name="collectionCacheStrategies" >
@@ -65,8 +65,7 @@
                 <prop key="org.alfresco.repo.domain.hibernate.NodeImpl.sourceNodeAssocs">${cache.strategy}</prop>
                 <prop key="org.alfresco.repo.domain.hibernate.NodeImpl.targetNodeAssocs">${cache.strategy}</prop>
 
-                <prop key="org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntryImpl.permissionEntries">${cache.strategy}</prop>
-                <prop key="org.alfresco.repo.security.permissions.impl.hibernate.RecipientImpl.externalKeys">${cache.strategy}</prop>
+                <prop key="org.alfresco.repo.domain.hibernate.DbAuthorityImpl.externalKeys">${cache.strategy}</prop>
             </props>
         </property>
     </bean>
@@ -80,5 +79,51 @@
             <ref bean="sessionFactory" />
         </property>
     </bean>
+    
+    <!-- Hibernate-specific implementations of persistence components -->
+   <bean id="versionCounterDaoComponent" class="org.alfresco.repo.domain.hibernate.VersionCounterDaoComponentImpl" init-method="init">
+      <property name="sessionFactory">
+         <ref bean="sessionFactory" />
+      </property>
+      <property name="policyComponent">
+         <ref bean="policyComponent" />
+      </property>
+   </bean>
+   
+   <bean id="permissionsDaoComponent" class="org.alfresco.repo.domain.hibernate.PermissionsDaoComponentImpl">
+      <property name="sessionFactory">
+         <ref bean="sessionFactory" />
+      </property>
+      <property name="nullPermissionCache">
+         <ref bean="nullPermissionCache" />
+      </property>
+      <property name="nodeDaoService">
+         <ref bean="nodeDaoService" />
+      </property>
+   </bean>
+	
+   <bean id="nodeDaoServiceImpl" class="org.alfresco.repo.node.db.hibernate.HibernateNodeDaoServiceImpl" >
+      <property name="sessionFactory">
+         <ref bean="sessionFactory" />
+      </property>
+   </bean>
+   <bean id="dbNodeDaoServiceTxnRegistration" class="org.alfresco.repo.transaction.NodeDaoServiceTransactionInterceptor" >
+      <property name="nodeDaoService">
+         <ref bean="nodeDaoServiceImpl" />
+      </property>
+   </bean>
+   <bean id="nodeDaoService" class="org.springframework.aop.framework.ProxyFactoryBean">
+      <property name="proxyInterfaces">
+         <value>org.alfresco.repo.node.db.NodeDaoService</value>
+      </property>
+      <property name="target">
+         <ref bean="nodeDaoServiceImpl" />
+      </property>
+      <property name="interceptorNames">
+         <list>
+            <value>dbNodeDaoServiceTxnRegistration</value>
+         </list>
+      </property>
+   </bean>
 
 </beans>
\ No newline at end of file
diff --git a/config/alfresco/messages/patch-service.properties b/config/alfresco/messages/patch-service.properties
index fbfe808b16..0185575810 100644
--- a/config/alfresco/messages/patch-service.properties
+++ b/config/alfresco/messages/patch-service.properties
@@ -25,7 +25,7 @@ patch.savedSearchesPermission.result.applied=Granted CONTRIBUTOR role to EVERYON
 patch.savedSearchesPermission.err.not_found='Saved Searches' folder could not be found.
 
 patch.updatePermissionData.description=Update permission entries from 'folder' to 'cmobject'.
-patch.updatePermissionData.result=Created the following permission reference names: {0}. \nUpdated {1} permission entries.
+patch.updatePermissionData.upgrade=Please follow an upgrade path via server version 1.2.1
 
 patch.authoritiesFolder.description=Ensures the existence of the user authorities folder [JIRA: AR-497].
 
@@ -36,7 +36,7 @@ patch.fixNodeSerializableValues.description=Ensure that property values are not
 patch.fixNodeSerializableValues.result=Fixed {0} node property serialized values
 
 patch.updateGuestPermission.description=Rename guest permission from 'Guest' to 'Consumer'
-patch.updateGuestPermission.result=Created the following permission reference names: {0}.  \nUpdated {1} permission entries.
+patch.updateGuestPermission.upgrade=Please follow an upgrade path via server version 1.2.1
 
 patch.categoryRootPermission.description=Sets required permissions on 'Category Root' folder.
 patch.categoryRootPermission.result=Granted CONSUMER role to GUEST on ''Category Root'' folder: {0}.
@@ -49,7 +49,7 @@ patch.spacesRootPermission.description=Change Spaces store root permission from
 patch.spacesRootPermission.result=Updated Spaces store root permission from 'Consumer' to 'Read'
 
 patch.contentPermission.description=Update permission entries from 'cm:content' to 'sys:base'.
-patch.contentPermission.result=Created the following permission reference names: {0}. \nUpdated {1} permission entries.
+patch.contentPermission.upgrade=Please follow an upgrade path via server version 1.2.1
 
 patch.forumsIcons.description=Updates forums icon references
 patch.forumsIcons.result=Updated {0} icon references
diff --git a/config/alfresco/node-services-context.xml b/config/alfresco/node-services-context.xml
index af7200df3c..ca79b78a4f 100644
--- a/config/alfresco/node-services-context.xml
+++ b/config/alfresco/node-services-context.xml
@@ -3,32 +3,6 @@
 
 <!-- Beans pertinent to node persistence and services --> 
 <beans>
-	
-   <bean id="nodeDaoServiceImpl" class="org.alfresco.repo.node.db.hibernate.HibernateNodeDaoServiceImpl" >
-      <property name="sessionFactory">
-         <ref bean="sessionFactory" />
-      </property>
-   </bean>
-   
-   <bean id="dbNodeDaoServiceTxnRegistration" class="org.alfresco.repo.transaction.NodeDaoServiceTransactionInterceptor" >
-      <property name="nodeDaoService">
-         <ref bean="nodeDaoServiceImpl" />
-      </property>
-   </bean>
-
-   <bean id="nodeDaoService" class="org.springframework.aop.framework.ProxyFactoryBean">
-      <property name="proxyInterfaces">
-         <value>org.alfresco.repo.node.db.NodeDaoService</value>
-      </property>
-      <property name="target">
-         <ref bean="nodeDaoServiceImpl" />
-      </property>
-      <property name="interceptorNames">
-         <list>
-            <value>dbNodeDaoServiceTxnRegistration</value>
-         </list>
-      </property>
-   </bean>
    
    <bean id="nodeService" class="org.alfresco.repo.service.StoreRedirectorProxyFactory">
       <property name="proxyInterface">
@@ -46,35 +20,16 @@
    </bean>
    
    <!-- NodeService implemented to persist to Database -->
-   <bean id="dbNodeService" class="org.springframework.aop.framework.ProxyFactoryBean">
-      <property name="proxyInterfaces">
-    	<value>org.alfresco.service.cmr.repository.NodeService</value>
-      </property>
-      <property name="target">
-        <bean class="org.alfresco.repo.node.db.DbNodeServiceImpl" init-method="init" >
-          <constructor-arg>
-             <ref bean="policyComponent"/>
-          </constructor-arg>
-          <constructor-arg>
-             <ref bean="dictionaryService" />
-          </constructor-arg>
-          <constructor-arg>
-             <ref bean="nodeDaoService" />
-          </constructor-arg>
-        </bean>
-      </property>
-      <property name="interceptorNames">
-         <list>
-<!--            <idref bean="methodCallLogAdvice" />-->
-<!--            <idref bean="dbNodeService_PerformanceMonitorAdvice" />-->
-         </list>
-      </property>
-   </bean>   
-
-   <bean id="dbNodeService_PerformanceMonitorAdvice" class="org.alfresco.util.perf.PerformanceMonitorAdvice" >
-       <constructor-arg>
-          <value>dbNodeService</value>
-       </constructor-arg>
+   <bean id="dbNodeService" class="org.alfresco.repo.node.db.DbNodeServiceImpl" init-method="init" >
+      <constructor-arg>
+         <ref bean="policyComponent"/>
+      </constructor-arg>
+      <constructor-arg>
+         <ref bean="dictionaryService" />
+      </constructor-arg>
+      <constructor-arg>
+         <ref bean="nodeDaoService" />
+      </constructor-arg>
    </bean>
    
    <!-- Handles policy callbacks to ensure that node hierarchy gets indexed -->
diff --git a/config/alfresco/public-services-security-context.xml b/config/alfresco/public-services-security-context.xml
index 853fb2caba..c1fe2965f2 100644
--- a/config/alfresco/public-services-security-context.xml
+++ b/config/alfresco/public-services-security-context.xml
@@ -51,8 +51,8 @@
         <property name="dictionaryService">
             <ref bean="dictionaryService" />
         </property>
-        <property name="permissionsDAO">
-            <ref bean="permissionsDAO" />
+        <property name="permissionsDaoComponent">
+            <ref bean="permissionsDaoComponent" />
         </property>
         <property name="modelDAO">
             <ref bean="permissionsModelDAO" />
@@ -98,19 +98,6 @@
         </property>
     </bean>
 
-    <!-- =============== -->
-    <!-- Permissions DAO -->
-    <!-- =============== -->
-
-    <bean id="permissionsDAO" class="org.alfresco.repo.security.permissions.impl.hibernate.HibernatePermissionsDAO">
-        <property name="sessionFactory">
-            <ref bean="sessionFactory" />
-        </property>
-        <property name="nullPermissionCache">
-            <ref bean="nullPermissionCache" />
-        </property>
-    </bean>
-
     <!-- ===================== -->
     <!-- Permissions Model DAO -->
     <!-- ===================== -->
diff --git a/source/java/org/alfresco/repo/admin/patch/impl/ContentPermissionPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/ContentPermissionPatch.java
index 1ba220b298..6f428ccd92 100644
--- a/source/java/org/alfresco/repo/admin/patch/impl/ContentPermissionPatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/ContentPermissionPatch.java
@@ -1,127 +1,48 @@
-/*
- * Copyright (C) 2005 Alfresco, Inc.
- *
- * Licensed under the Mozilla Public License version 1.1 
- * with a permitted attribution clause. You may obtain a
- * copy of the License at
- *
- *   http://www.alfresco.org/legal/license.txt
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific
- * language governing permissions and limitations under the
- * License.
- */
-package org.alfresco.repo.admin.patch.impl;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.alfresco.i18n.I18NUtil;
-import org.alfresco.repo.admin.patch.AbstractPatch;
-import org.alfresco.repo.security.permissions.impl.hibernate.PermissionReference;
-import org.alfresco.repo.security.permissions.impl.hibernate.PermissionReferenceImpl;
-import org.alfresco.service.namespace.QName;
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.hibernate.SessionFactory;
-import org.springframework.orm.hibernate3.HibernateCallback;
-import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
-
-/**
- * Roles defined in permissionsDefinition.xml moved from <b>cm:content</b> to <b>sys:base</b>.
- * This effects the data stored in the <b>node_perm_entry</b> table.
- * 
- * @author Derek Hulley
- */
-public class ContentPermissionPatch extends AbstractPatch
-{
-    private static final String MSG_SUCCESS = "patch.contentPermission.result";
-    
-    private HibernateHelper helper;
-    
-    public ContentPermissionPatch()
-    {
-        helper = new HibernateHelper();
-    }
-    
-    public void setSessionFactory(SessionFactory sessionFactory)
-    {
-        this.helper.setSessionFactory(sessionFactory);
-    }
-    
-    @Override
-    protected String applyInternal() throws Exception
-    {
-        List<String> createdNames = helper.createPermissionReferences();
-        int updatedEntries = helper.updatePermissionEntries();
-        
-        // build the result message
-        String msg = I18NUtil.getMessage(MSG_SUCCESS, createdNames, updatedEntries);
-        // done
-        return msg;
-    }
-
-    private static class HibernateHelper extends HibernateDaoSupport
-    {
-        private static final String TYPE_URI_OLD = "http://www.alfresco.org/model/content/1.0";        
-        private static final String TYPE_NAME_OLD = "content";
-        private static final String TYPE_URI_NEW = "http://www.alfresco.org/model/system/1.0";        
-        private static final String TYPE_NAME_NEW = "base";
-        private static final String[] NAMES = new String[] {"Execute", "ReadContent", "WriteContent", "ExecuteContent"};
-
-        private static final String QUERY_UPDATE_PERM_ENTRY_TYPE = "permission.patch.UpdatePermissionEntryType";
-        
-        public List<String> createPermissionReferences()
-        {
-            List<String> createdNames = new ArrayList<String>(4);
-            for (String name : NAMES)
-            {
-                // create permission references as required, double checking for their existence first
-                PermissionReference ref = new PermissionReferenceImpl();
-                ref.setTypeUri(TYPE_URI_NEW);
-                ref.setTypeName(TYPE_NAME_NEW);
-                ref.setName(name);
-
-                // it acts as its own key
-                PermissionReference found = (PermissionReference) getHibernateTemplate().get(
-                        PermissionReferenceImpl.class,
-                        ref);
-
-                if (found == null)
-                {
-                    // it was not found, so create it
-                    getHibernateTemplate().save(ref);
-                    createdNames.add(QName.createQName(TYPE_URI_NEW, TYPE_NAME_NEW).toString() + "/" + name);
-                }
-            }            
-            return createdNames;
-        }
-        
-        public int updatePermissionEntries()
-        {
-            HibernateCallback callback = new HibernateCallback()
-            {
-                public Object doInHibernate(Session session)
-                {
-                    // flush any outstanding entities
-                    session.flush();
-                    
-                    Query query = session.getNamedQuery(HibernateHelper.QUERY_UPDATE_PERM_ENTRY_TYPE);
-                    query.setString("typeNameNew", TYPE_NAME_NEW)
-                         .setString("typeNameOld", TYPE_NAME_OLD)
-                         .setString("typeUriNew", TYPE_URI_NEW)
-                         .setString("typeUriOld", TYPE_URI_OLD)
-                         .setParameterList("names", NAMES);
-                    int updateCount = query.executeUpdate();
-                    return new Integer(updateCount);
-                }
-            };
-            Integer updateCount = (Integer) getHibernateTemplate().execute(callback);
-            // done
-            return updateCount.intValue();
-        }
-    }
-}
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.admin.patch.impl;
+
+import org.alfresco.repo.admin.patch.AbstractPatch;
+import org.alfresco.service.cmr.admin.PatchException;
+import org.hibernate.SessionFactory;
+
+/**
+ * Roles defined in permissionsDefinition.xml moved from <b>cm:content</b> to <b>sys:base</b>.
+ * This effects the data stored in the <b>node_perm_entry</b> table.
+ * <p>
+ * <b>WILL NOT EXECUTE ANYMORE</b>
+ * 
+ * @author Derek Hulley
+ */
+public class ContentPermissionPatch extends AbstractPatch
+{
+    private static final String MSG_UPGRADE = "patch.contentPermission.upgrade";
+    
+    public ContentPermissionPatch()
+    {
+    }
+    
+    public void setSessionFactory(SessionFactory sessionFactory)
+    {
+    }
+    
+    @Override
+    protected String applyInternal() throws Exception
+    {
+        throw new PatchException(MSG_UPGRADE);
+    }
+}
diff --git a/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch.java
index e879b8d4ec..ab95ff71ad 100644
--- a/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/GuestPersonPermissionPatch.java
@@ -64,7 +64,7 @@ public class GuestPersonPermissionPatch extends AbstractPatch
         {
             NodeRef personRef = personService.getPerson(guestId);
             permissionService.setInheritParentPermissions(personRef, false);
-            permissionService.deletePermission(personRef, guestId, PermissionService.CONSUMER, true);
+            permissionService.deletePermission(personRef, guestId, PermissionService.CONSUMER);
             permissionService.setPermission(personRef, guestId, PermissionService.READ, true);
         }
 
diff --git a/source/java/org/alfresco/repo/admin/patch/impl/PermissionDataPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/PermissionDataPatch.java
index 7ef13dd53a..8c815a7d1f 100644
--- a/source/java/org/alfresco/repo/admin/patch/impl/PermissionDataPatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/PermissionDataPatch.java
@@ -16,108 +16,35 @@
  */
 package org.alfresco.repo.admin.patch.impl;
 
-import java.util.ArrayList;
-import java.util.List;
-
-import org.alfresco.i18n.I18NUtil;
 import org.alfresco.repo.admin.patch.AbstractPatch;
-import org.alfresco.repo.security.permissions.impl.hibernate.PermissionReference;
-import org.alfresco.repo.security.permissions.impl.hibernate.PermissionReferenceImpl;
-import org.alfresco.service.namespace.NamespaceService;
-import org.hibernate.Query;
-import org.hibernate.Session;
+import org.alfresco.service.cmr.admin.PatchException;
 import org.hibernate.SessionFactory;
-import org.springframework.orm.hibernate3.HibernateCallback;
-import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
 
 /**
  * The roles defined in permissionsDefinition.xml moved from <b>cm:folder</b> to <b>cm:cmobject</b>.
  * This effects the data stored in the <b>node_perm_entry</b> table.
  * <p>
  * JIRA: {@link http://www.alfresco.org/jira/browse/AR-344 AR-344}
+ * <p>
+ * <b>WILL NOT EXECUTE ANYMORE</b>
  * 
  * @author Derek Hulley
  */
 public class PermissionDataPatch extends AbstractPatch
 {
-    private static final String MSG_SUCCESS = "patch.updatePermissionData.result";
-    
-    private HibernateHelper helper;
+    private static final String MSG_UPGRADE = "patch.updatePermissionData.upgrade";
     
     public PermissionDataPatch()
     {
-        helper = new HibernateHelper();
     }
     
     public void setSessionFactory(SessionFactory sessionFactory)
     {
-        this.helper.setSessionFactory(sessionFactory);
     }
     
     @Override
     protected String applyInternal() throws Exception
     {
-        List<String> createdNames = helper.createPermissionReferences();
-        int updatedEntries = helper.updatePermissionEntries();
-        
-        // build the result message
-        String msg = I18NUtil.getMessage(MSG_SUCCESS, createdNames, updatedEntries);
-        // done
-        return msg;
-    }
-
-    private static class HibernateHelper extends HibernateDaoSupport
-    {
-        private static final String TYPE_NAME_OLD = "folder";
-        private static final String TYPE_NAME_NEW = "cmobject";
-        private static final String[] NAMES = new String[] {"Coordinator", "Contributor", "Editor", "Guest"};
-        private static final String QUERY_UPDATE_PERM_ENTRY_TYPENAME = "permission.patch.UpdatePermissionEntryTypeName";
-        
-        public List<String> createPermissionReferences()
-        {
-            List<String> createdNames = new ArrayList<String>(4);
-            for (String name : NAMES)
-            {
-                // create permission references as required, double checking for their existence first
-                PermissionReference ref = new PermissionReferenceImpl();
-                ref.setTypeUri(NamespaceService.CONTENT_MODEL_1_0_URI);
-                ref.setTypeName(TYPE_NAME_NEW);
-                ref.setName(name);
-
-                // it acts as its own key
-                PermissionReference found = (PermissionReference) getHibernateTemplate().get(
-                        PermissionReferenceImpl.class,
-                        ref);
-
-                if (found == null)
-                {
-                    // it was not found, so create it
-                    getHibernateTemplate().save(ref);
-                    createdNames.add(name);
-                }
-            }            
-            return createdNames;
-        }
-        
-        public int updatePermissionEntries()
-        {
-            HibernateCallback callback = new HibernateCallback()
-            {
-                public Object doInHibernate(Session session)
-                {
-                    // flush any outstanding entities
-                    session.flush();
-                    
-                    Query query = session.getNamedQuery(HibernateHelper.QUERY_UPDATE_PERM_ENTRY_TYPENAME);
-                    query.setString("typeNameNew", TYPE_NAME_NEW)
-                         .setString("typeNameOld", TYPE_NAME_OLD);
-                    int updateCount = query.executeUpdate();
-                    return new Integer(updateCount);
-                }
-            };
-            Integer updateCount = (Integer) getHibernateTemplate().execute(callback);
-            // done
-            return updateCount.intValue();
-        }
+        throw new PatchException(MSG_UPGRADE);
     }
 }
diff --git a/source/java/org/alfresco/repo/admin/patch/impl/SpacesRootPermissionPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/SpacesRootPermissionPatch.java
index 26f21356a3..ff9a03d2e0 100644
--- a/source/java/org/alfresco/repo/admin/patch/impl/SpacesRootPermissionPatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/SpacesRootPermissionPatch.java
@@ -62,7 +62,7 @@ public class SpacesRootPermissionPatch extends AbstractPatch
     protected String applyInternal() throws Exception
     {
         NodeRef rootNodeRef = nodeService.getRootNode(spacesBootstrap.getStoreRef());
-        permissionService.deletePermission(rootNodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.CONSUMER, true);
+        permissionService.deletePermission(rootNodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.CONSUMER);
         permissionService.setPermission(rootNodeRef, PermissionService.ALL_AUTHORITIES, PermissionService.READ, true);
 
         return I18NUtil.getMessage(MSG_SUCCESS);
diff --git a/source/java/org/alfresco/repo/admin/patch/impl/UpdateGuestPermissionPatch.java b/source/java/org/alfresco/repo/admin/patch/impl/UpdateGuestPermissionPatch.java
index 14d9d5819c..58fd936812 100644
--- a/source/java/org/alfresco/repo/admin/patch/impl/UpdateGuestPermissionPatch.java
+++ b/source/java/org/alfresco/repo/admin/patch/impl/UpdateGuestPermissionPatch.java
@@ -1,123 +1,47 @@
-/*
- * Copyright (C) 2005 Alfresco, Inc.
- *
- * Licensed under the Mozilla Public License version 1.1 
- * with a permitted attribution clause. You may obtain a
- * copy of the License at
- *
- *   http://www.alfresco.org/legal/license.txt
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific
- * language governing permissions and limitations under the
- * License.
- */
-package org.alfresco.repo.admin.patch.impl;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.alfresco.i18n.I18NUtil;
-import org.alfresco.model.ContentModel;
-import org.alfresco.repo.admin.patch.AbstractPatch;
-import org.alfresco.repo.security.permissions.impl.hibernate.PermissionReference;
-import org.alfresco.repo.security.permissions.impl.hibernate.PermissionReferenceImpl;
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.hibernate.SessionFactory;
-import org.springframework.orm.hibernate3.HibernateCallback;
-import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
-
-/**
- * The permission 'Guest' has been renamed to 'Consumer'.
- *
- * @author David Caruana
- */
-public class UpdateGuestPermissionPatch extends AbstractPatch
-{
-    private static final String MSG_SUCCESS = "patch.updateGuestPermission.result";
-    
-    private HibernateHelper helper;
-    
-    public UpdateGuestPermissionPatch()
-    {
-        helper = new HibernateHelper();
-    }
-    
-    public void setSessionFactory(SessionFactory sessionFactory)
-    {
-        this.helper.setSessionFactory(sessionFactory);
-    }
-    
-    @Override
-    protected String applyInternal() throws Exception
-    {
-        List<String> createdNames = helper.createPermissionReferences();
-        int updatedPermEntries = helper.updatePermissionEntries();
-        
-        // build the result message
-        String msg = I18NUtil.getMessage(MSG_SUCCESS, createdNames, updatedPermEntries);
-        // done
-        return msg;
-    }
-
-    private static class HibernateHelper extends HibernateDaoSupport
-    {
-        private static final String NAME_OLD = "Guest";
-        private static final String NAME_NEW = "Consumer";
-        private static final String[] NAMES = new String[] {"Consumer"};
-        
-        private static final String QUERY_UPDATE_PERM_ENTRY_NAME = "permission.patch.UpdatePermissionName";
-        
-        
-        public List<String> createPermissionReferences()
-        {
-            List<String> createdNames = new ArrayList<String>(4);
-            for (String name : NAMES)
-            {
-                // create permission references as required, double checking for their existence first
-                PermissionReference ref = new PermissionReferenceImpl();
-                ref.setTypeUri(ContentModel.TYPE_CMOBJECT.getNamespaceURI());
-                ref.setTypeName(ContentModel.TYPE_CMOBJECT.getLocalName());
-                ref.setName(name);
-
-                // it acts as its own key
-                PermissionReference found = (PermissionReference) getHibernateTemplate().get(
-                        PermissionReferenceImpl.class,
-                        ref);
-
-                if (found == null)
-                {
-                    // it was not found, so create it
-                    getHibernateTemplate().save(ref);
-                    createdNames.add(name);
-                }
-            }            
-            return createdNames;
-        }
-        
-        public int updatePermissionEntries()
-        {
-            HibernateCallback callback = new HibernateCallback()
-            {
-                public Object doInHibernate(Session session)
-                {
-                    // flush any outstanding entities
-                    session.flush();
-                    
-                    Query query = session.getNamedQuery(HibernateHelper.QUERY_UPDATE_PERM_ENTRY_NAME);
-                    query.setString("nameNew", NAME_NEW)
-                         .setString("nameOld", NAME_OLD);
-                    int updateCount = query.executeUpdate();
-                    return new Integer(updateCount);
-                }
-            };
-            Integer updateCount = (Integer) getHibernateTemplate().execute(callback);
-            // done
-            return updateCount.intValue();
-        }
-        
-    }
-}
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.admin.patch.impl;
+
+import org.alfresco.repo.admin.patch.AbstractPatch;
+import org.alfresco.service.cmr.admin.PatchException;
+import org.hibernate.SessionFactory;
+
+/**
+ * The permission 'Guest' has been renamed to 'Consumer'.
+ * <p>
+ * <b>WILL NOT EXECUTE ANYMORE</b>
+ *
+ * @author David Caruana
+ */
+public class UpdateGuestPermissionPatch extends AbstractPatch
+{
+    private static final String MSG_UPGRADE = "patch.updateGuestPermission.upgrade";
+    
+    public UpdateGuestPermissionPatch()
+    {
+    }
+    
+    public void setSessionFactory(SessionFactory sessionFactory)
+    {
+    }
+    
+    @Override
+    protected String applyInternal() throws Exception
+    {
+        throw new PatchException(MSG_UPGRADE);
+    }
+}
diff --git a/source/java/org/alfresco/repo/domain/DbAccessControlEntry.java b/source/java/org/alfresco/repo/domain/DbAccessControlEntry.java
new file mode 100644
index 0000000000..9983a57bc8
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/DbAccessControlEntry.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.domain;
+
+
+
+/**
+ * The interface against which permission entries are persisted
+ * 
+ * @author andyh
+ */
+
+public interface DbAccessControlEntry
+{
+    /**
+     * @return Returns the identifier for this object
+     */
+    public long getId();
+    
+    /**
+     * @return Returns the containing access control list
+     */
+    public DbAccessControlList getAccessControlList();
+    
+    /**
+     * @param acl the accession control list to which entry belongs
+     */
+    public void setAccessControlList(DbAccessControlList acl);
+    
+    /**
+     * @return Returns the permission to which this entry applies
+     */
+    public DbPermission getPermission();
+    
+    /**
+     * @param permission the permission to which the entry applies
+     */
+    public void setPermission(DbPermission permission);
+    
+    /**
+     * @return Returns the authority to which this entry applies
+     */
+    public DbAuthority getAuthority();
+    
+    /**
+     * @param authority the authority to which this entry applies
+     */
+    public void setAuthority(DbAuthority authority);
+    
+    /**
+     * @return Returns <tt>true</tt> if this permission is allowed 
+     */
+    public boolean isAllowed();
+    
+    /**
+     * Set if this permission is allowed, otherwise it is denied.
+     * 
+     * @param allowed
+     */
+    public void setAllowed(boolean allowed);
+}
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/NodePermissionEntry.java b/source/java/org/alfresco/repo/domain/DbAccessControlList.java
similarity index 52%
rename from source/java/org/alfresco/repo/security/permissions/impl/hibernate/NodePermissionEntry.java
rename to source/java/org/alfresco/repo/domain/DbAccessControlList.java
index 9f13d179a1..891c98b77f 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/NodePermissionEntry.java
+++ b/source/java/org/alfresco/repo/domain/DbAccessControlList.java
@@ -14,40 +14,21 @@
  * language governing permissions and limitations under the
  * License.
  */
-package org.alfresco.repo.security.permissions.impl.hibernate;
+package org.alfresco.repo.domain;
 
-import java.util.Set;
-
-import org.alfresco.repo.domain.NodeKey;
-import org.alfresco.service.cmr.repository.NodeRef;
 
 /**
- * The interface to support persistence of node permission entries in hibernate
+ * The interface to support persistence of node access control entries in hibernate
  * 
  * @author andyh
  */
-public interface NodePermissionEntry
+public interface DbAccessControlList
 {
-    /**
-     * Get the node key.
-     * 
-     * @return
-     */
-    public NodeKey getNodeKey();
+    public long getId();
 
-    /**
-     * Set the node key.
-     * 
-     * @param key
-     */
-    public void setNodeKey(NodeKey key);
+    public Node getNode();
     
-    /**
-     * Get the node ref
-     * 
-     * @return
-     */
-    public NodeRef getNodeRef();
+    public void setNode(Node node);
     
     /**
      * Get inheritance behaviour
@@ -62,9 +43,9 @@ public interface NodePermissionEntry
     public void setInherits(boolean inherits);
     
     /**
-     * Get the permission entries set for the node
-     * @return
+     * Delete the entries related to this access control list
+     * 
+     * @return Returns the number of entries deleted
      */
-    public Set<PermissionEntry> getPermissionEntries();
-    
+    public int deleteEntries();
 }
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/Recipient.java b/source/java/org/alfresco/repo/domain/DbAuthority.java
similarity index 66%
rename from source/java/org/alfresco/repo/security/permissions/impl/hibernate/Recipient.java
rename to source/java/org/alfresco/repo/domain/DbAuthority.java
index 47c0a56112..485fa45ee1 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/Recipient.java
+++ b/source/java/org/alfresco/repo/domain/DbAuthority.java
@@ -14,7 +14,7 @@
  * language governing permissions and limitations under the
  * License.
  */
-package org.alfresco.repo.security.permissions.impl.hibernate;
+package org.alfresco.repo.domain;
 
 import java.io.Serializable;
 import java.util.Set;
@@ -23,26 +23,27 @@ import java.util.Set;
  * The interface against which recipients of permission are persisted
  * @author andyh
  */
-public interface Recipient extends Serializable 
+public interface DbAuthority extends Serializable 
 {
     /**
-     * Get the recipient.
-     * 
-     * @return
+     * @return Returns the recipient
      */
     public String getRecipient();
     
     /**
-     * Set the recipient
-     * 
-     * @param recipient
+     * @param recipient the authority recipient
      */
     public void setRecipient(String recipient);
     
     /**
-     * Get the external keys that map to this recipient.
-     * 
-     * @return
+     * @return Returns the external keys associated with this authority
      */
     public Set<String> getExternalKeys();
+    
+    /**
+     * Delete the access control entries related to this authority
+     * 
+     * @return Returns the number of entries deleted
+     */
+    public int deleteEntries();
 }
diff --git a/source/java/org/alfresco/repo/domain/DbPermission.java b/source/java/org/alfresco/repo/domain/DbPermission.java
new file mode 100644
index 0000000000..d1e741c2b5
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/DbPermission.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.domain;
+
+import java.io.Serializable;
+
+import org.alfresco.service.namespace.QName;
+
+/**
+ * The interface against which permission references are persisted in hibernate.
+ * 
+ * @author andyh
+ */
+public interface DbPermission extends Serializable
+{
+    /**
+     * @return Returns the automatically assigned ID
+     */
+    public long getId();
+    
+    /**
+     * @return Returns the qualified name of this permission
+     */
+    public QName getTypeQname();
+    
+    /**
+     * @param qname the entity representing the qname for this instance
+     */
+    public void setTypeQname(QName qname);
+
+    /**
+     * @return Returns the permission name
+     */
+    public String getName();
+    
+    /**
+     * @param name the name of the permission
+     */
+    public void setName(String name);
+}
diff --git a/source/java/org/alfresco/repo/domain/Node.java b/source/java/org/alfresco/repo/domain/Node.java
index 0779fe05de..c85eb73e07 100644
--- a/source/java/org/alfresco/repo/domain/Node.java
+++ b/source/java/org/alfresco/repo/domain/Node.java
@@ -33,38 +33,33 @@ import org.alfresco.service.namespace.QName;
 public interface Node
 {
     /**
-     * @return Returns the unique key for this node
+     * Convenience method to get the reference to the node
+     * 
+     * @return Returns the reference to this node
      */
-    public NodeKey getKey();
-
+    public NodeRef getNodeRef();
+    
     /**
-     * @param key the unique node key
+     * @return Returns the auto-generated ID
      */
-    public void setKey(NodeKey key);
+    public Long getId();
     
     public Store getStore();
     
     public void setStore(Store store);
     
+    public String getUuid();
+    
+    public void setUuid(String uuid);
+    
     public QName getTypeQName();
     
     public void setTypeQName(QName typeQName);
 
-    /**
-     * Set the status of the node.  This is compulsory, but a node
-     * status may exist without a node being present.
-     * 
-     * @param nodeStatus
-     */
-    public void setStatus(NodeStatus nodeStatus);
-    
-    /**
-     * Get the mandatory node status object
-     * 
-     * @return
-     */
-    public NodeStatus getStatus();
-    
+//    public NodeStatus getStatus();
+//    
+//    public void setStatus(NodeStatus status);
+//    
     public Set<QName> getAspects();
     
     /**
@@ -83,10 +78,7 @@ public interface Node
 
     public Map<QName, PropertyValue> getProperties();
 
-    /**
-     * Convenience method to get the reference to the node
-     * 
-     * @return Returns the reference to this node
-     */
-    public NodeRef getNodeRef();
+    public DbAccessControlList getAccessControlList();
+
+//    public void setAccessControlList(DbAccessControlList accessControlList);
 }
diff --git a/source/java/org/alfresco/repo/domain/NodeKey.java b/source/java/org/alfresco/repo/domain/NodeKey.java
index 7d45956d72..9f6acef750 100644
--- a/source/java/org/alfresco/repo/domain/NodeKey.java
+++ b/source/java/org/alfresco/repo/domain/NodeKey.java
@@ -18,6 +18,8 @@ package org.alfresco.repo.domain;
 
 import java.io.Serializable;
 
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.util.EqualsHelper;
 
 /**
@@ -36,14 +38,26 @@ public class NodeKey implements Serializable
     public NodeKey()
     {
     }
+    
+    public NodeKey(NodeRef nodeRef)
+    {
+        this(nodeRef.getStoreRef(), nodeRef.getId());
+    }
 	
-	public NodeKey(StoreKey storeKey, String guid)
-	{
-		setGuid(guid);
-		setProtocol(storeKey.getProtocol());
-		setIdentifier(storeKey.getIdentifier());
-	}
-	
+    public NodeKey(StoreRef storeRef, String guid)
+    {
+        setGuid(guid);
+        setProtocol(storeRef.getProtocol());
+        setIdentifier(storeRef.getIdentifier());
+    }
+    
+    public NodeKey(StoreKey storeKey, String guid)
+    {
+        setGuid(guid);
+        setProtocol(storeKey.getProtocol());
+        setIdentifier(storeKey.getIdentifier());
+    }
+    
 	public NodeKey(String protocol, String identifier, String guid)
 	{
 		setGuid(guid);
diff --git a/source/java/org/alfresco/repo/domain/NodeStatus.java b/source/java/org/alfresco/repo/domain/NodeStatus.java
index b6b2046958..4df06d8cf1 100644
--- a/source/java/org/alfresco/repo/domain/NodeStatus.java
+++ b/source/java/org/alfresco/repo/domain/NodeStatus.java
@@ -37,11 +37,13 @@ public interface NodeStatus
      */
     public void setKey(NodeKey key);
     
+    public Node getNode();
+    
+    public void setNode(Node node);
+    
     public String getChangeTxnId();
     
     public void setChangeTxnId(String txnId);
     
-    public void setDeleted(boolean deleted);
-    
     public boolean isDeleted();
 }
diff --git a/source/java/org/alfresco/repo/domain/dao/QNameDaoComponent.java b/source/java/org/alfresco/repo/domain/dao/QNameDaoComponent.java
new file mode 100644
index 0000000000..c361216f98
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/dao/QNameDaoComponent.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.domain.dao;
+
+import org.alfresco.repo.domain.QNameEntity;
+import org.alfresco.service.namespace.QName;
+
+/**
+ * Service layer accessing persistent <b>qname</b> entities directly
+ * 
+ * @author Derek Hulley
+ */
+public interface QNameDaoComponent
+{
+    /**
+     * Create a qname entity
+     * 
+     * @param qname the qualified name to persist
+     * @return Returns either a newly created instance or an existing matching instance
+     */
+    public QNameEntity createQNameEntity(QName qname);
+    
+    /**
+     * @param qname the qname to match
+     * @return Returns the entity if it exists, otherwise null
+     */
+    public QNameEntity getQNameEntity(QName qname);
+
+    /**
+     * @param namespaceUri the namespace URI
+     * @param localName the localname part
+     * @return Return the entity if it exists, otherwise null
+     */
+    public QNameEntity getQNameEntity(String namespaceUri, String localName);
+}
diff --git a/source/java/org/alfresco/repo/domain/hibernate/DbAccessControlEntryImpl.java b/source/java/org/alfresco/repo/domain/hibernate/DbAccessControlEntryImpl.java
new file mode 100644
index 0000000000..88b2b76a0b
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/hibernate/DbAccessControlEntryImpl.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.domain.hibernate;
+
+import org.alfresco.repo.domain.DbAccessControlEntry;
+import org.alfresco.repo.domain.DbAccessControlList;
+import org.alfresco.repo.domain.DbAuthority;
+import org.alfresco.repo.domain.DbPermission;
+import org.alfresco.util.EqualsHelper;
+
+/**
+ * Persisted permission entries
+ * 
+ * @author andyh
+ */
+public class DbAccessControlEntryImpl implements DbAccessControlEntry
+{
+    /** The object id */
+    private long id;
+    
+    /** The container of these entries */
+    private DbAccessControlList accessControlList;
+
+    /** The permission to which this applies (non null - all is a special string) */
+    private DbPermission permission;
+
+    /** The recipient to which this applies (non null - all is a special string) */
+    private DbAuthority authority;
+
+    /** Is this permission allowed? */
+    private boolean allowed;
+
+    public DbAccessControlEntryImpl()
+    {
+        super();
+    }
+
+    @Override
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder(128);
+        sb.append("DbAccessControlEntryImpl")
+          .append("[ id=").append(id)
+          .append(", acl=").append(accessControlList.getId())
+          .append(", permission=").append(permission.getId())
+          .append(", authority=").append(authority.getRecipient())
+          .append("]");
+        return sb.toString();
+    }
+
+    @Override
+    public boolean equals(Object o)
+    {
+        if (this == o)
+        {
+            return true;
+        }
+        if (!(o instanceof DbAccessControlEntry))
+        {
+            return false;
+        }
+        DbAccessControlEntry other = (DbAccessControlEntry) o;
+        return (this.allowed == other.isAllowed())
+                && EqualsHelper.nullSafeEquals(this.accessControlList, other.getAccessControlList())
+                && EqualsHelper.nullSafeEquals(this.permission, other.getPermission())
+                && EqualsHelper.nullSafeEquals(this.authority, other.getAuthority());
+    }
+
+    @Override
+    public int hashCode()
+    {
+        int hashCode = accessControlList.hashCode();
+        if (permission != null)
+        {
+            hashCode = hashCode * 37 + permission.hashCode();
+        }
+        if (authority != null)
+        {
+            hashCode = hashCode * 37 + authority.hashCode();
+        }
+        hashCode = hashCode * 37 + (allowed ? 1 : 0);
+        return hashCode;
+    }
+
+    /**
+     * Factory method to create an entry and wire it in to the contained nodePermissionEntry
+     * 
+     * @param accessControlList the list of entries that this one belongs to
+     * @param permission the mandatory permission association with this entry
+     * @param authority the mandatory authority
+     * @param allowed allowed or disallowed
+     * @return Returns an unpersisted entity
+     */
+    public static DbAccessControlEntryImpl create(
+            DbAccessControlList accessControlList,
+            DbPermission permission,
+            DbAuthority authority,
+            boolean allowed)
+    {
+        DbAccessControlEntryImpl accessControlEntry = new DbAccessControlEntryImpl();
+        accessControlEntry.setAccessControlList(accessControlList);
+        accessControlEntry.setPermission(permission);
+        accessControlEntry.setAuthority(authority);
+        accessControlEntry.setAllowed(allowed);
+        return accessControlEntry;
+    }
+
+    public long getId()
+    {
+        return id;
+    }
+    
+    /**
+     * For Hibernate use
+     */
+    /* package */ void setId(long id)
+    {
+        this.id = id;
+    }
+
+    public DbAccessControlList getAccessControlList()
+    {
+        return accessControlList;
+    }
+
+    public void setAccessControlList(DbAccessControlList nodePermissionEntry)
+    {
+        this.accessControlList = nodePermissionEntry;
+    }
+
+    public DbPermission getPermission()
+    {
+        return permission;
+    }
+
+    public void setPermission(DbPermission permissionReference)
+    {
+        this.permission = permissionReference;
+    }
+
+    public DbAuthority getAuthority()
+    {
+        return authority;
+    }
+
+    public void setAuthority(DbAuthority recipient)
+    {
+        this.authority = recipient;
+    }
+
+    public boolean isAllowed()
+    {
+        return allowed;
+    }
+
+    public void setAllowed(boolean allowed)
+    {
+        this.allowed = allowed;
+    }
+}
diff --git a/source/java/org/alfresco/repo/domain/hibernate/DbAccessControlListImpl.java b/source/java/org/alfresco/repo/domain/hibernate/DbAccessControlListImpl.java
new file mode 100644
index 0000000000..06692722e7
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/hibernate/DbAccessControlListImpl.java
@@ -0,0 +1,143 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.domain.hibernate;
+
+import org.alfresco.repo.domain.DbAccessControlList;
+import org.alfresco.repo.domain.Node;
+import org.alfresco.util.EqualsHelper;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.hibernate.CallbackException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+/**
+ * The hibernate persisted class for node permission entries.
+ * 
+ * @author andyh
+ */
+public class DbAccessControlListImpl extends LifecycleAdapter implements DbAccessControlList
+{
+    private static Log logger = LogFactory.getLog(DbAccessControlListImpl.class);
+
+    private long id;
+    private Node node;
+    private boolean inherits;
+    
+    @Override
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder(128);
+        sb.append("DbAccessControlListImpl")
+          .append("[ id=").append(id)
+          .append(", node=").append(node)
+          .append(", inherits=").append(inherits)
+          .append("]");
+        return sb.toString();
+    }
+
+    @Override
+    public boolean equals(Object o)
+    {
+        if (this == o)
+        {
+            return true;
+        }
+        if (!(o instanceof DbAccessControlList))
+        {
+            return false;
+        }
+        DbAccessControlList other = (DbAccessControlList) o;
+
+        return (this.inherits == other.getInherits())
+                && (EqualsHelper.nullSafeEquals(this.node, other.getNode()));
+    }
+
+    @Override
+    public int hashCode()
+    {
+        return (node == null ? 0 : node.hashCode());
+    }
+
+    public int deleteEntries()
+    {
+        /*
+         * This can use a delete direct to the database as well, but then care must be taken
+         * to evict the instances from the session.
+         */
+        
+        // bypass L2 cache and get all entries for this list
+        Query query = getSession()
+                .getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_AC_ENTRIES_FOR_AC_LIST)
+                .setLong("accessControlListId", this.id);
+        int count = HibernateHelper.deleteQueryResults(getSession(), query);
+        // done
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("Deleted " + count + " access entries for access control list " + this.id);
+        }
+        return count;
+    }
+
+    /**
+     * Ensures that all this access control list's entries have been deleted.
+     */
+    public boolean onDelete(Session session) throws CallbackException
+    {
+        deleteEntries();
+        return super.onDelete(session);
+    }
+
+    public long getId()
+    {
+        return id;
+    }
+    
+    /**
+     * Hibernate use
+     */
+    @SuppressWarnings("unused")
+    private void setId(long id)
+    {
+        this.id = id;
+    }
+
+    public Node getNode()
+    {
+        return node;
+    }
+    
+    public void setNode(Node node)
+    {
+        this.node = node;
+    }
+    
+    public DbAccessControlListImpl()
+    {
+        super();
+    }
+
+    public boolean getInherits()
+    {
+        return inherits;
+    }
+
+    public void setInherits(boolean inherits)
+    {
+        this.inherits = inherits;
+    }
+}
diff --git a/source/java/org/alfresco/repo/domain/hibernate/DbAuthorityImpl.java b/source/java/org/alfresco/repo/domain/hibernate/DbAuthorityImpl.java
new file mode 100644
index 0000000000..5194057763
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/hibernate/DbAuthorityImpl.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.domain.hibernate;
+
+import java.util.HashSet;
+import java.util.Set;
+
+import org.alfresco.repo.domain.DbAuthority;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.hibernate.CallbackException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+/**
+ * The persisted class for authorities.
+ * 
+ * @author andyh
+ */
+public class DbAuthorityImpl extends LifecycleAdapter implements DbAuthority
+{
+    private static final long serialVersionUID = -5582068692208928127L;
+    
+    private static Log logger = LogFactory.getLog(DbAuthorityImpl.class);
+
+    private String recipient;
+    private Set<String> externalKeys = new HashSet<String>();
+
+    public DbAuthorityImpl()
+    {
+        super();
+    }
+    
+    @Override
+    public boolean equals(Object o)
+    {
+        if(this == o)
+        {
+            return true;
+        }
+        if(!(o instanceof DbAuthority))
+        {
+            return false;
+        }
+        DbAuthority other = (DbAuthority)o;
+        return this.getRecipient().equals(other.getRecipient());
+    }
+
+    @Override
+    public int hashCode()
+    {
+        return getRecipient().hashCode();
+    }
+
+    public int deleteEntries()
+    {
+        /*
+         * This can use a delete direct to the database as well, but then care must be taken
+         * to evict the instances from the session.
+         */
+        
+        // bypass L2 cache and get all entries for this list
+        Query query = getSession()
+                .getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_AC_ENTRIES_FOR_AUTHORITY)
+                .setString("recipient", this.recipient);
+        int count = HibernateHelper.deleteQueryResults(getSession(), query);
+        // done
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("Deleted " + count + " access entries for access control list " + this.recipient);
+        }
+        return count;
+    }
+
+    /**
+     * Ensures that all this access control list's entries have been deleted.
+     */
+    public boolean onDelete(Session session) throws CallbackException
+    {
+        deleteEntries();
+        return super.onDelete(session);
+    }
+
+    public String getRecipient()
+    {
+        return recipient;
+    }
+
+    public void setRecipient(String recipient)
+    {
+       this.recipient = recipient;
+    }
+
+    public Set<String> getExternalKeys()
+    {
+        return externalKeys;
+    }
+
+    // Hibernate
+    /* package */ void setExternalKeys(Set<String> externalKeys)
+    {
+        this.externalKeys = externalKeys;
+    }
+}
diff --git a/source/java/org/alfresco/repo/domain/hibernate/DbPermissionImpl.java b/source/java/org/alfresco/repo/domain/hibernate/DbPermissionImpl.java
new file mode 100644
index 0000000000..1e270483db
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/hibernate/DbPermissionImpl.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.domain.hibernate;
+
+import org.alfresco.repo.domain.DbPermission;
+import org.alfresco.service.namespace.QName;
+import org.alfresco.util.EqualsHelper;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.hibernate.CallbackException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+/**
+ * The persisted class for permissions.
+ * 
+ * @author andyh
+ */
+public class DbPermissionImpl extends LifecycleAdapter implements DbPermission
+{   
+    private static final long serialVersionUID = -6352566900815035461L;
+    
+    private static Log logger = LogFactory.getLog(DbPermissionImpl.class);
+
+    private long id;
+    private QName typeQname;
+    private String name;
+
+    public DbPermissionImpl()
+    {
+        super();
+    }
+    
+    @Override
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder(128);
+        sb.append("PermissionImpl")
+          .append("[ id=").append(id)
+          .append(", typeQname=").append(typeQname)
+          .append(", name=").append(getName())
+          .append("]");
+        return sb.toString();
+    }
+
+    @Override
+    public boolean equals(Object o)
+    {
+        if(this == o)
+        {
+            return true;
+        }
+        if(!(o instanceof DbPermission))
+        {
+            return false;
+        }
+        DbPermission other = (DbPermission)o;
+        return (EqualsHelper.nullSafeEquals(typeQname, other.getTypeQname()))
+                && (EqualsHelper.nullSafeEquals(name, other.getName())); 
+    }
+
+    @Override
+    public int hashCode()
+    {
+        return typeQname.hashCode() + (37 * name.hashCode());
+    }
+    
+    public int deleteEntries()
+    {
+        /*
+         * This can use a delete direct to the database as well, but then care must be taken
+         * to evict the instances from the session.
+         */
+        
+        // bypass L2 cache and get all entries for this list
+        Query query = getSession()
+                .getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_AC_ENTRIES_FOR_PERMISSION)
+                .setSerializable("permissionId", this.id);
+        int count = HibernateHelper.deleteQueryResults(getSession(), query);
+        // done
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("Deleted " + count + " access entries for permission " + this.id);
+        }
+        return count;
+    }
+
+    /**
+     * Ensures that all this access control list's entries have been deleted.
+     */
+    public boolean onDelete(Session session) throws CallbackException
+    {
+        deleteEntries();
+        return super.onDelete(session);
+    }
+
+    public long getId()
+    {
+        return id;
+    }
+
+    /**
+     * For Hibernate use
+     */
+    @SuppressWarnings("unused")
+    private void setId(long id)
+    {
+        this.id = id;
+    }
+
+    public QName getTypeQname()
+    {
+        return typeQname;
+    }
+
+    public void setTypeQname(QName typeQname)
+    {
+        this.typeQname = typeQname;
+    }
+
+    public String getName()
+    {
+        return name;
+    }
+
+    public void setName(String name)
+    {
+        this.name = name;
+    }
+    
+    /**
+     * Helper method to find a permission based on its natural key
+     * 
+     * @param session the Hibernate session to use
+     * @param qname the type qualified name
+     * @param name the name of the permission
+     * @return Returns an existing instance or null if not found
+     */
+    public static DbPermission find(Session session, QName qname, String name)
+    {
+        Query query = session
+                .getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_PERMISSION)
+                .setString("permissionTypeQName", qname.toString())
+                .setString("permissionName", name);
+        return (DbPermission) query.uniqueResult();
+    }
+}
diff --git a/source/java/org/alfresco/repo/domain/hibernate/HibernateHelper.java b/source/java/org/alfresco/repo/domain/hibernate/HibernateHelper.java
new file mode 100644
index 0000000000..86070d90a8
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/hibernate/HibernateHelper.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.domain.hibernate;
+
+import org.hibernate.CacheMode;
+import org.hibernate.ObjectDeletedException;
+import org.hibernate.Query;
+import org.hibernate.ScrollMode;
+import org.hibernate.ScrollableResults;
+import org.hibernate.Session;
+
+/**
+ * Helper methods related to Hibernate
+ * 
+ * @author Derek Hulley
+ */
+public class HibernateHelper
+{
+    /**
+     * Helper method to scroll through the results of a query and delete all the
+     * results, performing batch flushes.  This will handle large resultsets by
+     * pulling the results directly in from the query.  For certain circumstances, it
+     * may be better to perform a bulk delete directly instead.
+     * 
+     * @param session the session to use for the deletions
+     * @param query the query with all parameters set
+     * @return Returns the number of entities deleted, regardless of type
+     */
+    public static int deleteQueryResults(Session session, Query query)
+    {
+        ScrollableResults entities = query.setCacheMode(CacheMode.IGNORE).scroll(ScrollMode.FORWARD_ONLY);
+        int count = 0;
+        while (entities.next())
+        {
+            Object[] entityResults = entities.get();
+            for (Object object : entityResults)
+            {
+                try
+                {
+                    session.delete(object);
+                }
+                catch (ObjectDeletedException e)
+                {
+                    // ignore - it's what we wanted
+                }
+                if (++count % 50 == 0)
+                {
+                    session.flush();
+                    session.clear();
+                }
+            }
+        }
+        return count;
+    }
+}
diff --git a/source/java/org/alfresco/repo/domain/hibernate/HibernateNodeTest.java b/source/java/org/alfresco/repo/domain/hibernate/HibernateNodeTest.java
index dd8b5b4838..86b8021c84 100644
--- a/source/java/org/alfresco/repo/domain/hibernate/HibernateNodeTest.java
+++ b/source/java/org/alfresco/repo/domain/hibernate/HibernateNodeTest.java
@@ -41,6 +41,7 @@ import org.alfresco.service.namespace.QName;
 import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.util.BaseSpringTest;
 import org.alfresco.util.GUID;
+import org.hibernate.exception.ConstraintViolationException;
 
 /**
  * Test persistence and retrieval of Hibernate-specific implementations of the
@@ -48,6 +49,7 @@ import org.alfresco.util.GUID;
  * 
  * @author Derek Hulley
  */
+@SuppressWarnings("unused")
 public class HibernateNodeTest extends BaseSpringTest
 {
     private static final String TEST_NAMESPACE = "http://www.alfresco.org/test/HibernateNodeTest";
@@ -62,7 +64,7 @@ public class HibernateNodeTest extends BaseSpringTest
     {
         store = new StoreImpl();
 		StoreKey storeKey = new StoreKey(StoreRef.PROTOCOL_WORKSPACE,
-                "TestWorkspace@" + System.currentTimeMillis());
+                "TestWorkspace@" + System.currentTimeMillis() + " - " + System.nanoTime());
 		store.setKey(storeKey);
         // persist so that it is present in the hibernate cache
         getSession().save(store);
@@ -82,46 +84,13 @@ public class HibernateNodeTest extends BaseSpringTest
     
 	public void testGetStore() throws Exception
 	{
-        NodeKey key = new NodeKey("Random Protocol", "Random Identifier", "AAA");
-        // create the node status
-        NodeStatus nodeStatus = new NodeStatusImpl();
-        nodeStatus.setKey(key);
-        nodeStatus.setDeleted(false);
-        nodeStatus.setChangeTxnId("txn:123");
-        getSession().save(nodeStatus);
         // create a new Node
         Node node = new NodeImpl();
-		node.setKey(key);
-        node.setStore(store);   // not meaningful as it contradicts the key
-        node.setTypeQName(ContentModel.TYPE_CONTAINER);
-        node.setStatus(nodeStatus);
-        // persist it
-		try
-		{
-			Serializable id = getSession().save(node);
-			fail("No store exists");
-		}
-		catch (Throwable e)
-		{
-			// expected
-		}
-		// this should not solve the problem
         node.setStore(store);
-        // persist it
-		try
-		{
-			Serializable id = getSession().save(node);
-			fail("Setting store does not persist protocol and identifier attributes");
-		}
-		catch (Throwable e)
-		{
-			// expected
-		}
-		
-		// fix the key
-		key = new NodeKey(store.getKey().getProtocol(), store.getKey().getIdentifier(), "AAA");
-		node.setKey(key);
-		// now it should work
+        node.setUuid(GUID.generate());
+        node.setTypeQName(ContentModel.TYPE_CONTAINER);
+
+        // now it should work
 		Serializable id = getSession().save(node);
 
         // throw the reference away and get the a new one for the id
@@ -139,36 +108,42 @@ public class HibernateNodeTest extends BaseSpringTest
         // create the node status
         NodeStatus nodeStatus = new NodeStatusImpl();
         nodeStatus.setKey(key);
-        nodeStatus.setDeleted(false);
         nodeStatus.setChangeTxnId("txn:123");
         getSession().save(nodeStatus);
         
-        // it must be able to exist without the node
-        flushAndClear();
-        
         // create a new Node
         Node node = new NodeImpl();
         node.setStore(store);
-        node.setKey(key);
-        node.setStore(store);   // not meaningful as it contradicts the key
+        node.setUuid(GUID.generate());
         node.setTypeQName(ContentModel.TYPE_CONTAINER);
-        node.setStatus(nodeStatus);
-        Serializable id = getSession().save(node);
-        
-        // flush
+        Serializable nodeId = getSession().save(node);
+
+        // This should all be fine.  The node does not HAVE to have a status.
         flushAndClear();
-        
-        // is the status retrievable
-        node = (Node) getSession().get(NodeImpl.class, id);
-        nodeStatus = node.getStatus();
+
+        // set the node
+        nodeStatus = (NodeStatus) getSession().get(NodeStatusImpl.class, key);
+        nodeStatus.setNode(node);
+        flushAndClear();
+
+        // is the node retrievable?
+        nodeStatus = (NodeStatus) getSession().get(NodeStatusImpl.class, key);
+        node = nodeStatus.getNode();
+        assertNotNull("Node was not attached to status", node);
         // change the values
         nodeStatus.setChangeTxnId("txn:456");
-        nodeStatus.setDeleted(true);
         // delete the node
         getSession().delete(node);
         
-        // flush
-        flushAndClear();
+        try
+        {
+            flushAndClear();
+            fail("Node status may not refer to non-existent node");
+        }
+        catch(ConstraintViolationException e)
+        {
+            // expected
+        }
     }
 
     /**
@@ -176,18 +151,11 @@ public class HibernateNodeTest extends BaseSpringTest
      */
     public void testProperties() throws Exception
     {
-        NodeKey key = new NodeKey(store.getKey(), "AAA");
-        // create the node status
-        NodeStatus nodeStatus = new NodeStatusImpl();
-        nodeStatus.setKey(key);
-        nodeStatus.setDeleted(false);
-        nodeStatus.setChangeTxnId("txn:123");
-        getSession().save(nodeStatus);
         // create a new Node
         Node node = new NodeImpl();
-		node.setKey(key);
+        node.setStore(store);
+        node.setUuid(GUID.generate());
         node.setTypeQName(ContentModel.TYPE_CONTAINER);
-        node.setStatus(nodeStatus);
         // give it a property map
         Map<QName, PropertyValue> propertyMap = new HashMap<QName, PropertyValue>(5);
         QName propertyQName = QName.createQName("{}A");
@@ -213,19 +181,11 @@ public class HibernateNodeTest extends BaseSpringTest
      */
     public void testAspects() throws Exception
     {
-        NodeKey key = new NodeKey(store.getKey(), GUID.generate());
-        // create the node status
-        NodeStatus nodeStatus = new NodeStatusImpl();
-        nodeStatus.setKey(key);
-        nodeStatus.setDeleted(false);
-        nodeStatus.setChangeTxnId("txn:123");
-        getSession().save(nodeStatus);
         // make a real node
         Node node = new NodeImpl();
-        node.setKey(key);
         node.setStore(store);
+        node.setUuid(GUID.generate());
         node.setTypeQName(ContentModel.TYPE_CMOBJECT);
-        node.setStatus(nodeStatus);
         
         // add some aspects
         QName aspect1 = QName.createQName(TEST_NAMESPACE, "1");
@@ -254,33 +214,20 @@ public class HibernateNodeTest extends BaseSpringTest
     
     public void testNodeAssoc() throws Exception
     {
-        NodeKey sourceKey = new NodeKey(store.getKey(), GUID.generate());
         // make a source node
-        NodeStatus sourceNodeStatus = new NodeStatusImpl();
-        sourceNodeStatus.setKey(sourceKey);
-        sourceNodeStatus.setDeleted(false);
-        sourceNodeStatus.setChangeTxnId("txn:123");
-        getSession().save(sourceNodeStatus);
         Node sourceNode = new NodeImpl();
-        sourceNode.setKey(sourceKey);
         sourceNode.setStore(store);
+        sourceNode.setUuid(GUID.generate());
         sourceNode.setTypeQName(ContentModel.TYPE_CMOBJECT);
-        sourceNode.setStatus(sourceNodeStatus);
-        Serializable realNodeKey = getSession().save(sourceNode);
+        Serializable realNodeId = getSession().save(sourceNode);
         
         // make a container node
-        NodeKey targetKey = new NodeKey(store.getKey(), GUID.generate());
-        NodeStatus targetNodeStatus = new NodeStatusImpl();
-        targetNodeStatus.setKey(targetKey);
-        targetNodeStatus.setDeleted(false);
-        targetNodeStatus.setChangeTxnId("txn:123");
-        getSession().save(targetNodeStatus);
         Node targetNode = new NodeImpl();
-        targetNode.setKey(targetKey);
         targetNode.setStore(store);
+        targetNode.setStore(store);
+        targetNode.setUuid(GUID.generate());
         targetNode.setTypeQName(ContentModel.TYPE_CONTAINER);
-        targetNode.setStatus(targetNodeStatus);
-        Serializable containerNodeKey = getSession().save(targetNode);
+        Serializable containerNodeId = getSession().save(targetNode);
         
         // create an association between them
         NodeAssoc assoc = new NodeAssocImpl();
@@ -299,13 +246,13 @@ public class HibernateNodeTest extends BaseSpringTest
         getSession().clear();
         
         // reload the source
-        sourceNode = (Node) getSession().get(NodeImpl.class, sourceKey);
+        sourceNode = (Node) getSession().get(NodeImpl.class, realNodeId);
         assertNotNull("Source node not found", sourceNode);
         // check that the associations are present
         assertEquals("Expected exactly 2 target assocs", 2, sourceNode.getTargetNodeAssocs().size());
         
         // reload the target
-        targetNode = (Node) getSession().get(NodeImpl.class, targetKey);
+        targetNode = (Node) getSession().get(NodeImpl.class, containerNodeId);
         assertNotNull("Target node not found", targetNode);
         // check that the associations are present
         assertEquals("Expected exactly 2 source assocs", 2, targetNode.getSourceNodeAssocs().size());
@@ -314,32 +261,17 @@ public class HibernateNodeTest extends BaseSpringTest
     public void testChildAssoc() throws Exception
     {
         // make a content node
-        NodeKey key = new NodeKey(store.getKey(), GUID.generate());
-        NodeStatus contentNodeStatus = new NodeStatusImpl();
-        contentNodeStatus.setKey(key);
-        contentNodeStatus.setDeleted(false);
-        contentNodeStatus.setChangeTxnId("txn:123");
-        getSession().save(contentNodeStatus);
         Node contentNode = new NodeImpl();
-		contentNode.setKey(key);
         contentNode.setStore(store);
         contentNode.setTypeQName(ContentModel.TYPE_CONTENT);
-        contentNode.setStatus(contentNodeStatus);
-        Serializable contentNodeKey = getSession().save(contentNode);
+        Serializable contentNodeId = getSession().save(contentNode);
 
         // make a container node
-        key = new NodeKey(store.getKey(), GUID.generate());
-        NodeStatus containerNodeStatus = new NodeStatusImpl();
-        containerNodeStatus.setKey(key);
-        containerNodeStatus.setDeleted(false);
-        containerNodeStatus.setChangeTxnId("txn:123");
-        getSession().save(containerNodeStatus);
         Node containerNode = new NodeImpl();
-		containerNode.setKey(key);
         containerNode.setStore(store);
+        containerNode.setUuid(GUID.generate());
         containerNode.setTypeQName(ContentModel.TYPE_CONTAINER);
-        containerNode.setStatus(containerNodeStatus);
-        Serializable containerNodeKey = getSession().save(containerNode);
+        Serializable containerNodeId = getSession().save(containerNode);
         // create an association to the content
         ChildAssoc assoc1 = new ChildAssocImpl();
         assoc1.setIsPrimary(true);
@@ -362,7 +294,7 @@ public class HibernateNodeTest extends BaseSpringTest
 //        flushAndClear();
 
         // reload the container
-        containerNode = (Node) getSession().get(NodeImpl.class, containerNodeKey);
+        containerNode = (Node) getSession().get(NodeImpl.class, containerNodeId);
         assertNotNull("Node not found", containerNode);
         // check
         assertEquals("Expected exactly 2 children", 2, containerNode.getChildAssocs().size());
@@ -371,8 +303,8 @@ public class HibernateNodeTest extends BaseSpringTest
             ChildAssoc assoc = (ChildAssoc) iterator.next();
             // the node id must be known
             assertNotNull("Node not populated on assoc", assoc.getChild());
-            assertEquals("Node key on child assoc is incorrect", contentNodeKey,
-                    assoc.getChild().getKey());
+            assertEquals("Node key on child assoc is incorrect",
+                    contentNodeId, assoc.getChild().getId());
         }
 
         // check that we can traverse the association from the child
@@ -397,20 +329,12 @@ public class HibernateNodeTest extends BaseSpringTest
      */
     public void testCaching() throws Exception
     {
-        NodeKey key = new NodeKey(store.getKey(), GUID.generate());
-        
         // make a node
-        NodeStatus nodeStatus = new NodeStatusImpl();
-        nodeStatus.setKey(key);
-        nodeStatus.setDeleted(false);
-        nodeStatus.setChangeTxnId("txn:123");
-        getSession().save(nodeStatus);
         Node node = new NodeImpl();
-        node.setKey(key);
         node.setStore(store);
+        node.setUuid(GUID.generate());
         node.setTypeQName(ContentModel.TYPE_CONTENT);
-        node.setStatus(nodeStatus);
-        getSession().save(node);
+        Serializable nodeId = getSession().save(node);
         
         // add some aspects to the node
         Set<QName> aspects = node.getAspects();
@@ -421,7 +345,7 @@ public class HibernateNodeTest extends BaseSpringTest
         properties.put(ContentModel.PROP_NAME, new PropertyValue(DataTypeDefinition.TEXT, "ABC"));
         
         // check that the session hands back the same instance
-        Node checkNode = (Node) getSession().get(NodeImpl.class, key);
+        Node checkNode = (Node) getSession().get(NodeImpl.class, nodeId);
         assertNotNull(checkNode);
         assertTrue("Node retrieved was not same instance", checkNode == node);
         
@@ -448,7 +372,7 @@ public class HibernateNodeTest extends BaseSpringTest
             txn.begin();
             
             // check that the L2 cache hands back the same instance
-            checkNode = (Node) getSession().get(NodeImpl.class, key);
+            checkNode = (Node) getSession().get(NodeImpl.class, nodeId);
             assertNotNull(checkNode);
             checkAspects = checkNode.getAspects();
     
diff --git a/source/java/org/alfresco/repo/domain/hibernate/LifecycleAdapter.java b/source/java/org/alfresco/repo/domain/hibernate/LifecycleAdapter.java
new file mode 100644
index 0000000000..54c202accc
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/hibernate/LifecycleAdapter.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.domain.hibernate;
+
+import java.io.Serializable;
+
+import org.hibernate.CallbackException;
+import org.hibernate.Session;
+import org.hibernate.classic.Lifecycle;
+
+/**
+ * Helper base class providing lifecycle and other support
+ * 
+ * @author Derek Hulley
+ */
+public abstract class LifecycleAdapter implements Lifecycle
+{
+    /** Helper */
+    private Session session;
+    
+    /**
+     * @return Returns the session that this object was used in
+     */
+    protected Session getSession()
+    {
+        return session;
+    }
+
+    /**
+     * @return Returns NO_VETO always
+     */
+    public boolean onDelete(Session session) throws CallbackException
+    {
+        return NO_VETO;
+    }
+    
+    /** NO OP */
+    public void onLoad(Session session, Serializable id)
+    {
+        this.session = session;
+    }
+
+    /** @return Returns NO_VETO always */
+    public boolean onSave(Session session) throws CallbackException
+    {
+        this.session = session;
+        return NO_VETO;
+    }
+
+    /** @return Returns NO_VETO always */
+    public boolean onUpdate(Session session) throws CallbackException
+    {
+        this.session = session;
+        return NO_VETO;
+    }
+}
diff --git a/source/java/org/alfresco/repo/domain/hibernate/Node.hbm.xml b/source/java/org/alfresco/repo/domain/hibernate/Node.hbm.xml
index 133f2f13e7..10684f573b 100644
--- a/source/java/org/alfresco/repo/domain/hibernate/Node.hbm.xml
+++ b/source/java/org/alfresco/repo/domain/hibernate/Node.hbm.xml
@@ -17,21 +17,41 @@
          select-before-update="false" 
          lazy="true" 
          optimistic-lock="version"  >
-      <!-- composite PK -->
-      <composite-id name="key" class="org.alfresco.repo.domain.NodeKey">
-         <key-property name="protocol" length="50" />
-         <key-property name="identifier" length="100" />
-         <key-property name="guid" length="36"/>
-      </composite-id>
+      <!-- auto-generated ID -->
+      <id name="id" column="id" type="long" >
+         <generator class="native" />
+      </id>
+      <!-- forward assoc to store -->
+      <many-to-one
+            name="store"
+            class="org.alfresco.repo.domain.hibernate.StoreImpl"
+            not-null="true"
+            lazy="no-proxy"
+            optimistic-lock="true"
+            fetch="select">
+         <column name="protocol" not-null="true" />
+         <column name="identifier" not-null="true" />
+      </many-to-one>
+      <!-- the store-unique identifier -->
+      <property name="uuid" column="uuid" type="string" length="36" />
       <property name="typeQName" column="type_qname" type="QName" length="255" not-null="true" />
-      <!-- forward assoc to node status -->
+      <!-- inverse assoc to access control list -->
+      <one-to-one 
+            name="accessControlList"
+            class="org.alfresco.repo.domain.hibernate.DbAccessControlListImpl"
+            property-ref="node"
+            lazy="no-proxy"
+            fetch="select"
+            cascade="delete" /> 
+      <!-- inverse assoc to node status -->
+<!--
       <one-to-one
             name="status"
             class="org.alfresco.repo.domain.hibernate.NodeStatusImpl"
-            constrained="true"
+            property-ref="node"
             lazy="no-proxy"
-            fetch="select">
-      </one-to-one>
+            fetch="select" />
+-->
       <!-- forward assoc to properties -->
       <map
             name="properties" 
@@ -42,12 +62,8 @@
             inverse="false" 
             optimistic-lock="true"
             cascade="delete" >
-         <key>
-            <column name="protocol" length="50" />
-            <column name="identifier" length="100" />
-            <column name="guid" length="36" />
-         </key>
-         <map-key column="qname" type="QName" length="128" />
+         <key column="node_id" not-null="true" />
+         <map-key column="qname" type="QName" length="200" />
          <composite-element class="org.alfresco.repo.domain.PropertyValue" >
             <property name="actualType" column="actual_type" type="string" length="15" not-null="true" />
             <property name="multiValued" column="multi_valued" type="boolean" not-null="true" />
@@ -70,26 +86,9 @@
             fetch="select"
             optimistic-lock="true"
             cascade="delete" >
-         <key>
-            <column name="protocol" length="50"  />
-            <column name="identifier" length="100" />
-            <column name="guid" length="36" />
-         </key>
-         <element column="qname" type="QName" length="128"/>
+         <key column="node_id" not-null="true" />
+         <element column="qname" type="QName" length="200"/>
       </set>
-      <!-- forward assoc to store -->
-      <many-to-one
-            name="store"
-            class="org.alfresco.repo.domain.hibernate.StoreImpl"
-            not-null="true"
-            insert="false"
-            update="false" 
-            lazy="no-proxy"
-            optimistic-lock="true"
-            fetch="select">
-         <column name="protocol" />
-         <column name="identifier" />
-      </many-to-one>
       <!-- inverse assoc to parent childassocs -->
       <bag
             name="parentAssocs"
@@ -98,11 +97,7 @@
             cascade="none"
             optimistic-lock="true"
             fetch="select" >
-         <key>
-            <column name="child_protocol" />
-            <column name="child_identifier" />
-            <column name="child_guid" length="36" />
-         </key>
+         <key column="child_node_id" />
          <one-to-many class="org.alfresco.repo.domain.hibernate.ChildAssocImpl" />
       </bag>
       <!-- inverse assoc to child childassocs -->
@@ -113,13 +108,8 @@
             cascade="none"
             optimistic-lock="true"
             fetch="select" >
-         <key>
-            <column name="parent_protocol" />
-            <column name="parent_identifier" />
-            <column name="parent_guid" length="36" />
-         </key>
+         <key column="parent_node_id" />
          <one-to-many class="org.alfresco.repo.domain.hibernate.ChildAssocImpl"  />
-         
       </bag>
       <!-- inverse assoc to source nodeassocs -->
       <bag
@@ -127,11 +117,7 @@
             inverse="true" 
             cascade="none"
             optimistic-lock="true" >
-         <key>
-            <column name="target_protocol" />
-            <column name="target_identifier" />
-            <column name="target_guid" length="36" />
-         </key>
+         <key column="target_node_id" />
          <one-to-many class="org.alfresco.repo.domain.hibernate.NodeAssocImpl" />
       </bag>
       <!-- inverse assoc to target nodeassocs -->
@@ -140,11 +126,7 @@
             inverse="true" 
             cascade="none"
             optimistic-lock="true" >
-         <key>
-            <column name="source_protocol" />
-            <column name="source_identifier" />
-            <column name="source_guid" length="36" />
-         </key>
+         <key column="source_node_id" />
          <one-to-many class="org.alfresco.repo.domain.hibernate.NodeAssocImpl" />
       </bag>
    </class>
@@ -162,8 +144,17 @@
       <composite-id name="key" class="org.alfresco.repo.domain.NodeKey">
          <key-property name="protocol" length="50" />
          <key-property name="identifier" length="100" />
-         <key-property name="guid" length="36"/>
+         <key-property name="guid" length="36" />
       </composite-id>
+      <!-- forward assoc to node (optional) -->
+      <many-to-one
+            name="node"
+            class="org.alfresco.repo.domain.hibernate.NodeImpl"
+            column="node_id"
+            unique="true"
+            not-null="false"
+            fetch="join"
+            lazy="false" />
       <property name="changeTxnId" column="change_txn_id" type="string" length="56" not-null="true" />
       <property name="deleted" column="deleted" type="boolean" not-null="true" />
    </class>
@@ -176,15 +167,13 @@
          lazy="true"
          optimistic-lock="version"
          table="child_assoc" >
-      <id
-            name="id"
-            column="id" 
-            type="long" >
-         <generator class="increment" />
+      <!-- auto-generated ID -->
+      <id name="id" column="id" type="long" >
+         <generator class="native" />
       </id>
       <property name="typeQName" column="type_qname" type="QName" length="255" not-null="true" />
       <property name="qname" column="qname" type="QName" length="255" not-null="true" />
-      <property name="isPrimary" />
+      <property name="isPrimary" column="is_primary" />
       <property name="index" column="assoc_index" />
       <!-- forward assoc to parent node -->
       <many-to-one 
@@ -194,9 +183,7 @@
             fetch="join"
             optimistic-lock="true"
             not-null="true" >
-         <column name="parent_protocol" />
-         <column name="parent_identifier" />
-         <column name="parent_guid" length="36" />
+         <column name="parent_node_id" />
       </many-to-one>
       <!-- forward assoc to child node -->
       <many-to-one
@@ -206,9 +193,7 @@
             class="org.alfresco.repo.domain.hibernate.NodeImpl"
             optimistic-lock="true"
             not-null="true" >
-         <column name="child_protocol" />
-         <column name="child_identifier" />
-         <column name="child_guid" length="36" />
+         <column name="child_node_id" />
       </many-to-one>
    </class>
 
@@ -216,11 +201,9 @@
          name="org.alfresco.repo.domain.hibernate.NodeAssocImpl"
          proxy="org.alfresco.repo.domain.NodeAssoc"
          table="node_assoc" >
-      <id
-            name="id"
-            column="id"
-            type="long" >
-         <generator class="increment" />
+      <!-- auto-generated ID -->
+      <id name="id" column="id" type="long" >
+         <generator class="native" />
       </id>
       <property name="typeQName" column="type_qname" type="QName" length="255" not-null="true" />
       <!-- forward assoc to source node -->
@@ -228,18 +211,14 @@
             name="source"
             class="org.alfresco.repo.domain.hibernate.NodeImpl"
             not-null="true" >
-         <column name="source_protocol" />
-         <column name="source_identifier" />
-         <column name="source_guid" length="36" />
+         <column name="source_node_id" />
       </many-to-one>
       <!-- forward assoc to target node -->
       <many-to-one
             name="target"
             class="org.alfresco.repo.domain.hibernate.NodeImpl"
             not-null="true" >
-         <column name="target_protocol" />
-         <column name="target_identifier" />
-         <column name="target_guid" length="36" />
+         <column name="target_node_id" />
       </many-to-one>
    </class>
    
@@ -254,30 +233,21 @@
       select
          assoc
       from
-         org.alfresco.repo.domain.hibernate.NodeImpl as source
-         join source.targetNodeAssocs as assoc
-         join assoc.target as target
+         org.alfresco.repo.domain.hibernate.NodeAssocImpl as assoc
       where
-         source.key.protocol = :sourceKeyProtocol and
-         source.key.identifier = :sourceKeyIdentifier and
-         source.key.guid = :sourceKeyGuid and
-         assoc.typeQName = :assocTypeQName and
-         target.key.protocol = :targetKeyProtocol and
-         target.key.identifier = :targetKeyIdentifier and
-         target.key.guid = :targetKeyGuid
+         assoc.source = :sourceNode and
+         assoc.target = :targetNode and
+         assoc.typeQName = :assocTypeQName
    </query>
    
    <query name="node.GetNodeAssocTargets">
       select
          target
       from
-         org.alfresco.repo.domain.hibernate.NodeImpl as source
-         join source.targetNodeAssocs as assoc
+         org.alfresco.repo.domain.hibernate.NodeAssocImpl as assoc
          join assoc.target as target
       where
-         source.key.protocol = :sourceKeyProtocol and
-         source.key.identifier = :sourceKeyIdentifier and
-         source.key.guid = :sourceKeyGuid and
+         assoc.source = :sourceNode and
          assoc.typeQName = :assocTypeQName
    </query>
 
@@ -285,13 +255,10 @@
       select
          source
       from
-         org.alfresco.repo.domain.hibernate.NodeImpl as target
-         join target.sourceNodeAssocs as assoc
+         org.alfresco.repo.domain.hibernate.NodeAssocImpl as assoc
          join assoc.source as source
       where
-         target.key.protocol = :targetKeyProtocol and
-         target.key.identifier = :targetKeyIdentifier and
-         target.key.guid = :targetKeyGuid and
+         assoc.target = :targetNode and
          assoc.typeQName = :assocTypeQName
    </query>
 
diff --git a/source/java/org/alfresco/repo/domain/hibernate/NodeAssocImpl.java b/source/java/org/alfresco/repo/domain/hibernate/NodeAssocImpl.java
index 6362d53ae5..7535736427 100644
--- a/source/java/org/alfresco/repo/domain/hibernate/NodeAssocImpl.java
+++ b/source/java/org/alfresco/repo/domain/hibernate/NodeAssocImpl.java
@@ -112,6 +112,7 @@ public class NodeAssocImpl implements NodeAssoc
     /**
      * For Hibernate use
      */
+    @SuppressWarnings("unused")
     private void setId(long id)
     {
         this.id = id;
diff --git a/source/java/org/alfresco/repo/domain/hibernate/NodeImpl.java b/source/java/org/alfresco/repo/domain/hibernate/NodeImpl.java
index 5a5e5271f4..4e37bc31e2 100644
--- a/source/java/org/alfresco/repo/domain/hibernate/NodeImpl.java
+++ b/source/java/org/alfresco/repo/domain/hibernate/NodeImpl.java
@@ -22,11 +22,14 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock;
 
 import org.alfresco.repo.domain.ChildAssoc;
+import org.alfresco.repo.domain.DbAccessControlList;
 import org.alfresco.repo.domain.Node;
 import org.alfresco.repo.domain.NodeAssoc;
-import org.alfresco.repo.domain.NodeKey;
 import org.alfresco.repo.domain.NodeStatus;
 import org.alfresco.repo.domain.PropertyValue;
 import org.alfresco.repo.domain.Store;
@@ -41,18 +44,23 @@ import org.alfresco.service.namespace.QName;
  * 
  * @author Derek Hulley
  */
-public class NodeImpl implements Node
+public class NodeImpl extends LifecycleAdapter implements Node
 {
-    private NodeKey key;
+    private Long id;
     private Store store;
+    private String uuid;
     private QName typeQName;
-    private NodeStatus status;
+//    private NodeStatus status;
     private Set<QName> aspects;
     private Collection<NodeAssoc> sourceNodeAssocs;
     private Collection<NodeAssoc> targetNodeAssocs;
     private Collection<ChildAssoc> parentAssocs;
     private Collection<ChildAssoc> childAssocs;
     private Map<QName, PropertyValue> properties;
+    private DbAccessControlList accessControlList;
+    
+    private transient ReadLock refReadLock;
+    private transient WriteLock refWriteLock;
     private transient NodeRef nodeRef;
 
     public NodeImpl()
@@ -63,6 +71,53 @@ public class NodeImpl implements Node
         parentAssocs = new ArrayList<ChildAssoc>(3);
         childAssocs = new ArrayList<ChildAssoc>(3);
         properties = new HashMap<QName, PropertyValue>(5);
+        
+        ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
+        refReadLock = lock.readLock();
+        refWriteLock = lock.writeLock();
+    }
+
+    /**
+     * Thread-safe caching of the reference is provided
+     */
+    public NodeRef getNodeRef()
+    {
+        // first check if it is available
+        refReadLock.lock();
+        try
+        {
+            if (nodeRef != null)
+            {
+                return nodeRef;
+            }
+        }
+        finally
+        {
+            refReadLock.unlock();
+        }
+        // get write lock
+        refWriteLock.lock();
+        try
+        {
+            // double check
+            if (nodeRef == null )
+            {
+                nodeRef = new NodeRef(getStore().getStoreRef(), getUuid());
+            }
+            return nodeRef;
+        }
+        finally
+        {
+            refWriteLock.unlock();
+        }
+    }
+    
+    /**
+     * @see #getNodeRef()
+     */
+    public String toString()
+    {
+        return getNodeRef().toString();
     }
     
     public boolean equals(Object obj)
@@ -80,31 +135,77 @@ public class NodeImpl implements Node
             return false;
         }
         Node that = (Node) obj;
-        return (this.getKey().equals(that.getKey()));
+        return (this.getNodeRef().equals(that.getNodeRef()));
     }
     
     public int hashCode()
     {
-        return getKey().hashCode();
+        return getNodeRef().hashCode();
     }
 
-    public NodeKey getKey() {
-		return key;
-	}
+//    @Override
+//    public boolean onDelete(Session session) throws CallbackException
+//    {
+//        // check if there is an access control list
+//        DbAccessControlList acl = getAccessControlList();
+//        if (acl != null)
+//        {
+//            session.delete(acl);
+//        }
+//        return NO_VETO;
+//    }
+//
+
+    public Long getId()
+    {
+        return id;
+    }
+
+    /**
+     * For Hibernate use
+     */
+    @SuppressWarnings("unused")
+    private void setId(Long id)
+    {
+        this.id = id;
+    }
 
-	public void setKey(NodeKey key) {
-		this.key = key;
-	}
-    
     public Store getStore()
     {
         return store;
     }
 
-    public synchronized void setStore(Store store)
+    public void setStore(Store store)
     {
-        this.store = store;
-        this.nodeRef = null;
+        refWriteLock.lock();
+        try
+        {
+            this.store = store;
+            this.nodeRef = null;
+        }
+        finally
+        {
+            refWriteLock.unlock();
+        }
+    }
+
+    public String getUuid()
+    {
+        return uuid;
+    }
+
+    public void setUuid(String uuid)
+    {
+        refWriteLock.lock();
+        try
+        {
+            this.uuid = uuid;
+            this.nodeRef = null;
+        }
+        finally
+        {
+            refWriteLock.unlock();
+        }
     }
 
     public QName getTypeQName()
@@ -117,16 +218,16 @@ public class NodeImpl implements Node
         this.typeQName = typeQName;
     }
 
-    public NodeStatus getStatus()
-    {
-        return status;
-    }
-
-    public void setStatus(NodeStatus status)
-    {
-        this.status = status;
-    }
-
+//    public NodeStatus getStatus()
+//    {
+//        return status;
+//    }
+//
+//    public void setStatus(NodeStatus status)
+//    {
+//        this.status = status;
+//    }
+//
     public Set<QName> getAspects()
     {
         return aspects;
@@ -211,23 +312,17 @@ public class NodeImpl implements Node
         this.properties = properties;
     }
 
-    /**
-     * Thread-safe caching of the reference is provided
-     */
-    public synchronized NodeRef getNodeRef()
+    public DbAccessControlList getAccessControlList()
     {
-        if (nodeRef == null && key != null)
-        {
-            nodeRef = new NodeRef(getStore().getStoreRef(), getKey().getGuid());
-        }
-        return nodeRef;
+        return accessControlList;
     }
-    
+
     /**
-     * @see #getNodeRef()
+     * For Hibernate use
      */
-    public String toString()
+    @SuppressWarnings("unused")
+    private void setAccessControlList(DbAccessControlList accessControlList)
     {
-        return getNodeRef().toString();
+        this.accessControlList = accessControlList;
     }
 }
diff --git a/source/java/org/alfresco/repo/domain/hibernate/NodeStatusImpl.java b/source/java/org/alfresco/repo/domain/hibernate/NodeStatusImpl.java
index a65ba1cbb3..25de410be8 100644
--- a/source/java/org/alfresco/repo/domain/hibernate/NodeStatusImpl.java
+++ b/source/java/org/alfresco/repo/domain/hibernate/NodeStatusImpl.java
@@ -16,6 +16,7 @@
  */
 package org.alfresco.repo.domain.hibernate;
 
+import org.alfresco.repo.domain.Node;
 import org.alfresco.repo.domain.NodeKey;
 import org.alfresco.repo.domain.NodeStatus;
 import org.alfresco.util.EqualsHelper;
@@ -28,8 +29,19 @@ import org.alfresco.util.EqualsHelper;
 public class NodeStatusImpl implements NodeStatus
 {
     private NodeKey key;
+    private Node node;
     private String changeTxnId;
-    private boolean deleted;
+    
+    public String toString()
+    {
+        StringBuilder sb = new StringBuilder(50);
+        sb.append("NodeStatus")
+          .append("[key=").append(key)
+          .append(", node=").append(node == null ? null : node.getNodeRef())
+          .append(", txn=").append(changeTxnId)
+          .append("]");
+        return sb.toString();
+    }
 
     public int hashCode()
     {
@@ -45,23 +57,10 @@ public class NodeStatusImpl implements NodeStatus
         else if (!(obj instanceof NodeStatusImpl))
             return false;
         NodeStatus that = (NodeStatus) obj;
-        return (EqualsHelper.nullSafeEquals(this.key, that.getKey())) &&
-               (EqualsHelper.nullSafeEquals(this.changeTxnId, that.getChangeTxnId())) &&
-               (this.deleted == that.isDeleted());
+        return (EqualsHelper.nullSafeEquals(this.key, that.getKey()));
                         
     }
     
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder(50);
-        sb.append("NodeStatus")
-          .append("[key=").append(key)
-          .append(", txn=").append(changeTxnId)
-          .append(", deleted=").append(deleted)
-          .append("]");
-        return sb.toString();
-    }
-    
     public NodeKey getKey()
     {
         return key;
@@ -72,6 +71,16 @@ public class NodeStatusImpl implements NodeStatus
         this.key = key;
     }
 
+    public Node getNode()
+    {
+        return node;
+    }
+
+    public void setNode(Node node)
+    {
+        this.node = node;
+    }
+
     public String getChangeTxnId()
     {
         return changeTxnId;
@@ -84,11 +93,15 @@ public class NodeStatusImpl implements NodeStatus
 
     public boolean isDeleted()
     {
-        return deleted;
+        return (node == null);
     }
 
-    public void setDeleted(boolean deleted)
+    /**
+     * For Hibernate use
+     */
+    @SuppressWarnings("unused")
+    private void setDeleted(boolean deleted)
     {
-        this.deleted = deleted;
+        // this is a convenience, derived property
     }
 }
diff --git a/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml b/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml
new file mode 100644
index 0000000000..f4032016f1
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml
@@ -0,0 +1,200 @@
+<?xml version='1.0' encoding='UTF-8'?>
+
+<!DOCTYPE hibernate-mapping PUBLIC
+    '-//Hibernate/Hibernate Mapping DTD 3.0//EN' 
+    'http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd'>
+
+<hibernate-mapping>
+    <class 
+        name="org.alfresco.repo.domain.hibernate.DbAccessControlListImpl"
+        proxy="org.alfresco.repo.domain.DbAccessControlList"
+        table="access_control_list"
+        dynamic-insert="false"
+        dynamic-update="false"
+        select-before-update="false" 
+        lazy="true"
+        optimistic-lock="version" >
+
+        <id name="id" column="id" type="long" >
+           <generator class="native" />
+        </id>
+
+        <many-to-one
+               name="node"
+               class="org.alfresco.repo.domain.hibernate.NodeImpl"
+               unique="true"
+               not-null="true">
+            <column name="node_id" />
+        </many-to-one>
+
+        <property name="inherits" column="inherits" type="boolean" not-null="true" />
+        
+    </class>
+    
+    <class 
+        name="org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl"
+        proxy="org.alfresco.repo.domain.DbAccessControlEntry"
+        table="access_control_entry"
+        dynamic-insert="false"
+        dynamic-update="false"
+        select-before-update="false"
+        lazy="true"
+        optimistic-lock="version" >
+        
+        <id name="id" column="id" type="long" >
+            <generator class="native" />
+        </id>
+
+        <natural-id mutable="true" >
+           <many-to-one 
+               name="accessControlList" 
+               class="org.alfresco.repo.domain.hibernate.DbAccessControlListImpl"
+               column="acl_id"
+               lazy="no-proxy"
+               fetch="select"
+               optimistic-lock="true"
+               not-null="true" /> 
+           <many-to-one 
+               name="permission" 
+               class="org.alfresco.repo.domain.hibernate.DbPermissionImpl"
+               column="permission_id"
+               lazy="no-proxy"
+               fetch="select"
+               optimistic-lock="true"
+               not-null="true" /> 
+           <many-to-one 
+               name="authority" 
+               class="org.alfresco.repo.domain.hibernate.DbAuthorityImpl"
+               column="authority_id"
+               lazy="no-proxy"
+               fetch="select"
+               optimistic-lock="true"
+               not-null="true" /> 
+        </natural-id>
+        
+        <property name="allowed" column="allowed" type="boolean" not-null="true" />
+
+    </class>
+    
+    <class
+        name="org.alfresco.repo.domain.hibernate.DbPermissionImpl"
+        proxy="org.alfresco.repo.domain.DbPermission"
+        table="permission"
+        dynamic-insert="false"
+        dynamic-update="false"
+        select-before-update="false"
+        lazy="true"
+        optimistic-lock="version" >
+        
+        <id name="id" column="id" type="long" >
+            <generator class="native" />
+        </id>
+
+        <natural-id mutable="true">
+           <property name="typeQname" column="type_qname" type="QName" length="200" />
+           <property name="name" type="string" length="100" column="name" />
+        </natural-id>
+
+    </class>
+    
+    <class
+        name="org.alfresco.repo.domain.hibernate.DbAuthorityImpl"
+        proxy="org.alfresco.repo.domain.DbAuthority"
+        table="authority"
+        dynamic-insert="false"
+        dynamic-update="false"
+        select-before-update="false"
+        lazy="true"
+        optimistic-lock="version" >
+        
+        <id name="recipient" column="recipient" type="string" length="100" />
+
+        <set
+            name="externalKeys"
+            table="auth_ext_keys"
+            lazy="true"
+            sort="unsorted"
+            fetch="select"
+            optimistic-lock="true" >
+            <key >
+               <column name="id" />
+            </key>
+            <element column="externalKey" length="100" not-null="true" type="string" />
+        </set>
+    </class>
+
+   <query name="permission.GetPermission" cacheable="true">
+      select distinct
+         permission
+      from
+         org.alfresco.repo.domain.hibernate.DbPermissionImpl as permission
+      where
+         permission.typeQname = :permissionTypeQName and
+         permission.name = :permissionName
+   </query>
+   
+   <query name="permission.GetAccessControlEntriesForAccessControlList" cacheable="true" >
+      select
+         ace
+      from
+         org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl as ace
+      where
+         ace.accessControlList.id = :accessControlListId
+   </query>
+   
+   <query name="permission.GetAccessControlEntriesForPermission">
+      select
+         ace
+      from
+         org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl as ace
+      where
+         ace.permission.id = :permissionId
+   </query>
+   
+   <query name="permission.GetAccessControlEntriesForAuthority">
+      select
+         ace
+      from
+         org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl as ace
+      where
+         ace.authority.recipient = :authorityRecipient
+   </query>
+   
+   <query name="permission.GetAccessControlEntriesForAuthorityAndNode">
+      select
+         ace
+      from
+         org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl as ace
+      where
+         ace.authority.recipient = :authorityRecipient and
+         ace.accessControlList.node.store.key.protocol = :storeProtocol and
+         ace.accessControlList.node.store.key.identifier = :storeIdentifier and
+         ace.accessControlList.node.uuid = :nodeUuid 
+   </query>
+   
+   <query name="permission.GetAccessControlEntryForAll">
+      select
+         ace
+      from
+         org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl as ace
+      where
+         ace.permission.typeQname = :permissionTypeQName and
+         ace.permission.name = :permissionName and
+         ace.authority.recipient = :authorityRecipient and
+         ace.accessControlList.node.store.key.protocol = :storeProtocol and
+         ace.accessControlList.node.store.key.identifier = :storeIdentifier and
+         ace.accessControlList.node.uuid = :nodeUuid 
+   </query>
+   
+   <query name="permission.GetAccessControlListForNode" cacheable="true" >
+      select
+         acl
+      from
+         org.alfresco.repo.domain.hibernate.DbAccessControlListImpl as acl
+      where
+         acl.node.store.key.protocol = :storeProtocol and
+         acl.node.store.key.identifier = :storeIdentifier and
+         acl.node.uuid = :nodeUuid 
+   </query>
+    
+</hibernate-mapping>
\ No newline at end of file
diff --git a/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java b/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
new file mode 100644
index 0000000000..6ead381b52
--- /dev/null
+++ b/source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
@@ -0,0 +1,561 @@
+/*
+ * Copyright (C) 2005 Alfresco, Inc.
+ *
+ * Licensed under the Mozilla Public License version 1.1 
+ * with a permitted attribution clause. You may obtain a
+ * copy of the License at
+ *
+ *   http://www.alfresco.org/legal/license.txt
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package org.alfresco.repo.domain.hibernate;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.alfresco.repo.cache.SimpleCache;
+import org.alfresco.repo.domain.DbAccessControlEntry;
+import org.alfresco.repo.domain.DbAccessControlList;
+import org.alfresco.repo.domain.DbAuthority;
+import org.alfresco.repo.domain.DbPermission;
+import org.alfresco.repo.domain.Node;
+import org.alfresco.repo.node.db.NodeDaoService;
+import org.alfresco.repo.security.permissions.NodePermissionEntry;
+import org.alfresco.repo.security.permissions.PermissionEntry;
+import org.alfresco.repo.security.permissions.PermissionReference;
+import org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent;
+import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry;
+import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry;
+import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
+import org.alfresco.service.cmr.repository.InvalidNodeRefException;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.service.cmr.security.AccessStatus;
+import org.alfresco.service.namespace.QName;
+import org.alfresco.util.ParameterCheck;
+import org.hibernate.Query;
+import org.hibernate.Session;
+import org.springframework.orm.hibernate3.HibernateCallback;
+import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
+
+/**
+ * Support for accessing persisted permission information.
+ * 
+ * This class maps between persisted objects and the external API defined in the
+ * PermissionsDAO interface.
+ * 
+ * @author andyh
+ */
+public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements PermissionsDaoComponent
+{
+    public static final String QUERY_GET_PERMISSION = "permission.GetPermission";
+    public static final String QUERY_GET_AC_LIST_FOR_NODE = "permission.GetAccessControlListForNode";
+    public static final String QUERY_GET_AC_ENTRIES_FOR_AC_LIST = "permission.GetAccessControlEntriesForAccessControlList";
+    public static final String QUERY_GET_AC_ENTRIES_FOR_AUTHORITY = "permission.GetAccessControlEntriesForAuthority";
+    public static final String QUERY_GET_AC_ENTRIES_FOR_PERMISSION = "permission.GetAccessControlEntriesForPermission";
+    public static final String QUERY_GET_AC_ENTRIES_FOR_AUTHORITY_AND_NODE = "permission.GetAccessControlEntriesForAuthorityAndNode";
+    public static final String QUERY_GET_AC_ENTRY_FOR_ALL = "permission.GetAccessControlEntryForAll";
+    
+    private NodeDaoService nodeDaoService;
+    private SimpleCache<NodeRef, SimpleNodePermissionEntry> nullPermissionCache;
+
+    public PermissionsDaoComponentImpl()
+    {
+        super();
+    }
+
+    public void setNodeDaoService(NodeDaoService nodeDaoService)
+    {
+        this.nodeDaoService = nodeDaoService;
+    }
+
+    public void setNullPermissionCache(SimpleCache<NodeRef, SimpleNodePermissionEntry> nullPermissionCache)
+    {
+        this.nullPermissionCache = nullPermissionCache;
+    }
+
+    public NodePermissionEntry getPermissions(NodeRef nodeRef)
+    {
+        // Create the object if it is not found.
+        // Null objects are not cached in hibernate
+        // If the object does not exist it will repeatedly query to check its
+        // non existence.
+
+        NodePermissionEntry npe = nullPermissionCache.get(nodeRef);
+        if (npe != null)
+        {
+            return npe;
+        }
+        // get the persisted version
+        DbAccessControlList acl = getAccessControlList(nodeRef, false);
+        if (acl == null)
+        {
+            // there isn't an access control list for the node - spoof a null one
+            SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(
+                    nodeRef, true, Collections.<SimplePermissionEntry> emptySet());
+            npe = snpe;
+            nullPermissionCache.put(nodeRef, snpe);
+        }
+        else
+        {
+            npe = createSimpleNodePermissionEntry(acl);
+        }
+        // done
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("Created access control list for node: " + nodeRef);
+        }
+        return npe;
+    }
+
+    /**
+     * Get the persisted access control list or create it if required.
+     * 
+     * @param nodeRef - the node for which to create the list
+     * @param create - create the object if it is missing
+     * @return Returns the current access control list or null if not found
+     */
+    private DbAccessControlList getAccessControlList(final NodeRef nodeRef, boolean create)
+    {
+        // get the access control list for the node
+        HibernateCallback callback = new HibernateCallback()
+        {
+            public Object doInHibernate(Session session)
+            {
+                Query query = session.getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_AC_LIST_FOR_NODE);
+                query.setString("storeProtocol", nodeRef.getStoreRef().getProtocol())
+                     .setString("storeIdentifier", nodeRef.getStoreRef().getIdentifier())
+                     .setString("nodeUuid", nodeRef.getId());
+                return query.list();
+            }
+        };
+        @SuppressWarnings("unchecked")
+        List<DbAccessControlList> results = (List<DbAccessControlList>) getHibernateTemplate().execute(callback);
+        DbAccessControlList acl = null;
+        if (results.size() == 0)
+        {
+            // we'll return null
+        }
+        else if (results.size() > 0)
+        {
+            acl = (DbAccessControlList) results.get(0);
+        }
+        else if (results.size() > 1)
+        {
+            logger.warn("Duplicate access control lists for node: " + nodeRef);
+            acl = (DbAccessControlList) results.get(0);
+        }
+        // done
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("Retrieved access control list: \n" +
+                    "   node: " + nodeRef + "\n" +
+                    "   list: " + acl);
+        }
+        return acl;
+    }
+    
+    /**
+     * Creates an access control list for the node and removes the entry from
+     * the nullPermsionCache.
+     */
+    private DbAccessControlList createAccessControlList(final NodeRef nodeRef)
+    {
+        // get the node referenced
+        Node node = getNode(nodeRef);
+        
+        DbAccessControlList acl = new DbAccessControlListImpl();
+        acl.setNode(node);
+        acl.setInherits(true);
+        getHibernateTemplate().save(acl);
+        
+        nullPermissionCache.remove(nodeRef);
+        
+        // done
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("Created Access Control List: \n" +
+                    "   node: " + nodeRef + "\n" +
+                    "   list: " + acl);
+        }
+        return acl;
+    }
+
+    /**
+     * @param nodeRef the node reference
+     * @return Returns the node for the given reference, or null
+     */
+    private Node getNode(NodeRef nodeRef)
+    {
+        Node node = nodeDaoService.getNode(nodeRef);
+        if (node == null)
+        {
+            throw new InvalidNodeRefException(nodeRef);
+        }
+        return node;
+    }
+
+    public void deletePermissions(NodeRef nodeRef)
+    {
+        DbAccessControlList acl = getAccessControlList(nodeRef, false);
+        if (acl != null)
+        {
+            // delete the access control list - it will cascade to the entries
+            getHibernateTemplate().delete(acl);
+        }
+    }
+
+    @SuppressWarnings("unchecked")
+    public void deletePermissions(final String authority)
+    {
+        HibernateCallback callback = new HibernateCallback()
+        {
+            public Object doInHibernate(Session session)
+            {
+                Query query = session
+                        .getNamedQuery(QUERY_GET_AC_ENTRIES_FOR_AUTHORITY)
+                        .setString("authorityRecipient", authority);
+                return (Integer) HibernateHelper.deleteQueryResults(session, query);
+            }
+        };
+        Integer deletedCount = (Integer) getHibernateTemplate().execute(callback);
+        // done
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("Deleted " + deletedCount + " entries for authority " + authority);
+        }
+    }
+
+    public void deletePermissions(final NodeRef nodeRef, final String authority)
+    {
+        HibernateCallback callback = new HibernateCallback()
+        {
+            public Object doInHibernate(Session session)
+            {
+                Query query = session
+                        .getNamedQuery(QUERY_GET_AC_ENTRIES_FOR_AUTHORITY_AND_NODE)
+                        .setString("authorityRecipient", authority)
+                        .setString("storeProtocol", nodeRef.getStoreRef().getProtocol())
+                        .setString("storeIdentifier", nodeRef.getStoreRef().getIdentifier())
+                        .setString("nodeUuid", nodeRef.getId());
+                return HibernateHelper.deleteQueryResults(session, query);
+            }
+        };
+        Integer deletedCount = (Integer) getHibernateTemplate().execute(callback);
+        // done
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("Deleted " + deletedCount + "entries for criteria: \n" +
+                    "   node: " + nodeRef + "\n" +
+                    "   authority: " + authority);
+        }
+    }
+
+    /**
+     * Deletes all permission entries (access control list entries) that match
+     * the given criteria.  Note that the access control list for the node is
+     * not deleted.
+     */
+    public void deletePermission(final NodeRef nodeRef, final String authority, final PermissionReference permission)
+    {
+        // get the entry
+        DbAccessControlEntry entry = getAccessControlEntry(nodeRef, authority, permission);
+        if (entry != null)
+        {
+            getHibernateTemplate().delete(entry);
+            // done
+            if (logger.isDebugEnabled())
+            {
+                logger.debug("Deleted entry for criteria: \n" +
+                        "   node: " + nodeRef + "\n" +
+                        "   authority: " + authority + "\n" +
+                        "   permission: " + permission);
+            }
+        }
+    }
+
+    public void setPermission(NodeRef nodeRef, String authority, PermissionReference permission, boolean allow)
+    {
+        // get the entry
+        DbAccessControlEntry entry = getAccessControlEntry(nodeRef, authority, permission);
+        if (entry == null)
+        {
+            // need to create it
+            DbAccessControlList dbAccessControlList = getAccessControlList(nodeRef, true);
+            DbPermission dbPermission = getPermission(permission, true);
+            DbAuthority dbAuthority = getAuthority(authority, true);
+            // set persistent objects
+            entry = DbAccessControlEntryImpl.create(dbAccessControlList, dbPermission, dbAuthority, allow);
+            // save it
+            getHibernateTemplate().save(entry);
+            // drop the entry from the null cache
+            nullPermissionCache.remove(nodeRef);
+            // done
+            if (logger.isDebugEnabled())
+            {
+                logger.debug("Created new access control entry: " + entry);
+            }
+        }
+        else
+        {
+            entry.setAllowed(allow);
+            // done
+            if (logger.isDebugEnabled())
+            {
+                logger.debug("Updated access control entry: " + entry);
+            }
+        }
+    }
+    
+    /**
+     * @param nodeRef the node against which to join
+     * @param authority the authority against which to join
+     * @param perm the permission against which to join
+     * @return Returns all access control entries that match the criteria
+     */
+    private DbAccessControlEntry getAccessControlEntry(
+            final NodeRef nodeRef,
+            final String authority,
+            final PermissionReference permission)
+    {
+        HibernateCallback callback = new HibernateCallback()
+        {
+            public Object doInHibernate(Session session)
+            {
+                Query query = session
+                        .getNamedQuery(QUERY_GET_AC_ENTRY_FOR_ALL)
+                        .setString("permissionTypeQName", permission.getQName().toString())
+                        .setString("permissionName", permission.getName())
+                        .setString("authorityRecipient", authority)
+                        .setString("storeProtocol", nodeRef.getStoreRef().getProtocol())
+                        .setString("storeIdentifier", nodeRef.getStoreRef().getIdentifier())
+                        .setString("nodeUuid", nodeRef.getId());
+                return (DbAccessControlEntry) query.uniqueResult();
+            }
+        };
+        DbAccessControlEntry entry = (DbAccessControlEntry) getHibernateTemplate().execute(callback);
+        // done
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("" + (entry == null ? "Did not find" : "Found") + "entry for criteria: \n" +
+                    "   node: " + nodeRef + "\n" +
+                    "   authority: " + authority + "\n" +
+                    "   permission: " + permission);
+        }
+        return entry;
+    }
+
+    /**
+     * Utility method to find or create a persisted authority
+     */
+    private DbAuthority getAuthority(String authority, boolean create)
+    {
+        DbAuthority entity = (DbAuthority) getHibernateTemplate().get(DbAuthorityImpl.class, authority);
+        if ((entity == null) && create)
+        {
+            entity = new DbAuthorityImpl();
+            entity.setRecipient(authority);
+            getHibernateTemplate().save(entity);
+            return entity;
+        }
+        else
+        {
+            return entity;
+        }
+    }
+
+    /**
+     * Utility method to find and optionally create a persisted permission.
+     */
+    private DbPermission getPermission(PermissionReference permissionRef, final boolean create)
+    {
+        final QName qname = permissionRef.getQName();
+        final String name = permissionRef.getName();
+        
+        HibernateCallback callback = new HibernateCallback()
+        {
+            public Object doInHibernate(Session session)
+            {
+                return DbPermissionImpl.find(session, qname, name);
+            }
+        };
+        DbPermission dbPermission = (DbPermission) getHibernateTemplate().execute(callback);
+
+        // create if necessary
+        if ((dbPermission == null) && create)
+        {
+            dbPermission = new DbPermissionImpl();
+            dbPermission.setTypeQname(qname);
+            dbPermission.setName(name);
+            getHibernateTemplate().save(dbPermission);
+        }
+        return dbPermission;
+    }
+
+    public void setPermission(PermissionEntry permissionEntry)
+    {
+        setPermission(
+                permissionEntry.getNodeRef(),
+                permissionEntry.getAuthority(),
+                permissionEntry.getPermissionReference(),
+                permissionEntry.isAllowed());
+    }
+
+    public void setPermission(NodePermissionEntry nodePermissionEntry)
+    {
+        NodeRef nodeRef = nodePermissionEntry.getNodeRef();
+        // get the access control list
+        DbAccessControlList acl = getAccessControlList(nodeRef, false);
+        if (acl == null)
+        {
+            // create the access control list
+            acl = createAccessControlList(nodeRef);
+        }
+        else
+        {
+            // remove entries associated with the list
+            int deleted = acl.deleteEntries();
+            if (logger.isDebugEnabled())
+            {
+                logger.debug("Deleted " + deleted + " entries for access control list: \n" +
+                        "   acl: " + acl);
+            }
+            getSession().flush();
+        }
+        // set attributes
+        acl.setInherits(nodePermissionEntry.inheritPermissions());
+
+        // add all entries
+        for (PermissionEntry pe : nodePermissionEntry.getPermissionEntries())
+        {
+            PermissionReference permission = pe.getPermissionReference();
+            String authority = pe.getAuthority();
+            boolean isAllowed = pe.isAllowed();
+
+            DbPermission permissionEntity = getPermission(permission, true);
+            DbAuthority authorityEntity = getAuthority(authority, true);
+
+            DbAccessControlEntryImpl entry = DbAccessControlEntryImpl.create(
+                    acl,
+                    permissionEntity,
+                    authorityEntity,
+                    isAllowed);
+                                                                                                                                                                                                                                                    getHibernateTemplate().save(entry);
+        }
+    }
+
+    public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
+    {
+        DbAccessControlList acl = getAccessControlList(nodeRef, true);
+        acl.setInherits(inheritParentPermissions);
+    }
+    
+    public boolean getInheritParentPermissions(NodeRef nodeRef)
+    {
+        DbAccessControlList acl = getAccessControlList(nodeRef, false);
+        if (acl == null)
+        {
+            return true;
+        }
+        else
+        {
+            return acl.getInherits();
+        }
+    }
+
+    // Utility methods to create simple detached objects for the outside world
+    // We do not pass out the hibernate objects
+
+    private SimpleNodePermissionEntry createSimpleNodePermissionEntry(DbAccessControlList acl)
+    {
+        if (acl == null)
+        {
+            ParameterCheck.mandatory("acl", acl);
+        }
+        List<DbAccessControlEntry> entries = getEntriesForList(acl);
+        SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(
+                acl.getNode().getNodeRef(),
+                acl.getInherits(),
+                createSimplePermissionEntries(entries));
+        return snpe;
+    }
+    
+    /**
+     * Executes a query to retrieve the access control list's entries
+     * 
+     * @param acl the access control list
+     * @return Returns a list of the entries
+     */
+    @SuppressWarnings("unchecked")
+    private List<DbAccessControlEntry> getEntriesForList(final DbAccessControlList acl)
+    {
+        HibernateCallback callback = new HibernateCallback()
+        {
+            public Object doInHibernate(Session session)
+            {
+                Query query = session.getNamedQuery(QUERY_GET_AC_ENTRIES_FOR_AC_LIST);
+                query.setLong("accessControlListId", acl.getId());
+                return query.list();
+            }
+        };
+        List<DbAccessControlEntry> entries = (List<DbAccessControlEntry>) getHibernateTemplate().execute(callback);
+        // done
+        if (logger.isDebugEnabled())
+        {
+            logger.debug("Found " + entries.size() + " entries for access control list " + acl.getId());
+        }
+        return entries;
+    }
+
+    /**
+     * @param entries access control entries
+     * @return Returns a unique set of entries that can be given back to the outside world
+     */
+    private Set<SimplePermissionEntry> createSimplePermissionEntries(List<DbAccessControlEntry> entries)
+    {
+        if (entries == null)
+        {
+            return null;
+        }
+        HashSet<SimplePermissionEntry> spes = new HashSet<SimplePermissionEntry>(entries.size(), 1.0f);
+        if (entries.size() != 0)
+        {
+            for (DbAccessControlEntry entry : entries)
+            {
+                spes.add(createSimplePermissionEntry(entry));
+            }
+        }
+        return spes;
+    }
+
+    private static SimplePermissionEntry createSimplePermissionEntry(DbAccessControlEntry ace)
+    {
+        if (ace == null)
+        {
+            return null;
+        }
+        return new SimplePermissionEntry(
+                ace.getAccessControlList().getNode().getNodeRef(),
+                createSimplePermissionReference(ace.getPermission()),
+                ace.getAuthority().getRecipient(),
+                ace.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
+    }
+
+    private static SimplePermissionReference createSimplePermissionReference(DbPermission perm)
+    {
+        if (perm == null)
+        {
+            return null;
+        }
+        return new SimplePermissionReference(
+                perm.getTypeQname(),
+                perm.getName());
+    }
+}
diff --git a/source/java/org/alfresco/repo/domain/hibernate/Store.hbm.xml b/source/java/org/alfresco/repo/domain/hibernate/Store.hbm.xml
index a40e39b892..07da354377 100644
--- a/source/java/org/alfresco/repo/domain/hibernate/Store.hbm.xml
+++ b/source/java/org/alfresco/repo/domain/hibernate/Store.hbm.xml
@@ -22,13 +22,11 @@
       <!-- forward assoc to root node -->
       <many-to-one
             name="rootNode"
-            not-null="false"
+            not-null="true"
             lazy="false"
             class="org.alfresco.repo.domain.hibernate.NodeImpl"
             fetch="join" >
-         <column name="root_protocol" />
-         <column name="root_identifier" />
-         <column name="root_guid" />
+         <column name="root_node_id" />
       </many-to-one>
    </class>
    
diff --git a/source/java/org/alfresco/repo/domain/hibernate/StoreImpl.java b/source/java/org/alfresco/repo/domain/hibernate/StoreImpl.java
index c88c19cedf..1a700a588e 100644
--- a/source/java/org/alfresco/repo/domain/hibernate/StoreImpl.java
+++ b/source/java/org/alfresco/repo/domain/hibernate/StoreImpl.java
@@ -16,6 +16,10 @@
  */
 package org.alfresco.repo.domain.hibernate;
 
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock.WriteLock;
+
 import org.alfresco.repo.domain.Node;
 import org.alfresco.repo.domain.Store;
 import org.alfresco.repo.domain.StoreKey;
@@ -30,10 +34,59 @@ public class StoreImpl implements Store
 {
 	private StoreKey key;
     private Node rootNode;
+
+    private transient ReadLock refReadLock;
+    private transient WriteLock refWriteLock;
     private transient StoreRef storeRef;
 
     public StoreImpl()
     {
+        ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
+        refReadLock = lock.readLock();
+        refWriteLock = lock.writeLock();
+    }
+    
+    /**
+     * Lazily constructs <code>StoreRef</code> instance referencing this entity
+     */
+    public StoreRef getStoreRef()
+    {
+        // first check if it is available
+        refReadLock.lock();
+        try
+        {
+            if (storeRef != null)
+            {
+                return storeRef;
+            }
+        }
+        finally
+        {
+            refReadLock.unlock();
+        }
+        // get write lock
+        refWriteLock.lock();
+        try
+        {
+            // double check
+            if (storeRef == null )
+            {
+                storeRef = new StoreRef(getKey().getProtocol(), getKey().getIdentifier());
+            }
+            return storeRef;
+        }
+        finally
+        {
+            refWriteLock.unlock();
+        }
+    }
+    
+    /**
+     * @see #getStoreRef()()
+     */
+    public String toString()
+    {
+        return getStoreRef().toString();
     }
     
     /**
@@ -49,11 +102,11 @@ public class StoreImpl implements Store
         {
             return true;
         }
-        else if (!(obj instanceof Node))
+        else if (!(obj instanceof Store))
         {
             return false;
         }
-        Node that = (Node) obj;
+        Store that = (Store) obj;
         return (this.getKey().equals(that.getKey()));
     }
     
@@ -65,42 +118,32 @@ public class StoreImpl implements Store
         return getKey().hashCode();
     }
     
-    /**
-     * @see #getStoreRef()()
-     */
-    public String toString()
+    public StoreKey getKey()
     {
-        return getStoreRef().toString();
+        return key;
     }
-
-    public StoreKey getKey() {
-		return key;
-	}
-
-	public synchronized void setKey(StoreKey key) {
-		this.key = key;
-        this.storeRef = null;
-	}
-
+    
+    public synchronized void setKey(StoreKey key)
+    {
+        refWriteLock.lock();
+        try
+        {
+            this.key = key;
+            this.storeRef = null;
+        }
+        finally
+        {
+            refWriteLock.unlock();
+        }
+    }
+    
     public Node getRootNode()
     {
         return rootNode;
     }
-
+    
     public void setRootNode(Node rootNode)
     {
         this.rootNode = rootNode;
     }
-    
-    /**
-     * Lazily constructs <code>StoreRef</code> instance referencing this entity
-     */
-    public synchronized StoreRef getStoreRef()
-    {
-        if (storeRef == null && key != null)
-        {
-            storeRef = new StoreRef(key.getProtocol(), key.getIdentifier());
-        }
-        return storeRef;
-    }
 }
\ No newline at end of file
diff --git a/source/java/org/alfresco/repo/domain/hibernate/VersionCountImpl.java b/source/java/org/alfresco/repo/domain/hibernate/VersionCountImpl.java
index e091f101e8..4be08aa2e2 100644
--- a/source/java/org/alfresco/repo/domain/hibernate/VersionCountImpl.java
+++ b/source/java/org/alfresco/repo/domain/hibernate/VersionCountImpl.java
@@ -16,7 +16,6 @@
  */
 package org.alfresco.repo.domain.hibernate;
 
-import org.alfresco.repo.domain.Node;
 import org.alfresco.repo.domain.StoreKey;
 import org.alfresco.repo.domain.VersionCount;
 
@@ -50,11 +49,11 @@ public class VersionCountImpl implements VersionCount
         {
             return true;
         }
-        else if (!(obj instanceof Node))
+        else if (!(obj instanceof VersionCount))
         {
             return false;
         }
-        Node that = (Node) obj;
+        VersionCount that = (VersionCount) obj;
         return (this.getKey().equals(that.getKey()));
     }
     
diff --git a/source/java/org/alfresco/repo/version/common/counter/hibernate/HibernateVersionCounterDaoServiceImpl.java b/source/java/org/alfresco/repo/domain/hibernate/VersionCounterDaoComponentImpl.java
similarity index 92%
rename from source/java/org/alfresco/repo/version/common/counter/hibernate/HibernateVersionCounterDaoServiceImpl.java
rename to source/java/org/alfresco/repo/domain/hibernate/VersionCounterDaoComponentImpl.java
index f9f7781599..4283639417 100644
--- a/source/java/org/alfresco/repo/version/common/counter/hibernate/HibernateVersionCounterDaoServiceImpl.java
+++ b/source/java/org/alfresco/repo/domain/hibernate/VersionCounterDaoComponentImpl.java
@@ -14,15 +14,14 @@
  * language governing permissions and limitations under the
  * License.
  */
-package org.alfresco.repo.version.common.counter.hibernate;
+package org.alfresco.repo.domain.hibernate;
 
 import org.alfresco.repo.domain.StoreKey;
 import org.alfresco.repo.domain.VersionCount;
-import org.alfresco.repo.domain.hibernate.VersionCountImpl;
 import org.alfresco.repo.node.NodeServicePolicies;
 import org.alfresco.repo.policy.JavaBehaviour;
 import org.alfresco.repo.policy.PolicyComponent;
-import org.alfresco.repo.version.common.counter.VersionCounterDaoService;
+import org.alfresco.repo.version.common.counter.VersionCounterService;
 import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.namespace.NamespaceService;
 import org.alfresco.service.namespace.QName;
@@ -39,9 +38,9 @@ import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
  * 
  * @author Derek Hulley
  */
-public class HibernateVersionCounterDaoServiceImpl
+public class VersionCounterDaoComponentImpl
         extends HibernateDaoSupport
-        implements VersionCounterDaoService, NodeServicePolicies.BeforeCreateStorePolicy
+        implements VersionCounterService, NodeServicePolicies.BeforeCreateStorePolicy
 {
     private PolicyComponent policyComponent;
 
diff --git a/source/java/org/alfresco/repo/node/BaseNodeServiceTest.java b/source/java/org/alfresco/repo/node/BaseNodeServiceTest.java
index 8173817f55..02526cf62d 100644
--- a/source/java/org/alfresco/repo/node/BaseNodeServiceTest.java
+++ b/source/java/org/alfresco/repo/node/BaseNodeServiceTest.java
@@ -376,10 +376,10 @@ public abstract class BaseNodeServiceTest extends BaseSpringTest
     private int countNodesById(NodeRef nodeRef)
     {
         String query =
-                "select count(node.key.guid)" +
+                "select count(node.uuid)" +
                 " from " +
                 NodeImpl.class.getName() + " node" +
-                " where node.key.guid = ?";
+                " where node.uuid = ?";
         Session session = getSession();
         List results = session.createQuery(query)
             .setString(0, nodeRef.getId())
@@ -710,7 +710,7 @@ public abstract class BaseNodeServiceTest extends BaseSpringTest
                 "select node.childAssocs" +
                 " from " +
                 NodeImpl.class.getName() + " node" +
-                " where node.key.guid = ?";
+                " where node.uuid = ?";
         Session session = getSession();
         List results = session.createQuery(query)
             .setString(0, nodeRef.getId())
diff --git a/source/java/org/alfresco/repo/node/db/DbNodeServiceImpl.java b/source/java/org/alfresco/repo/node/db/DbNodeServiceImpl.java
index 8c2bec4af1..cb8435823b 100644
--- a/source/java/org/alfresco/repo/node/db/DbNodeServiceImpl.java
+++ b/source/java/org/alfresco/repo/node/db/DbNodeServiceImpl.java
@@ -31,13 +31,11 @@ import org.alfresco.model.ContentModel;
 import org.alfresco.repo.domain.ChildAssoc;
 import org.alfresco.repo.domain.Node;
 import org.alfresco.repo.domain.NodeAssoc;
-import org.alfresco.repo.domain.NodeKey;
 import org.alfresco.repo.domain.NodeStatus;
 import org.alfresco.repo.domain.PropertyValue;
 import org.alfresco.repo.domain.Store;
 import org.alfresco.repo.node.AbstractNodeServiceImpl;
 import org.alfresco.repo.policy.PolicyComponent;
-import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
 import org.alfresco.service.cmr.dictionary.AspectDefinition;
 import org.alfresco.service.cmr.dictionary.ClassDefinition;
 import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
@@ -92,9 +90,7 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
      */
     private Node getNodeNotNull(NodeRef nodeRef) throws InvalidNodeRefException
     {
-        String protocol = nodeRef.getStoreRef().getProtocol();
-        String identifier = nodeRef.getStoreRef().getIdentifier();
-        Node unchecked = nodeDaoService.getNode(protocol, identifier, nodeRef.getId());
+        Node unchecked = nodeDaoService.getNode(nodeRef);
         if (unchecked == null)
         {
             throw new InvalidNodeRefException("Node does not exist: " + nodeRef, nodeRef);
@@ -112,10 +108,7 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
     
     public boolean exists(NodeRef nodeRef)
     {
-        StoreRef storeRef = nodeRef.getStoreRef();
-        Node node = nodeDaoService.getNode(storeRef.getProtocol(),
-                storeRef.getIdentifier(),
-                nodeRef.getId());
+        Node node = nodeDaoService.getNode(nodeRef);
         boolean exists = (node != null);
         // done
         return exists;
@@ -123,10 +116,7 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
     
     public Status getNodeStatus(NodeRef nodeRef)
     {
-        NodeStatus nodeStatus = nodeDaoService.getNodeStatus(
-                nodeRef.getStoreRef().getProtocol(),
-                nodeRef.getStoreRef().getIdentifier(),
-                nodeRef.getId());
+        NodeStatus nodeStatus = nodeDaoService.getNodeStatus(nodeRef);
         if (nodeStatus == null)     // node never existed
         {
             return null;
@@ -416,8 +406,7 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
         invokeOnUpdateNode(newParentRef);
         
         // update the node status
-        NodeStatus nodeStatus = nodeToMove.getStatus();
-        nodeStatus.setChangeTxnId(AlfrescoTransactionSupport.getTransactionId());
+        nodeDaoService.recordChangeId(nodeToMoveRef);
         
         // done
         return newAssoc.getChildAssocRef();
@@ -526,8 +515,7 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
             invokeOnAddAspect(nodeRef, aspectTypeQName);
             
             // update the node status
-            NodeStatus nodeStatus = node.getStatus();
-            nodeStatus.setChangeTxnId(AlfrescoTransactionSupport.getTransactionId());
+            nodeDaoService.recordChangeId(nodeRef);
         }                
     }
 
@@ -581,8 +569,7 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
             invokeOnRemoveAspect(nodeRef, aspectTypeQName);
             
             // update the node status
-            NodeStatus nodeStatus = node.getStatus();
-            nodeStatus.setChangeTxnId(AlfrescoTransactionSupport.getTransactionId());
+            nodeDaoService.recordChangeId(nodeRef);
         }
     }
 
@@ -758,7 +745,7 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
     {
         Node parentNode = getNodeNotNull(parentRef);
         Node childNode = getNodeNotNull(childRef);
-        NodeKey childNodeKey = childNode.getKey();
+        Long childNodeId = childNode.getId();
         
         // get all the child assocs
         ChildAssociationRef primaryAssocRef = null;
@@ -766,7 +753,7 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
         assocs = new HashSet<ChildAssoc>(assocs);   // copy set as we will be modifying it
         for (ChildAssoc assoc : assocs)
         {
-            if (!assoc.getChild().getKey().equals(childNodeKey))
+            if (!assoc.getChild().getId().equals(childNodeId))
             {
                 continue;  // not a matching association
             }
@@ -901,8 +888,7 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
         invokeOnUpdateProperties(nodeRef, propertiesBefore, propertiesAfter);
         
         // update the node status
-        NodeStatus nodeStatus = node.getStatus();
-        nodeStatus.setChangeTxnId(AlfrescoTransactionSupport.getTransactionId());
+        nodeDaoService.recordChangeId(nodeRef);
     }
     
     /**
@@ -937,8 +923,7 @@ public class DbNodeServiceImpl extends AbstractNodeServiceImpl
         invokeOnUpdateProperties(nodeRef, propertiesBefore, propertiesAfter);
         
         // update the node status
-        NodeStatus nodeStatus = node.getStatus();
-        nodeStatus.setChangeTxnId(AlfrescoTransactionSupport.getTransactionId());
+        nodeDaoService.recordChangeId(nodeRef);
     }
     
     /**
diff --git a/source/java/org/alfresco/repo/node/db/DbNodeServiceImplTest.java b/source/java/org/alfresco/repo/node/db/DbNodeServiceImplTest.java
index 8369af4aee..63d60f8440 100644
--- a/source/java/org/alfresco/repo/node/db/DbNodeServiceImplTest.java
+++ b/source/java/org/alfresco/repo/node/db/DbNodeServiceImplTest.java
@@ -190,19 +190,13 @@ public class DbNodeServiceImplTest extends BaseNodeServiceTest
             public Object doWork()
             {
                 // check n6
-                NodeStatus n6Status = nodeDaoService.getNodeStatus(
-                        n6Ref.getStoreRef().getProtocol(),
-                        n6Ref.getStoreRef().getIdentifier(),
-                        n6Ref.getId());
+                NodeStatus n6Status = nodeDaoService.getNodeStatus(n6Ref);
                 if (!n6Status.isDeleted())
                 {
                     throw new RuntimeException("Deleted node does not have deleted status");
                 }
                 // n8 is a primary child - it should be deleted too
-                NodeStatus n8Status = nodeDaoService.getNodeStatus(
-                        n8Ref.getStoreRef().getProtocol(),
-                        n8Ref.getStoreRef().getIdentifier(),
-                        n8Ref.getId());
+                NodeStatus n8Status = nodeDaoService.getNodeStatus(n8Ref);
                 if (!n8Status.isDeleted())
                 {
                     throw new RuntimeException("Cascade-deleted node does not have deleted status");
diff --git a/source/java/org/alfresco/repo/node/db/NodeDaoService.java b/source/java/org/alfresco/repo/node/db/NodeDaoService.java
index 5b44d74bc3..985a83a012 100644
--- a/source/java/org/alfresco/repo/node/db/NodeDaoService.java
+++ b/source/java/org/alfresco/repo/node/db/NodeDaoService.java
@@ -25,6 +25,7 @@ import org.alfresco.repo.domain.NodeAssoc;
 import org.alfresco.repo.domain.NodeStatus;
 import org.alfresco.repo.domain.Store;
 import org.alfresco.service.cmr.dictionary.InvalidTypeException;
+import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.namespace.QName;
 
 /**
@@ -63,24 +64,40 @@ public interface NodeDaoService
      * @return Returns a store with the given values or null if one doesn't exist
      */
     public Store getStore(String protocol, String identifier);
+    
+    /**
+     * Gets the node's status.  If the node <i>never</i> existed, then
+     * <code>null</code> is returned.
+     * 
+     * @param nodeRef the node reference
+     * @return Returns the node status if the node exists or once existed, otherwise
+     *      returns <code>null</code>.
+     */
+    public NodeStatus getNodeStatus(NodeRef nodeRef);
+    
+    /**
+     * Sets the current transaction ID on the node status.  Note that the node
+     * may not exist, but the status will.
+     * 
+     * @param nodeRef the node reference
+     */
+    public void recordChangeId(NodeRef nodeRef);
 
     /**
      * @param store the store to which the node must belong
-     * @param id the node store-unique identifier
+     * @param uuid the node store-unique identifier
      * @param nodeTypeQName the type of the node
      * @return Returns a new node of the given type and attached to the store
      * @throws InvalidTypeException if the node type is invalid or if the node type
      *      is not a valid real node
      */
-    public Node newNode(Store store, String id, QName nodeTypeQName) throws InvalidTypeException;
+    public Node newNode(Store store, String uuid, QName nodeTypeQName) throws InvalidTypeException;
     
     /**
-     * @param protocol the store protocol
-     * @param identifier the store identifier for the given protocol
-     * @param id the store-specific node identifier
+     * @param nodeRef the node reference
      * @return Returns the <b>node</b> entity
      */
-    public Node getNode(String protocol, String identifier, String id);
+    public Node getNode(NodeRef nodeRef);
     
     /**
      * Deletes the node instance, taking care of any cascades that are required over
@@ -165,18 +182,6 @@ public interface NodeDaoService
      */
     public void deleteNodeAssoc(NodeAssoc assoc);
     
-    /**
-     * Gets the node's status.  If the node <i>never</i> existed, then
-     * <code>null</code> is returned.
-     * 
-     * @param protocol the store protocol
-     * @param identifier the store identifier for the given protocol
-     * @param id the store-specific node status identifier
-     * @return Returns the node status if the node exists or once existed, otherwise
-     *      returns <code>null</code>.
-     */
-    public NodeStatus getNodeStatus(String protocol, String identifier, String id);
-    
     /**
      * Fetch all content data strings.  These are all string values that begin
      * with <b>contentUrl=</b>.
diff --git a/source/java/org/alfresco/repo/node/db/hibernate/HibernateNodeDaoServiceImpl.java b/source/java/org/alfresco/repo/node/db/hibernate/HibernateNodeDaoServiceImpl.java
index 5cdc7401e1..d751315530 100644
--- a/source/java/org/alfresco/repo/node/db/hibernate/HibernateNodeDaoServiceImpl.java
+++ b/source/java/org/alfresco/repo/node/db/hibernate/HibernateNodeDaoServiceImpl.java
@@ -37,6 +37,7 @@ import org.alfresco.repo.node.db.NodeDaoService;
 import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
 import org.alfresco.service.cmr.dictionary.InvalidTypeException;
 import org.alfresco.service.cmr.repository.ChildAssociationRef;
+import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.util.GUID;
 import org.hibernate.ObjectDeletedException;
@@ -173,59 +174,91 @@ public class HibernateNodeDaoServiceImpl extends HibernateDaoSupport implements
         return store;
     }
 
-    public Node newNode(Store store, String id, QName nodeTypeQName) throws InvalidTypeException
-    {
-        NodeKey key = new NodeKey(store.getKey(), id);
-
-        // create (or reuse) the mandatory node status
-        NodeStatus nodeStatus = (NodeStatus) getHibernateTemplate().get(NodeStatusImpl.class, key);
-        if (nodeStatus == null)
-        {
-            nodeStatus = new NodeStatusImpl();
-        }
-        // set required status properties
-        nodeStatus.setKey(key);
-        nodeStatus.setDeleted(false);
-        nodeStatus.setChangeTxnId(AlfrescoTransactionSupport.getTransactionId());
-        // persist the nodestatus
-        getHibernateTemplate().save(nodeStatus);
-        
-        // build a concrete node based on a bootstrap type
-        Node node = new NodeImpl();
-        // set other required properties
-		node.setKey(key);
-        node.setTypeQName(nodeTypeQName);
-        node.setStore(store);
-        node.setStatus(nodeStatus);
-        // persist the node
-        getHibernateTemplate().save(node);
-        // done
-        return node;
-    }
-
-    public Node getNode(String protocol, String identifier, String id)
+    /**
+     * Fetch the node status, if it exists
+     */
+    public NodeStatus getNodeStatus(NodeRef nodeRef)
     {
         try
         {
-    		NodeKey nodeKey = new NodeKey(protocol, identifier, id);
-            Object obj = getHibernateTemplate().get(NodeImpl.class, nodeKey);
+            NodeKey nodeKey = new NodeKey(nodeRef);
+            Object obj = getHibernateTemplate().get(NodeStatusImpl.class, nodeKey);
             // done
-            return (Node) obj;
-        }
-        catch (ObjectDeletedException e)
-        {
-            return null;
+            return (NodeStatus) obj;
         }
         catch (DataAccessException e)
         {
             if (e.contains(ObjectDeletedException.class))
             {
-                // the object no loner exists
+                // the object no longer exists
                 return null;
             }
             throw e;
         }
     }
+
+    public void recordChangeId(NodeRef nodeRef)
+    {
+        NodeKey key = new NodeKey(nodeRef);
+        
+        NodeStatus status = (NodeStatus) getHibernateTemplate().get(NodeStatusImpl.class, key);
+        if (status == null)
+        {
+            // the node never existed or the status was deleted
+            return;
+        }
+        else
+        {
+            status.setChangeTxnId(AlfrescoTransactionSupport.getTransactionId());
+        }
+    }
+
+    public Node newNode(Store store, String uuid, QName nodeTypeQName) throws InvalidTypeException
+    {
+        NodeKey key = new NodeKey(store.getKey(), uuid);
+
+        // build a concrete node based on a bootstrap type
+        Node node = new NodeImpl();
+        // set other required properties
+        node.setStore(store);
+        node.setUuid(uuid);
+        node.setTypeQName(nodeTypeQName);
+        // persist the node
+        getHibernateTemplate().save(node);
+        
+        // create (or reuse) the mandatory node status
+        NodeStatus status = (NodeStatus) getHibernateTemplate().get(NodeStatusImpl.class, key);
+        if (status == null)
+        {
+            status = new NodeStatusImpl();
+            status.setKey(key);
+        }
+        // set required status properties
+        status.setNode(node);
+        status.setChangeTxnId(AlfrescoTransactionSupport.getTransactionId());
+        // persist the nodestatus
+        getHibernateTemplate().save(status);
+
+        // done
+        return node;
+    }
+
+    public Node getNode(NodeRef nodeRef)
+    {
+        // get it via the node status
+        NodeStatus status = getNodeStatus(nodeRef);
+        if (status == null)
+        {
+            // no status implies no node
+            return null;
+        }
+        else
+        {
+            // a status may have a node
+            Node node = status.getNode();
+            return node;
+        }
+    }
     
     /**
      * Manually ensures that all cascading of associations is taken care of
@@ -261,37 +294,23 @@ public class HibernateNodeDaoServiceImpl extends HibernateDaoSupport implements
             deleteNodeAssoc(assoc);
         }
         // update the node status
-        NodeStatus nodeStatus = node.getStatus();
-        nodeStatus.setDeleted(true);
-        nodeStatus.setChangeTxnId(AlfrescoTransactionSupport.getTransactionId());
+        NodeRef nodeRef = node.getNodeRef();
+        NodeStatus nodeStatus = getNodeStatus(nodeRef);
+        if (nodeStatus == null)
+        {
+            logger.warn("Node to be deleted does not have a status: \n" +
+                    "   node: " + node.getId());
+        }
+        else
+        {
+            nodeStatus.setNode(null);
+            nodeStatus.setChangeTxnId(AlfrescoTransactionSupport.getTransactionId());
+        }
         // finally delete the node
         getHibernateTemplate().delete(node);
         // done
     }
 
-    /**
-     * Fetch the node status, if it exists
-     */
-    public NodeStatus getNodeStatus(String protocol, String identifier, String id)
-    {
-        try
-        {
-            NodeKey nodeKey = new NodeKey(protocol, identifier, id);
-            Object obj = getHibernateTemplate().get(NodeStatusImpl.class, nodeKey);
-            // done
-            return (NodeStatus) obj;
-        }
-        catch (DataAccessException e)
-        {
-            if (e.contains(ObjectDeletedException.class))
-            {
-                // the object no loner exists
-                return null;
-            }
-            throw e;
-        }
-    }
-
     public ChildAssoc newChildAssoc(
             Node parentNode,
             Node childNode,
@@ -427,21 +446,15 @@ public class HibernateNodeDaoServiceImpl extends HibernateDaoSupport implements
             final Node targetNode,
             final QName assocTypeQName)
     {
-        final NodeKey sourceKey = sourceNode.getKey();
-        final NodeKey targetKey = targetNode.getKey();
         HibernateCallback callback = new HibernateCallback()
         {
             public Object doInHibernate(Session session)
             {
                 Query query = session.getNamedQuery(HibernateNodeDaoServiceImpl.QUERY_GET_NODE_ASSOC);
-                query.setString("sourceKeyProtocol", sourceKey.getProtocol())
-                     .setString("sourceKeyIdentifier", sourceKey.getIdentifier())
-                     .setString("sourceKeyGuid", sourceKey.getGuid())
+                query.setEntity("sourceNode", sourceNode)
+                     .setEntity("targetNode", targetNode)
                      .setString("assocTypeQName", assocTypeQName.toString())
-                     .setString("targetKeyProtocol", targetKey.getProtocol())
-                     .setString("targetKeyIdentifier", targetKey.getIdentifier())
-                     .setString("targetKeyGuid", targetKey.getGuid());
-                query.setMaxResults(1);
+                     .setMaxResults(1);
                 return query.uniqueResult();
             }
         };
@@ -458,15 +471,12 @@ public class HibernateNodeDaoServiceImpl extends HibernateDaoSupport implements
     @SuppressWarnings("unchecked")
     public Collection<Node> getNodeAssocTargets(final Node sourceNode, final QName assocTypeQName)
     {
-        final NodeKey sourceKey = sourceNode.getKey();
         HibernateCallback callback = new HibernateCallback()
         {
             public Object doInHibernate(Session session)
             {
                 Query query = session.getNamedQuery(HibernateNodeDaoServiceImpl.QUERY_GET_NODE_ASSOC_TARGETS);
-                query.setString("sourceKeyProtocol", sourceKey.getProtocol())
-                     .setString("sourceKeyIdentifier", sourceKey.getIdentifier())
-                     .setString("sourceKeyGuid", sourceKey.getGuid())
+                query.setEntity("sourceNode", sourceNode)
                      .setString("assocTypeQName", assocTypeQName.toString());
                 return query.list();
             }
@@ -479,15 +489,12 @@ public class HibernateNodeDaoServiceImpl extends HibernateDaoSupport implements
     @SuppressWarnings("unchecked")
     public Collection<Node> getNodeAssocSources(final Node targetNode, final QName assocTypeQName)
     {
-        final NodeKey targetKey = targetNode.getKey();
         HibernateCallback callback = new HibernateCallback()
         {
             public Object doInHibernate(Session session)
             {
                 Query query = session.getNamedQuery(HibernateNodeDaoServiceImpl.QUERY_GET_NODE_ASSOC_SOURCES);
-                query.setString("targetKeyProtocol", targetKey.getProtocol())
-                     .setString("targetKeyIdentifier", targetKey.getIdentifier())
-                     .setString("targetKeyGuid", targetKey.getGuid())
+                query.setEntity("targetNode", targetNode)
                      .setString("assocTypeQName", assocTypeQName.toString());
                 return query.list();
             }
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/AbstractPermissionEntry.java b/source/java/org/alfresco/repo/security/permissions/impl/AbstractPermissionEntry.java
index 5429bd850f..adb09bb274 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/AbstractPermissionEntry.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/AbstractPermissionEntry.java
@@ -44,10 +44,8 @@ public abstract class AbstractPermissionEntry implements PermissionEntry
             return false;
         }
         AbstractPermissionEntry other = (AbstractPermissionEntry) o;
-        return EqualsHelper.nullSafeEquals(this.getNodeRef(),
-                other.getNodeRef())
-                && EqualsHelper.nullSafeEquals(this.getPermissionReference(),
-                        other.getPermissionReference())
+        return EqualsHelper.nullSafeEquals(this.getNodeRef(), other.getNodeRef())
+                && EqualsHelper.nullSafeEquals(this.getPermissionReference(), other.getPermissionReference())
                 && EqualsHelper.nullSafeEquals(this.getAuthority(), other.getAuthority())
                 && EqualsHelper.nullSafeEquals(this.getAccessStatus(), other.getAccessStatus());
     }
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java b/source/java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java
index 63b43c643d..2bdf61e687 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/AbstractPermissionTest.java
@@ -136,7 +136,15 @@ public class AbstractPermissionTest extends BaseSpringTest
 
     protected void onTearDownInTransaction() throws Exception
     {
-        flushAndClear();
+        try
+        {
+            flushAndClear();
+        }
+        catch (Throwable e)
+        {
+            // don't absorb the exception
+            e.printStackTrace();
+        }
         super.onTearDownInTransaction();
     }
 
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
index 02207ccafb..9073501937 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
@@ -73,7 +73,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
     /*
      * Access to permissions
      */
-    private PermissionsDAO permissionsDAO;
+    private PermissionsDaoComponent permissionsDaoComponent;
 
     /*
      * Access to the node service
@@ -127,9 +127,9 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
         this.nodeService = nodeService;
     }
 
-    public void setPermissionsDAO(PermissionsDAO permissionsDAO)
+    public void setPermissionsDaoComponent(PermissionsDaoComponent permissionsDaoComponent)
     {
-        this.permissionsDAO = permissionsDAO;
+        this.permissionsDaoComponent = permissionsDaoComponent;
     }
 
     public void setAuthenticationComponent(AuthenticationComponent authenticationComponent)
@@ -171,7 +171,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
         {
             throw new IllegalArgumentException("Property 'nodeService' has not been set");
         }
-        if (permissionsDAO == null)
+        if (permissionsDaoComponent == null)
         {
             throw new IllegalArgumentException("Property 'permissionsDAO' has not been set");
         }
@@ -332,7 +332,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
 
     public NodePermissionEntry getSetPermissions(NodeRef nodeRef)
     {
-        return permissionsDAO.getPermissions(nodeRef);
+        return permissionsDaoComponent.getPermissions(nodeRef);
     }
 
     public AccessStatus hasPermission(NodeRef nodeRef, PermissionReference perm)
@@ -469,55 +469,60 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
 
     public void deletePermissions(NodeRef nodeRef)
     {
-        permissionsDAO.deletePermissions(nodeRef);
+        permissionsDaoComponent.deletePermissions(nodeRef);
         accessCache.clear();
     }
 
     public void deletePermissions(NodePermissionEntry nodePermissionEntry)
     {
-        permissionsDAO.deletePermissions(nodePermissionEntry);
+        permissionsDaoComponent.deletePermissions(nodePermissionEntry.getNodeRef());
         accessCache.clear();
     }
 
+    /**
+     * @see #deletePermission(NodeRef, String, PermissionReference)
+     */
     public void deletePermission(PermissionEntry permissionEntry)
     {
-        permissionsDAO.deletePermissions(permissionEntry);
-        accessCache.clear();
+        NodeRef nodeRef = permissionEntry.getNodeRef();
+        String authority = permissionEntry.getAuthority();
+        PermissionReference permission = permissionEntry.getPermissionReference();
+        deletePermission(nodeRef, authority, permission);
     }
 
-    public void deletePermission(NodeRef nodeRef, String authority, PermissionReference perm, boolean allow)
+    public void deletePermission(NodeRef nodeRef, String authority, PermissionReference perm)
     {
-        permissionsDAO.deletePermissions(nodeRef, authority, perm, allow);
+        permissionsDaoComponent.deletePermission(nodeRef, authority, perm);
         accessCache.clear();
     }
 
     public void clearPermission(NodeRef nodeRef, String authority)
     {
-        permissionsDAO.clearPermission(nodeRef, authority);
+        permissionsDaoComponent.deletePermissions(nodeRef, authority);
         accessCache.clear();
     }
 
     public void setPermission(NodeRef nodeRef, String authority, PermissionReference perm, boolean allow)
     {
-        permissionsDAO.setPermission(nodeRef, authority, perm, allow);
+        permissionsDaoComponent.setPermission(nodeRef, authority, perm, allow);
         accessCache.clear();
     }
 
     public void setPermission(PermissionEntry permissionEntry)
     {
-        permissionsDAO.setPermission(permissionEntry);
+        permissionsDaoComponent.setPermission(permissionEntry);
         accessCache.clear();
     }
 
     public void setPermission(NodePermissionEntry nodePermissionEntry)
     {
-        permissionsDAO.setPermission(nodePermissionEntry);
+        permissionsDaoComponent.setPermission(nodePermissionEntry);
         accessCache.clear();
     }
 
     public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
     {
-        permissionsDAO.setInheritParentPermissions(nodeRef, inheritParentPermissions);
+        permissionsDaoComponent.setInheritParentPermissions(nodeRef, inheritParentPermissions);
         accessCache.clear();
     }
     
@@ -526,7 +531,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
      */
     public boolean getInheritParentPermissions(NodeRef nodeRef)
     {
-        return permissionsDAO.getInheritParentPermissions(nodeRef);
+        return permissionsDaoComponent.getInheritParentPermissions(nodeRef);
     }
 
     
@@ -567,9 +572,9 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
         return modelDAO.getExposedPermissions(nodeRef);
     }
 
-    public void deletePermission(NodeRef nodeRef, String authority, String perm, boolean allow)
+    public void deletePermission(NodeRef nodeRef, String authority, String perm)
     {
-        deletePermission(nodeRef, authority, getPermissionReference(perm), allow);
+        deletePermission(nodeRef, authority, getPermissionReference(perm));
     }
 
     public AccessStatus hasPermission(NodeRef nodeRef, String perm)
@@ -584,7 +589,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
 
     public void deletePermissions(String recipient)
     {
-        permissionsDAO.deleteAllPermissionsForAuthority(recipient);
+        permissionsDaoComponent.deletePermissions(recipient);
         accessCache.clear();
     }
     
@@ -748,7 +753,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
                 if (car.getParentRef() != null)
                 {
 
-                    NodePermissionEntry nodePermissions = permissionsDAO.getPermissions(car.getChildRef());
+                    NodePermissionEntry nodePermissions = permissionsDaoComponent.getPermissions(car.getChildRef());
                     if ((nodePermissions == null) || (nodePermissions.inheritPermissions()))
                     {
 
@@ -848,7 +853,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
                 // Build the next element of the evaluation chain
                 if (car.getParentRef() != null)
                 {
-                    NodePermissionEntry nodePermissions = permissionsDAO.getPermissions(car.getChildRef());
+                    NodePermissionEntry nodePermissions = permissionsDaoComponent.getPermissions(car.getChildRef());
                     if ((nodePermissions == null) || (nodePermissions.inheritPermissions()))
                     {
                         car = nodeService.getPrimaryParent(car.getParentRef());
@@ -900,7 +905,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
             Set<Pair<String, PermissionReference>> deniedSet = new HashSet<Pair<String, PermissionReference>>();
 
             // Loop over all denied permissions
-            NodePermissionEntry nodeEntry = permissionsDAO.getPermissions(nodeRef);
+            NodePermissionEntry nodeEntry = permissionsDaoComponent.getPermissions(nodeRef);
             if (nodeEntry != null)
             {
                 for (PermissionEntry pe : nodeEntry.getPermissionEntries())
@@ -950,7 +955,7 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
          */
         boolean checkRequired(Set<String> authorisations, NodeRef nodeRef, Set<Pair<String, PermissionReference>> denied)
         {
-            NodePermissionEntry nodeEntry = permissionsDAO.getPermissions(nodeRef);
+            NodePermissionEntry nodeEntry = permissionsDaoComponent.getPermissions(nodeRef);
 
             // No permissions set - short cut to deny
             if (nodeEntry == null)
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
index 72abded2af..95d6d050fa 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
@@ -32,6 +32,14 @@ import org.alfresco.service.namespace.QName;
 
 public class PermissionServiceTest extends AbstractPermissionTest
 {
+    private SimplePermissionEntry denyAndyAll;
+    private SimplePermissionEntry allowAndyAll;
+    private SimplePermissionEntry denyAndyRead;
+    private SimplePermissionEntry allowAndyRead;
+    private SimplePermissionEntry denyAndyReadProperties;
+    private SimplePermissionEntry allowAndyReadProperties;
+    private SimplePermissionEntry allowAndyReadChildren;
+    
     public PermissionServiceTest()
     {
         super();
@@ -51,9 +59,48 @@ public class PermissionServiceTest extends AbstractPermissionTest
         }
         fail("Missing role ROLE_AUTHENTICATED ");
     }
-
- 
     
+    @Override
+    protected void onSetUpInTransaction() throws Exception
+    {
+        super.onSetUpInTransaction();
+        denyAndyAll = new SimplePermissionEntry(
+                rootNodeRef,
+                permissionService.getAllPermissionReference(),
+                "andy",
+                AccessStatus.DENIED);
+        allowAndyAll = new SimplePermissionEntry(
+                rootNodeRef,
+                permissionService.getAllPermissionReference(),
+                "andy",
+                AccessStatus.ALLOWED);
+        denyAndyRead = new SimplePermissionEntry(
+                rootNodeRef,
+                getPermission(PermissionService.READ),
+                "andy",
+                AccessStatus.DENIED);
+        allowAndyRead = new SimplePermissionEntry(
+                rootNodeRef,
+                getPermission(PermissionService.READ),
+                "andy",
+                AccessStatus.ALLOWED);
+        denyAndyReadProperties = new SimplePermissionEntry(
+                rootNodeRef,
+                getPermission(PermissionService.READ_PROPERTIES),
+                "andy",
+                AccessStatus.DENIED);
+        allowAndyReadProperties = new SimplePermissionEntry(
+                rootNodeRef,
+                getPermission(PermissionService.READ_PROPERTIES),
+                "andy",
+                AccessStatus.ALLOWED);
+        allowAndyReadChildren = new SimplePermissionEntry(
+                rootNodeRef,
+                getPermission(PermissionService.READ_CHILDREN),
+                "andy",
+                AccessStatus.ALLOWED);
+    }
+
     public void testSetInheritFalse()
     {
         runAs("andy");
@@ -137,6 +184,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
 
     public void testSetPermissionEntryElements()
     {
+        // add andy-all (allow)
         permissionService.setPermission(rootNodeRef, "andy", permissionService.getAllPermission(), true);
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
@@ -153,70 +201,59 @@ public class PermissionServiceTest extends AbstractPermissionTest
             assertEquals(rootNodeRef, pe.getNodeRef());
         }
 
-        // Set duplicate
-
+        // add andy-all (allow)
         permissionService.setPermission(rootNodeRef, "andy", permissionService.getAllPermission(), true);
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
         assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
 
-        // Set new
-
+        // add other-all (allow)
         permissionService.setPermission(rootNodeRef, "other", permissionService.getAllPermission(), true);
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
         assertEquals(2, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
 
-        // Add deny
-
+        // add andy-all (deny)
         permissionService.setPermission(rootNodeRef, "andy", permissionService.getAllPermission(), false);
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
-        assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
-
-        // new
-
-        permissionService.setPermission(rootNodeRef, "andy", PermissionService.READ, false);
-        assertNotNull(permissionService.getSetPermissions(rootNodeRef));
-        assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
-        assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
-        assertEquals(4, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
-
-        // delete
-
-        permissionService.deletePermission(rootNodeRef, "andy", PermissionService.READ, false);
-        assertNotNull(permissionService.getSetPermissions(rootNodeRef));
-        assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
-        assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
-        assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
-
-        permissionService.deletePermission(rootNodeRef, "andy", permissionService.getAllPermission(), false);
-        assertNotNull(permissionService.getSetPermissions(rootNodeRef));
-        assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
-        assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
         assertEquals(2, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
 
-        permissionService.deletePermission(rootNodeRef, "other", permissionService.getAllPermission(), true);
+        // add andy-read (deny)
+        permissionService.setPermission(rootNodeRef, "andy", PermissionService.READ, false);
+        assertNotNull(permissionService.getSetPermissions(rootNodeRef));
+        assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
+        assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
+        assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
+
+        // remove andy-read
+        permissionService.deletePermission(rootNodeRef, "andy", PermissionService.READ);
+        assertNotNull(permissionService.getSetPermissions(rootNodeRef));
+        assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
+        assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
+        assertEquals(2, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
+
+        // remove andy-all
+        permissionService.deletePermission(rootNodeRef, "andy", permissionService.getAllPermission());
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
         assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
-
-        permissionService.deletePermission(rootNodeRef, "andy", permissionService.getAllPermission(), true);
+        
+        // remove other-all
+        permissionService.deletePermission(rootNodeRef, "other", permissionService.getAllPermission());
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
         assertEquals(0, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
-
     }
 
     public void testSetPermissionEntry()
     {
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService
-                .getAllPermissionReference(), "andy", AccessStatus.ALLOWED));
+        permissionService.setPermission(allowAndyAll);
         permissionService.setPermission(rootNodeRef, "andy", permissionService.getAllPermission(), true);
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
@@ -235,8 +272,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
 
         // Set duplicate
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService
-                .getAllPermissionReference(), "andy", AccessStatus.ALLOWED));
+        permissionService.setPermission(allowAndyAll);
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
@@ -253,12 +289,11 @@ public class PermissionServiceTest extends AbstractPermissionTest
 
         // Deny
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService
-                .getAllPermissionReference(), "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyAll);
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
-        assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
+        assertEquals(2, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
 
         // new
 
@@ -267,31 +302,30 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
-        assertEquals(4, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
+        assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
 
         permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, new SimplePermissionReference(QName
                 .createQName("A", "B"), "C"), "andy", AccessStatus.DENIED));
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
-        assertEquals(3, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
-
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, permissionService
-                .getAllPermissionReference(), "andy", AccessStatus.DENIED));
-        assertNotNull(permissionService.getSetPermissions(rootNodeRef));
-        assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
-        assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
         assertEquals(2, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
 
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, permissionService
-                .getAllPermissionReference(), "other", AccessStatus.ALLOWED));
+        permissionService.deletePermission(denyAndyAll);
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
         assertEquals(1, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
 
         permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef, permissionService
-                .getAllPermissionReference(), "andy", AccessStatus.ALLOWED));
+                .getAllPermissionReference(), "other", AccessStatus.ALLOWED));
+        assertNotNull(permissionService.getSetPermissions(rootNodeRef));
+        assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
+        assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
+        assertEquals(0, permissionService.getSetPermissions(rootNodeRef).getPermissionEntries().size());
+
+        // delete when we know there's nothing do delete
+        permissionService.deletePermission(allowAndyAll);
         assertNotNull(permissionService.getSetPermissions(rootNodeRef));
         assertTrue(permissionService.getSetPermissions(rootNodeRef).inheritPermissions());
         assertEquals(rootNodeRef, permissionService.getSetPermissions(rootNodeRef).getNodeRef());
@@ -356,7 +390,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
 
         permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
                 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
-        assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
+        assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         runAs("lemur");
@@ -364,33 +398,17 @@ public class PermissionServiceTest extends AbstractPermissionTest
 
         permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
                 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
-        assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
+        assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
         runAs("andy");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
-        assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
-        runAs("andy");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
-        assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
-        runAs("andy");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         runAs("lemur");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
 
         permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
                 getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
-        assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
+        assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
         runAs("andy");
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         runAs("lemur");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
 
@@ -476,8 +494,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
         assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.ALLOWED));
+        permissionService.setPermission(allowAndyRead);
         runAs("andy");
 
         assertEquals(25, permissionService.getPermissions(rootNodeRef).size());
@@ -494,78 +511,20 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.DENIED));
-        runAs("andy");
-        assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.ALLOWED));
-        runAs("andy");
-        assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.DENIED));
-        runAs("andy");
-        assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.ALLOWED));
-        runAs("andy");
-        assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ), "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyRead);
         runAs("andy");
         assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
+        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
+        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
+        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
         runAs("lemur");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
+        permissionService.deletePermission(allowAndyRead);
         runAs("andy");
         assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -595,8 +554,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
 
         assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+        permissionService.setPermission(allowAndyReadProperties);
         runAs("andy");
         assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
         assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -607,8 +565,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+        permissionService.setPermission(allowAndyReadChildren);
         assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
         runAs("andy");
         assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -617,58 +574,16 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
-        assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size());
-        runAs("andy");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
-        assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size());
-        runAs("andy");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
-        assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size());
-        runAs("andy");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
-        assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size());
-        runAs("andy");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyReadProperties);
         assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
         runAs("andy");
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         runAs("lemur");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
 
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+        permissionService.deletePermission(allowAndyReadChildren);
         assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -676,6 +591,15 @@ public class PermissionServiceTest extends AbstractPermissionTest
         runAs("lemur");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+
+        permissionService.deletePermission(allowAndyReadProperties);
+        assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
+        runAs("andy");
+        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+        runAs("lemur");
+        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
+        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
     }
 
     public void testPermissionGroupSimpleInheritance()
@@ -704,8 +628,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.ALLOWED));
+        permissionService.setPermission(allowAndyRead);
         runAs("andy");
         assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -725,8 +648,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyRead);
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -746,92 +668,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.ALLOWED));
-        runAs("andy");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.DENIED));
-        runAs("andy");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.ALLOWED));
-        runAs("andy");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ), "andy", AccessStatus.DENIED));
-        runAs("andy");
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(n1, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
+        permissionService.deletePermission(allowAndyRead);
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -859,29 +696,19 @@ public class PermissionServiceTest extends AbstractPermissionTest
         runAs("lemur");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+        permissionService.setPermission(allowAndyReadProperties);
         runAs("andy");
         assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         runAs("lemur");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyReadProperties);
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         runAs("lemur");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
 
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
-        runAs("andy");
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.ALLOWED));
+        permissionService.deletePermission(allowAndyReadProperties);
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         runAs("lemur");
@@ -902,8 +729,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.ALLOWED));
+        permissionService.setPermission(allowAndyRead);
         runAs("andy");
         assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -915,8 +741,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyRead);
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -928,21 +753,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ), "andy", AccessStatus.DENIED));
-        runAs("andy");
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
+        permissionService.deletePermission(allowAndyRead);
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -969,8 +780,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.ALLOWED));
+        permissionService.setPermission(allowAndyRead);
         runAs("andy");
         assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -982,8 +792,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_PROPERTIES), "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyReadProperties);
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -995,8 +804,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ_CHILDREN), "andy", AccessStatus.ALLOWED));
+        permissionService.setPermission(allowAndyReadChildren);
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1008,8 +816,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyRead);
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1107,8 +914,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
         assertEquals(0, permissionService.getAllSetPermissions(rootNodeRef).size());
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService
-                .getAllPermissionReference(), "andy", AccessStatus.ALLOWED));
+        
+        permissionService.setPermission(allowAndyAll);
         assertEquals(1, permissionService.getAllSetPermissions(rootNodeRef).size());
         runAs("andy");
         assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1125,8 +932,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyRead);
         runAs("andy");
         assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1143,9 +949,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService
-                .getAllPermissionReference(), "andy", AccessStatus.DENIED));
-        assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size());
+        permissionService.setPermission(denyAndyAll);
+        assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.WRITE)) == AccessStatus.ALLOWED);
@@ -1160,10 +965,8 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
     }
     
-    
     public void testOldAllPermissions()
     {
         runAs("andy");
@@ -1199,8 +1002,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ),
-                "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyRead);
         runAs("andy");
         assertEquals(2, permissionService.getAllSetPermissions(rootNodeRef).size());
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1217,8 +1019,7 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, permissionService
-                .getAllPermissionReference(), "andy", AccessStatus.DENIED));
+        permissionService.setPermission(denyAndyAll);
         assertEquals(3, permissionService.getAllSetPermissions(rootNodeRef).size());
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
@@ -1234,13 +1035,10 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
     }
-    
 
     public void testAuthenticatedAuthority()
     {
-
         runAs("andy");
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
@@ -1278,19 +1076,6 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.DENIED));
-        runAs("andy");
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
         permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
                 getPermission(PermissionService.READ), ROLE_AUTHENTICATED, AccessStatus.ALLOWED));
         runAs("andy");
@@ -1345,19 +1130,6 @@ public class PermissionServiceTest extends AbstractPermissionTest
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
         assertFalse(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
 
-        permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
-                getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.DENIED));
-        runAs("andy");
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-        runAs("lemur");
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_PROPERTIES)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CHILDREN)) == AccessStatus.ALLOWED);
-        assertTrue(permissionService.hasPermission(rootNodeRef, getPermission(PermissionService.READ_CONTENT)) == AccessStatus.ALLOWED);
-
         permissionService.deletePermission(new SimplePermissionEntry(rootNodeRef,
                 getPermission(PermissionService.READ), permissionService.getAllAuthorities(), AccessStatus.ALLOWED));
         runAs("andy");
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDAO.java b/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java
similarity index 69%
rename from source/java/org/alfresco/repo/security/permissions/impl/PermissionsDAO.java
rename to source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java
index 733e1747b7..b207840307 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDAO.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/PermissionsDaoComponent.java
@@ -26,7 +26,7 @@ import org.alfresco.service.cmr.repository.NodeRef;
  * 
  * @author andyh
  */
-public interface PermissionsDAO
+public interface PermissionsDaoComponent
 {
     /**
      * Get the permissions that have been set on a given node.
@@ -37,42 +37,36 @@ public interface PermissionsDAO
     public NodePermissionEntry getPermissions(NodeRef nodeRef);
 
     /**
-     * Delete all the permissions on a given node.
-     * The node permission and all the permission entries it contains will be deleted.
+     * Delete the access control list and all access control entries for the node.
      * 
-     * @param nodeRef
+     * @param nodeRef the node for which to delete permission
      */
     public void deletePermissions(NodeRef nodeRef);
 
     /**
-     * Delete all the permissions on a given node.
-     * The node permission and all the permission entries it contains will be deleted.
-     * 
-     * @param nodePermissionEntry
+     * Remove all permissions for the specvified authority
+     * @param authority
      */
-    public void deletePermissions(NodePermissionEntry nodePermissionEntry);
+    public void deletePermissions(String authority);
 
+    /**
+     * Delete permission entries for the given node and authority
+     * 
+     * @param nodeRef the node to query against
+     * @param authority the specific authority to query against
+     */
+    public void deletePermissions(NodeRef nodeRef, String authority);
     
     /**
-     * Delete as single permission entry.
-     * This deleted one permission on the node. It does not affect the persistence of any other permissions.
-     * 
-     * @param permissionEntry
-     */
-    public void deletePermissions(PermissionEntry permissionEntry);
-
-    /**
-     * 
      * Delete as single permission entry, if a match is found.
      * This deleted one permission on the node. It does not affect the persistence of any other permissions.
      * 
-     * @param nodeRef
-     * @param authority
-     * @param perm
-     * @param allow
+     * @param nodeRef the node with the access control list
+     * @param authority the specific authority to look for
+     * @param permission the permission to look for
      */
-    public void deletePermissions(NodeRef nodeRef, String authority, PermissionReference perm,  boolean allow);
-
+    public void deletePermission(NodeRef nodeRef, String authority, PermissionReference permission);
+    
     /**
      * Set a permission on a node.
      * If the node has no permissions set then a default node permission (allowing inheritance) will be created to
@@ -114,19 +108,4 @@ public interface PermissionsDAO
      * @return inheritParentPermissions
      */
     public boolean getInheritParentPermissions(NodeRef nodeRef);
-    
-    /**
-     * Clear all the permissions set for a given authentication
-     * 
-     * @param nodeRef
-     * @param authority
-     */
-    public void clearPermission(NodeRef nodeRef, String authority);
-    
-    /**
-     * Remove all permissions for the specvified authority
-     * @param authority
-     */
-    public void deleteAllPermissionsForAuthority(String authority);
-
 }
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/HibernatePermissionTest.java b/source/java/org/alfresco/repo/security/permissions/impl/hibernate/HibernatePermissionTest.java
index cfbf56bc52..4d84696c38 100644
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/HibernatePermissionTest.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/hibernate/HibernatePermissionTest.java
@@ -18,17 +18,36 @@ package org.alfresco.repo.security.permissions.impl.hibernate;
 
 import java.io.Serializable;
 
-import org.alfresco.repo.domain.NodeKey;
+import org.alfresco.repo.domain.DbAccessControlEntry;
+import org.alfresco.repo.domain.DbAccessControlList;
+import org.alfresco.repo.domain.DbAuthority;
+import org.alfresco.repo.domain.DbPermission;
+import org.alfresco.repo.domain.Node;
+import org.alfresco.repo.domain.Store;
+import org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl;
+import org.alfresco.repo.domain.hibernate.DbAccessControlListImpl;
+import org.alfresco.repo.domain.hibernate.DbAuthorityImpl;
+import org.alfresco.repo.domain.hibernate.DbPermissionImpl;
+import org.alfresco.repo.node.db.NodeDaoService;
+import org.alfresco.service.cmr.repository.StoreRef;
+import org.alfresco.service.namespace.NamespaceService;
+import org.alfresco.service.namespace.QName;
 import org.alfresco.util.BaseSpringTest;
+import org.alfresco.util.GUID;
+import org.hibernate.ObjectDeletedException;
 
 /**
- * Test persistence and retrieval of Hibernate-specific implementations of the
- * {@link org.alfresco.repo.domain.Node} interface
+ * @see org.alfresco.repo.domain.hibernate.PermissionsDaoComponentImpl
+ * @see org.alfresco.repo.domain.DbAccessControlList
+ * @see org.alfresco.repo.domain.DbAccessControlEntry
  * 
  * @author Andy Hind
  */
 public class HibernatePermissionTest extends BaseSpringTest
-{    
+{
+    private NodeDaoService nodeDaoService;
+    private Node node;
+    private QName qname;
   
     public HibernatePermissionTest()
     {
@@ -36,174 +55,172 @@ public class HibernatePermissionTest extends BaseSpringTest
     
     protected void onSetUpInTransaction() throws Exception
     {
+        nodeDaoService = (NodeDaoService) applicationContext.getBean("nodeDaoService");
         
+        // create the node to play with
+        Store store = nodeDaoService.createStore(
+                StoreRef.PROTOCOL_WORKSPACE,
+                getName() + "_" + System.currentTimeMillis());
+        qname = QName.createQName(NamespaceService.ALFRESCO_URI, getName());
+        node = nodeDaoService.newNode(
+                store,
+                GUID.generate(),
+                qname);
     }
     
     protected void onTearDownInTransaction()
     {
-        // force a flush to ensure that the database updates succeed
-        getSession().flush();
-        getSession().clear();
+        try
+        {
+            // force a flush to ensure that the database updates succeed
+            getSession().flush();
+            getSession().clear();
+        }
+        catch (Throwable e)
+        {
+            // don't mask any other exception coming through
+            e.printStackTrace();
+        }
     }
-   
 
-	public void testSimpleNodePermission() throws Exception
+	public void testSimpleAccessControlList() throws Exception
 	{
         // create a new Node
-        NodePermissionEntry nodePermission = new NodePermissionEntryImpl();
-		NodeKey key = new NodeKey("Random Protocol", "Random Identifier", "AAA");
-        nodePermission.setNodeKey(key);
-        nodePermission.setInherits(true);
+        DbAccessControlList accessControlList = new DbAccessControlListImpl();
+        accessControlList.setNode(node);
+        accessControlList.setInherits(true);
         
-        Serializable id = getSession().save(nodePermission);
+        Serializable id = getSession().save(accessControlList);
 			
         // throw the reference away and get the a new one for the id
-        nodePermission = (NodePermissionEntry) getSession().load(NodePermissionEntryImpl.class, id);
-        assertNotNull("Node not found", nodePermission);
-        assertTrue(nodePermission.getInherits());
+        accessControlList = (DbAccessControlList) getSession().load(DbAccessControlListImpl.class, id);
+        assertNotNull("Access control list not found", accessControlList);
+        assertTrue(accessControlList.getInherits());
         
         // Update inherits 
         
-        nodePermission.setInherits(false);
-        id = getSession().save(nodePermission);
+        accessControlList.setInherits(false);
+        id = getSession().save(accessControlList);
         
         // throw the reference away and get the a new one for the id
-        nodePermission = (NodePermissionEntry) getSession().load(NodePermissionEntryImpl.class, id);
-        assertNotNull("Node not found", nodePermission);
-        assertFalse(nodePermission.getInherits());
+        accessControlList = (DbAccessControlList) getSession().load(DbAccessControlListImpl.class, id);
+        assertNotNull("Node not found", accessControlList);
+        assertFalse(accessControlList.getInherits());
 	}
     
-    public void testSimplePermissionReference()
+    public void testSimplePermission()
     {
-        PermissionReference permissionReference = new PermissionReferenceImpl();
-        permissionReference.setName("Test");
-        permissionReference.setTypeUri("TestUri");
-        permissionReference.setTypeName("TestName");
+        DbPermission permission = new DbPermissionImpl();
+        permission.setTypeQname(qname);
+        permission.setName("Test");
         
-        Serializable id = getSession().save(permissionReference);
+        Serializable id = getSession().save(permission);
         
         // throw the reference away and get the a new one for the id
-        permissionReference = (PermissionReference) getSession().load(PermissionReferenceImpl.class, id);
-        assertNotNull("Node not found", permissionReference);
-        assertEquals("Test", permissionReference.getName());
-        assertEquals("TestUri", permissionReference.getTypeUri());
-        assertEquals("TestName", permissionReference.getTypeName());
+        permission = (DbPermission) getSession().load(DbPermissionImpl.class, id);
+        assertNotNull("Permission not found", permission);
+        assertEquals("Test", permission.getName());
+        assertEquals(qname, permission.getTypeQname());
         
         // Test key
-        
-        PermissionReference key = new PermissionReferenceImpl();
-        key.setName("Test");
-        key.setTypeUri("TestUri");
-        key.setTypeName("TestName");
-        
-        permissionReference = (PermissionReference) getSession().load(PermissionReferenceImpl.class, key);
-        assertNotNull("Node not found", permissionReference);
-        assertEquals("Test", permissionReference.getName());
-        assertEquals("TestUri", permissionReference.getTypeUri());
-        assertEquals("TestName", permissionReference.getTypeName());
+        permission = (DbPermission) getSession().load(DbPermissionImpl.class, id);
+        assertNotNull("Permission not found", permission);
+        assertEquals("Test", permission.getName());
+        assertEquals(qname, permission.getTypeQname());
     }
     
-    public void testSimpleRecipient()
+    public void testSimpleAuthority()
     {
-        Recipient recipient = new RecipientImpl();
-        recipient.setRecipient("Test");
-        recipient.getExternalKeys().add("One");
+        DbAuthority authority = new DbAuthorityImpl();
+        authority.setRecipient("Test");
+        authority.getExternalKeys().add("One");
         
-        Serializable id = getSession().save(recipient);
+        Serializable id = getSession().save(authority);
         
         // throw the reference away and get the a new one for the id
-        recipient = (Recipient) getSession().load(RecipientImpl.class, id);
-        assertNotNull("Node not found", recipient);
-        assertEquals("Test", recipient.getRecipient());
-        assertEquals(1, recipient.getExternalKeys().size());
-        
-        // Key
-        
-
-        Recipient key = new RecipientImpl();
-        key.setRecipient("Test");
-        
-        recipient = (Recipient) getSession().load(RecipientImpl.class, key);
-        assertNotNull("Node not found", recipient);
-        assertEquals("Test", recipient.getRecipient());
-        assertEquals(1, recipient.getExternalKeys().size());
-        
+        authority = (DbAuthority) getSession().load(DbAuthorityImpl.class, id);
+        assertNotNull("Node not found", authority);
+        assertEquals("Test", authority.getRecipient());
+        assertEquals(1, authority.getExternalKeys().size());
         
         // Update
         
-        recipient.getExternalKeys().add("Two");
-        id  = getSession().save(recipient);
+        authority.getExternalKeys().add("Two");
+        id  = getSession().save(authority);
       
         // throw the reference away and get the a new one for the id
-        recipient = (Recipient) getSession().load(RecipientImpl.class, id);
-        assertNotNull("Node not found", recipient);
-        assertEquals("Test", recipient.getRecipient());
-        assertEquals(2, recipient.getExternalKeys().size());
+        authority = (DbAuthority) getSession().load(DbAuthorityImpl.class, id);
+        assertNotNull("Node not found", authority);
+        assertEquals("Test", authority.getRecipient());
+        assertEquals(2, authority.getExternalKeys().size());
         
         
         // complex
         
-        recipient.getExternalKeys().add("Three");
-        recipient.getExternalKeys().remove("One");
-        recipient.getExternalKeys().remove("Two");
-        id  = getSession().save(recipient);
+        authority.getExternalKeys().add("Three");
+        authority.getExternalKeys().remove("One");
+        authority.getExternalKeys().remove("Two");
+        id  = getSession().save(authority);
         
         // Throw the reference away and get the a new one for the id
-        recipient = (Recipient) getSession().load(RecipientImpl.class, id);
-        assertNotNull("Node not found", recipient);
-        assertEquals("Test", recipient.getRecipient());
-        assertEquals(1, recipient.getExternalKeys().size());
-        
-        
+        authority = (DbAuthority) getSession().load(DbAuthorityImpl.class, id);
+        assertNotNull("Node not found", authority);
+        assertEquals("Test", authority.getRecipient());
+        assertEquals(1, authority.getExternalKeys().size());
     }
     
-    public void testNodePermissionEntry()
+    public void testAccessControlList()
     {
-        //      create a new Node
-        NodePermissionEntry nodePermission = new NodePermissionEntryImpl();
-        NodeKey key = new NodeKey("Random Protocol", "Random Identifier", "AAA");
-        nodePermission.setNodeKey(key);
-        nodePermission.setInherits(true);
+        // create a new access control list for the node
+        DbAccessControlList accessControlList = new DbAccessControlListImpl();
+        accessControlList.setNode(node);
+        accessControlList.setInherits(true);
         
-        Recipient recipient = new RecipientImpl();
+        DbAuthority recipient = new DbAuthorityImpl();
         recipient.setRecipient("Test");
         recipient.getExternalKeys().add("One");
         
-        PermissionReference permissionReference = new PermissionReferenceImpl();
-        permissionReference.setName("Test");
-        permissionReference.setTypeUri("TestUri");
-        permissionReference.setTypeName("TestName");
+        DbPermission permission = new DbPermissionImpl();
+        permission.setTypeQname(qname);
+        permission.setName("Test");
         
-        PermissionEntry permissionEntry = PermissionEntryImpl.create(nodePermission, permissionReference, recipient, true);
+        DbAccessControlEntry accessControlEntry = DbAccessControlEntryImpl.create(accessControlList, permission, recipient, true);
         
-        Serializable idNodePermision = getSession().save(nodePermission);
+        Serializable nodeAclId = getSession().save(accessControlList);
         getSession().save(recipient);
-        getSession().save(permissionReference);
-        Serializable idPermEnt = getSession().save(permissionEntry);
-        
-        permissionEntry =  (PermissionEntry) getSession().load(PermissionEntryImpl.class, idPermEnt);
-        assertNotNull("Permission entry not found", permissionEntry);
-        assertTrue(permissionEntry.isAllowed());
-        assertNotNull(permissionEntry.getNodePermissionEntry());
-        assertTrue(permissionEntry.getNodePermissionEntry().getInherits());
-        assertNotNull(permissionEntry.getPermissionReference());
-        assertEquals("Test", permissionEntry.getPermissionReference().getName());
-        assertNotNull(permissionEntry.getRecipient());
-        assertEquals("Test", permissionEntry.getRecipient().getRecipient());
-        assertEquals(1, permissionEntry.getRecipient().getExternalKeys().size());
-        
-        // Check traversal down
-        
-        nodePermission = (NodePermissionEntry) getSession().load(NodePermissionEntryImpl.class, idNodePermision);
-        assertEquals(1, nodePermission.getPermissionEntries().size());
-        
-        permissionEntry.delete();
-        getSession().delete(permissionEntry);
-        
-        nodePermission = (NodePermissionEntry) getSession().load(NodePermissionEntryImpl.class, idNodePermision);
-        assertEquals(0, nodePermission.getPermissionEntries().size());  
+        getSession().save(permission);
+        Serializable aceEntryId = getSession().save(accessControlEntry);
         
+        accessControlEntry =  (DbAccessControlEntry) getSession().load(DbAccessControlEntryImpl.class, aceEntryId);
+        assertNotNull("Permission entry not found", accessControlEntry);
+        assertTrue(accessControlEntry.isAllowed());
+        assertNotNull(accessControlEntry.getAccessControlList());
+        assertTrue(accessControlEntry.getAccessControlList().getInherits());
+        assertNotNull(accessControlEntry.getPermission());
+        assertEquals("Test", accessControlEntry.getPermission().getName());
+        assertNotNull(accessControlEntry.getAuthority());
+        assertEquals("Test", accessControlEntry.getAuthority().getRecipient());
+        assertEquals(1, accessControlEntry.getAuthority().getExternalKeys().size());
         
+        // Check that deletion of the list cascades
+        getSession().delete(accessControlList);
+        try
+        {
+            getSession().get(DbAccessControlListImpl.class, nodeAclId);
+            fail("Access control list was not deleted");
+        }
+        catch (ObjectDeletedException e)
+        {
+            // expected
+        }
+        try
+        {
+            getSession().get(DbAccessControlEntryImpl.class, aceEntryId);
+            fail("Access control entries were not cascade deleted");
+        }
+        catch (ObjectDeletedException e)
+        {
+            // expected
+        }
     }
-    
 }
\ No newline at end of file
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/HibernatePermissionsDAO.java b/source/java/org/alfresco/repo/security/permissions/impl/hibernate/HibernatePermissionsDAO.java
deleted file mode 100644
index 05cd473fde..0000000000
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/HibernatePermissionsDAO.java
+++ /dev/null
@@ -1,422 +0,0 @@
-/*
- * Copyright (C) 2005 Alfresco, Inc.
- *
- * Licensed under the Mozilla Public License version 1.1 
- * with a permitted attribution clause. You may obtain a
- * copy of the License at
- *
- *   http://www.alfresco.org/legal/license.txt
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific
- * language governing permissions and limitations under the
- * License.
- */
-package org.alfresco.repo.security.permissions.impl.hibernate;
-
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.alfresco.repo.cache.SimpleCache;
-import org.alfresco.repo.domain.NodeKey;
-import org.alfresco.repo.security.permissions.NodePermissionEntry;
-import org.alfresco.repo.security.permissions.PermissionEntry;
-import org.alfresco.repo.security.permissions.PermissionReference;
-import org.alfresco.repo.security.permissions.impl.PermissionsDAO;
-import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry;
-import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry;
-import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
-import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.security.AccessStatus;
-import org.alfresco.service.namespace.QName;
-import org.hibernate.ObjectDeletedException;
-import org.hibernate.Query;
-import org.hibernate.Session;
-import org.springframework.dao.DataAccessException;
-import org.springframework.orm.hibernate3.HibernateCallback;
-import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
-
-/**
- * Support for accessing persisted permission information.
- * 
- * This class maps between persisted objects and the external API defined in the
- * PermissionsDAO interface.
- * 
- * @author andyh
- */
-public class HibernatePermissionsDAO extends HibernateDaoSupport implements PermissionsDAO
-{
-    private SimpleCache<NodeRef, SimpleNodePermissionEntry> nullPermissionCache;
-
-    public HibernatePermissionsDAO()
-    {
-        super();
-
-    }
-
-    public void setNullPermissionCache(SimpleCache<NodeRef, SimpleNodePermissionEntry> nullPermissionCache)
-    {
-        this.nullPermissionCache = nullPermissionCache;
-    }
-
-    public NodePermissionEntry getPermissions(NodeRef nodeRef)
-    {
-        // Create the object if it is not found.
-        // Null objects are not cached in hibernate
-        // If the object does not exist it will repeatedly query to check its
-        // non existence.
-
-        NodePermissionEntry npe = nullPermissionCache.get(nodeRef);
-        if (npe != null)
-        {
-            return npe;
-        }
-
-        npe = createSimpleNodePermissionEntry(getHibernateNodePermissionEntry(nodeRef, false));
-        if (npe == null)
-        {
-            SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections
-                    .<SimplePermissionEntry> emptySet());
-            npe = snpe;
-            nullPermissionCache.put(nodeRef, snpe);
-        }
-        return npe;
-    }
-
-    /**
-     * Get the persisted NodePermissionEntry
-     * 
-     * @param nodeRef
-     * @param create -
-     *            create the object if it is missing
-     * @return
-     */
-    private org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntry getHibernateNodePermissionEntry(
-            NodeRef nodeRef, boolean create)
-    {
-        // Build the key
-        NodeKey nodeKey = getNodeKey(nodeRef);
-        try
-        {
-            Object obj = getHibernateTemplate().get(NodePermissionEntryImpl.class, nodeKey);
-            // Create if required
-            if ((obj == null) && create)
-            {
-                NodePermissionEntryImpl entry = new NodePermissionEntryImpl();
-                entry.setNodeKey(nodeKey);
-                entry.setInherits(true);
-                getHibernateTemplate().save(entry);
-                nullPermissionCache.remove(nodeRef);
-                return entry;
-            }
-            return (org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntry) obj;
-        }
-        catch (DataAccessException e)
-        {
-            if (e.contains(ObjectDeletedException.class))
-            {
-                // the object no loner exists
-                if (create)
-                {
-                    NodePermissionEntryImpl entry = new NodePermissionEntryImpl();
-                    entry.setNodeKey(nodeKey);
-                    entry.setInherits(true);
-                    getHibernateTemplate().save(entry);
-                    nullPermissionCache.remove(nodeRef);
-                    return entry;
-                }
-                else
-                {
-                    return null;
-                }
-            }
-            throw e;
-        }
-    }
-
-    /**
-     * Get a node key from a node reference
-     * 
-     * @param nodeRef
-     * @return
-     */
-    private NodeKey getNodeKey(NodeRef nodeRef)
-    {
-        NodeKey nodeKey = new NodeKey(nodeRef.getStoreRef().getProtocol(), nodeRef.getStoreRef().getIdentifier(),
-                nodeRef.getId());
-        return nodeKey;
-    }
-
-    public void deletePermissions(NodeRef nodeRef)
-    {
-        org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntry found = getHibernateNodePermissionEntry(
-                nodeRef, false);
-        if (found != null)
-        {
-            deleteHibernateNodePermissionEntry(found);
-        }
-    }
-
-    private void deleteHibernateNodePermissionEntry(
-            org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntry hibernateNodePermissionEntry)
-    {
-        deleteHibernatePermissionEntries(hibernateNodePermissionEntry.getPermissionEntries());
-        getHibernateTemplate().delete(hibernateNodePermissionEntry);
-    }
-
-    private void deleteHibernatePermissionEntries(
-            Set<org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry> permissionEntries)
-    {
-        // Avoid concurrent access problems during deletion
-        Set<org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry> copy = new HashSet<org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry>();
-        for (org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry permissionEntry : copy)
-        {
-            deleteHibernatePermissionEntry(permissionEntry);
-        }
-    }
-
-    private void deleteHibernatePermissionEntry(
-            org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry permissionEntry)
-    {
-        // Unhook bidirectoinal relationships
-        permissionEntry.delete();
-        getHibernateTemplate().delete(permissionEntry);
-    }
-
-    public void deletePermissions(NodePermissionEntry nodePermissionEntry)
-    {
-        deletePermissions(nodePermissionEntry.getNodeRef());
-    }
-
-    public void deletePermissions(PermissionEntry permissionEntry)
-    {
-        org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntry found = getHibernateNodePermissionEntry(
-                permissionEntry.getNodeRef(), false);
-        if (found != null)
-        {
-            Set<org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry> deletable = new HashSet<org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry>();
-
-            Set<org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry> entries = found.getPermissionEntries();
-            for (org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry current : entries)
-            {
-                if (permissionEntry.equals(createSimplePermissionEntry(current)))
-                {
-                    deletable.add(current);
-                }
-            }
-
-            for (org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry current : deletable)
-            {
-                deleteHibernatePermissionEntry(current);
-            }
-        }
-    }
-
-    public void clearPermission(NodeRef nodeRef, String authority)
-    {
-        org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntry found = getHibernateNodePermissionEntry(
-                nodeRef, false);
-        if (found != null)
-        {
-            Set<org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry> deletable = new HashSet<org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry>();
-
-            for (org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry current : found
-                    .getPermissionEntries())
-            {
-                if (createSimplePermissionEntry(current).getAuthority().equals(authority))
-                {
-                    deletable.add(current);
-                }
-            }
-
-            for (org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry current : deletable)
-            {
-                deleteHibernatePermissionEntry(current);
-            }
-        }
-    }
-
-    public void deletePermissions(NodeRef nodeRef, String authority, PermissionReference perm, boolean allow)
-    {
-        SimplePermissionEntry spe = new SimplePermissionEntry(nodeRef, perm == null ? null
-                : new SimplePermissionReference(perm.getQName(), perm.getName()), authority,
-                allow ? AccessStatus.ALLOWED : AccessStatus.DENIED);
-        deletePermissions(spe);
-    }
-
-    public void setPermission(NodeRef nodeRef, String authority, PermissionReference perm, boolean allow)
-    {
-        deletePermissions(nodeRef, authority, perm, allow);
-        PermissionEntryImpl entry = PermissionEntryImpl.create(getHibernateNodePermissionEntry(nodeRef, true),
-                getHibernatePermissionReference(perm, true), getHibernateAuthority(authority, true), allow);
-        getHibernateTemplate().save(entry);
-        nullPermissionCache.remove(nodeRef);
-    }
-
-    /**
-     * Utility method to find or create a persisted authority
-     * 
-     * @param authority
-     * @param create
-     * @return
-     */
-    private Recipient getHibernateAuthority(String authority, boolean create)
-    {
-        Recipient key = new RecipientImpl();
-        key.setRecipient(authority);
-
-        Recipient found = (Recipient) getHibernateTemplate().get(RecipientImpl.class, key);
-        if ((found == null) && create)
-        {
-            getHibernateTemplate().save(key);
-            return key;
-        }
-        else
-        {
-            return found;
-        }
-
-    }
-
-    /**
-     * Utility method to find and optionally create a persisted permission
-     * reference.
-     * 
-     * @param perm
-     * @param create
-     * @return
-     */
-    private org.alfresco.repo.security.permissions.impl.hibernate.PermissionReference getHibernatePermissionReference(
-            PermissionReference perm, boolean create)
-    {
-        org.alfresco.repo.security.permissions.impl.hibernate.PermissionReference key = new PermissionReferenceImpl();
-        key.setTypeUri(perm.getQName().getNamespaceURI());
-        key.setTypeName(perm.getQName().getLocalName());
-        key.setName(perm.getName());
-
-        org.alfresco.repo.security.permissions.impl.hibernate.PermissionReference found;
-
-        found = (org.alfresco.repo.security.permissions.impl.hibernate.PermissionReference) getHibernateTemplate().get(
-                PermissionReferenceImpl.class, key);
-        if ((found == null) && create)
-        {
-            getHibernateTemplate().save(key);
-            return key;
-        }
-        else
-        {
-            return found;
-        }
-
-    }
-
-    public void setPermission(PermissionEntry permissionEntry)
-    {
-        setPermission(permissionEntry.getNodeRef(), permissionEntry.getAuthority(), permissionEntry
-                .getPermissionReference(), permissionEntry.isAllowed());
-    }
-
-    public void setPermission(NodePermissionEntry nodePermissionEntry)
-    {
-        deletePermissions(nodePermissionEntry);
-        NodePermissionEntryImpl entry = new NodePermissionEntryImpl();
-        entry.setInherits(nodePermissionEntry.inheritPermissions());
-        entry.setNodeKey(getNodeKey(nodePermissionEntry.getNodeRef()));
-        getHibernateTemplate().save(entry);
-        nullPermissionCache.remove(nodePermissionEntry.getNodeRef());
-        for (PermissionEntry pe : nodePermissionEntry.getPermissionEntries())
-        {
-            setPermission(pe);
-        }
-    }
-
-    public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
-    {
-        getHibernateNodePermissionEntry(nodeRef, true).setInherits(inheritParentPermissions);
-    }
-    
-    public boolean getInheritParentPermissions(NodeRef nodeRef)
-    {
-        return getHibernateNodePermissionEntry(nodeRef, true).getInherits();
-    }
-
-    @SuppressWarnings("unchecked")
-    public void deleteAllPermissionsForAuthority(final String authority)
-    {
-        HibernateCallback callback = new HibernateCallback()
-        {
-            public Object doInHibernate(Session session)
-            {
-                Query query = session.getNamedQuery("permission.GetPermissionsForRecipient");
-                query.setString("recipientKey", authority);
-                return query.list();
-            }
-        };
-        List<org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry> queryResults = (List) getHibernateTemplate().execute(callback);
-        for (org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry current : queryResults)
-        {
-            deleteHibernatePermissionEntry(current);
-        }
-        
-    }
-
-    // Utility methods to create simple detached objects for the outside world
-    // We do not pass out the hibernate objects
-
-    private static SimpleNodePermissionEntry createSimpleNodePermissionEntry(
-            org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntry npe)
-    {
-        if (npe == null)
-        {
-            return null;
-        }
-        SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(npe.getNodeRef(), npe.getInherits(),
-                createSimplePermissionEntries(npe.getPermissionEntries()));
-        return snpe;
-    }
-
-    private static Set<SimplePermissionEntry> createSimplePermissionEntries(
-            Set<org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry> nes)
-    {
-        if (nes == null)
-        {
-            return null;
-        }
-        HashSet<SimplePermissionEntry> spes = new HashSet<SimplePermissionEntry>(nes.size(), 1.0f);
-        if (nes.size() != 0)
-        {
-            for (org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry pe : nes)
-            {
-                spes.add(createSimplePermissionEntry(pe));
-            }
-        }
-        return spes;
-    }
-
-    private static SimplePermissionEntry createSimplePermissionEntry(
-            org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry pe)
-    {
-        if (pe == null)
-        {
-            return null;
-        }
-        return new SimplePermissionEntry(pe.getNodePermissionEntry().getNodeRef(), createSimplePermissionReference(pe
-                .getPermissionReference()), pe.getRecipient().getRecipient(), pe.isAllowed() ? AccessStatus.ALLOWED
-                : AccessStatus.DENIED);
-    }
-
-    private static SimplePermissionReference createSimplePermissionReference(
-            org.alfresco.repo.security.permissions.impl.hibernate.PermissionReference pr)
-    {
-        if (pr == null)
-        {
-            return null;
-        }
-        return new SimplePermissionReference(QName.createQName(pr.getTypeUri(), pr.getTypeName()), pr.getName());
-    }
-
-}
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/NodePermissionEntryImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/hibernate/NodePermissionEntryImpl.java
deleted file mode 100644
index da0bf1650c..0000000000
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/NodePermissionEntryImpl.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright (C) 2005 Alfresco, Inc.
- *
- * Licensed under the Mozilla Public License version 1.1 
- * with a permitted attribution clause. You may obtain a
- * copy of the License at
- *
- *   http://www.alfresco.org/legal/license.txt
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific
- * language governing permissions and limitations under the
- * License.
- */
-package org.alfresco.repo.security.permissions.impl.hibernate;
-
-import java.util.HashSet;
-import java.util.Set;
-
-import org.alfresco.repo.domain.NodeKey;
-import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.repository.StoreRef;
-
-/**
- * The hibernate persisted class for node permission entries.
- * 
- * @author andyh
- */
-public class NodePermissionEntryImpl implements NodePermissionEntry
-{
-    /**
-     * The key to find node permission entries
-     */
-    private NodeKey nodeKey;
-
-    /**
-     * Inherit permissions from the parent node?
-     */
-    private boolean inherits;
-
-    /**
-     * The set of permission entries.
-     */
-    private Set<PermissionEntry> permissionEntries = new HashSet<PermissionEntry>();
-
-    public NodePermissionEntryImpl()
-    {
-        super();
-    }
-
-    public NodeKey getNodeKey()
-    {
-        return nodeKey;
-    }
-
-    public void setNodeKey(NodeKey nodeKey)
-    {
-        this.nodeKey = nodeKey;
-    }
-
-    public NodeRef getNodeRef()
-    {
-        return new NodeRef(new StoreRef(nodeKey.getProtocol(), nodeKey
-                .getIdentifier()), nodeKey.getGuid());
-    }
-
-    public boolean getInherits()
-    {
-        return inherits;
-    }
-
-    public void setInherits(boolean inherits)
-    {
-        this.inherits = inherits;
-    }
-
-    public Set<PermissionEntry> getPermissionEntries()
-    {
-        return permissionEntries;
-    }
-    
-    // Hibernate
-    
-    /* package */ void setPermissionEntries(Set<PermissionEntry> permissionEntries)
-    {
-        this.permissionEntries = permissionEntries;
-    }
-
-    // Hibernate pattern
-    
-    @Override
-    public boolean equals(Object o)
-    {
-        if (this == o)
-        {
-            return true;
-        }
-        if (!(o instanceof NodePermissionEntryImpl))
-        {
-            return false;
-        }
-        NodePermissionEntryImpl other = (NodePermissionEntryImpl) o;
-
-        return this.nodeKey.equals(other.nodeKey)
-                && (this.inherits == other.inherits)
-                && (this.permissionEntries.equals(other.permissionEntries));
-    }
-
-    @Override
-    public int hashCode()
-    {
-        return nodeKey.hashCode();
-    }
-
-}
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/Permission.hbm.xml b/source/java/org/alfresco/repo/security/permissions/impl/hibernate/Permission.hbm.xml
deleted file mode 100644
index 17c1182802..0000000000
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/Permission.hbm.xml
+++ /dev/null
@@ -1,174 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-
-<!DOCTYPE hibernate-mapping PUBLIC
-    '-//Hibernate/Hibernate Mapping DTD 3.0//EN' 
-    'http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd'>
-
-<hibernate-mapping>
-    <class 
-        name="org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntryImpl"
-        proxy="org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntry"
-        table="node_perm_entry"
-        dynamic-insert="false"
-        dynamic-update="false"
-        select-before-update="false" 
-        lazy="true"
-        optimistic-lock="version" >
-
-        <composite-id name="nodeKey" class="org.alfresco.repo.domain.NodeKey">
-           <key-property name="protocol" length="50" />
-           <key-property name="identifier" length="100" />
-           <key-property name="guid" length="36"/>
-        </composite-id>
-        
-        <property name="inherits" column="inherits" type="boolean" not-null="true" />
-        
-        <set
-            name="permissionEntries"
-            lazy="true"
-            sort="unsorted"
-            inverse="true" 
-            fetch="select" 
-            optimistic-lock="true"
-            cascade="delete" >
-            <key>
-               <column name="protocol" length="50" />
-               <column name="identifier" length="100" />
-               <column name="guid" length="36" />
-            </key>
-            <one-to-many class="org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntryImpl" />
-        </set>
-      
-    </class>
-    
-    <class 
-        name="org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntryImpl"
-        proxy="org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntry"
-        table="perm_entry"
-        dynamic-insert="false"
-        dynamic-update="false"
-        select-before-update="false"
-        lazy="true"
-        optimistic-lock="version" >
-        
-        <id
-            name="id"
-            column="id" 
-            type="long" >
-         <generator class="increment" />
-        </id>
-        
-        <many-to-one 
-            name="nodePermissionEntry" 
-            class="org.alfresco.repo.security.permissions.impl.hibernate.NodePermissionEntryImpl" 
-            lazy="no-proxy" fetch="select" optimistic-lock="true" not-null="true"  > 
-              <column name="protocol" length="50" />
-              <column name="identifier" length="100" />
-              <column name="guid" length="36"/>
-        </many-to-one>
-        
-        <many-to-one 
-            name="permissionReference" 
-            class="org.alfresco.repo.security.permissions.impl.hibernate.PermissionReferenceImpl" 
-            lazy="no-proxy" fetch="select" optimistic-lock="true" not-null="false">
-            <column name="typeUri" length="100" />
-            <column name="typeName" length="100" />
-            <column name="name" length="100" />
-        </many-to-one>
-        
-        <many-to-one 
-            name="recipient" 
-            class="org.alfresco.repo.security.permissions.impl.hibernate.RecipientImpl" 
-            lazy="no-proxy" fetch="select" optimistic-lock="true" not-null="false">
-        </many-to-one>
-        
-        <property name="allowed" column="allowed" type="boolean" not-null="true" />
-        
-    </class>
-    
-    <class
-        name="org.alfresco.repo.security.permissions.impl.hibernate.PermissionReferenceImpl"
-        proxy="org.alfresco.repo.security.permissions.impl.hibernate.PermissionReference"
-        table="perm_ref"
-        dynamic-insert="false"
-        dynamic-update="false"
-        select-before-update="false"
-        lazy="true"
-        optimistic-lock="version" >
-        
-        <composite-id>
-            <key-property name="typeUri" type="string" length="100" column="type_uri"/>
-            <key-property name="typeName" type="string" length="100" column="type_name"/>
-            <key-property name="name" type="string" length="100" column="name"  />
-        </composite-id>
-    </class>
-    
-    <class
-        name="org.alfresco.repo.security.permissions.impl.hibernate.RecipientImpl"
-        proxy="org.alfresco.repo.security.permissions.impl.hibernate.Recipient"
-        table="recipient"
-        dynamic-insert="false"
-        dynamic-update="false"
-        select-before-update="false"
-        lazy="true"
-        optimistic-lock="version" >
-        
-        <composite-id>
-            <key-property name="recipient"
-            column="recipient" 
-            type="string" length="100"  />
-        </composite-id>
-        
-        <set name="externalKeys" lazy="true"
-            sort="unsorted"
-            fetch="select"
-            optimistic-lock="true" >
-            <key >
-               <column name="id" />
-            </key>
-            <element column="externalKey" length="100" not-null="true" type="string" />
-        </set>
-    </class>
-    
-    <query name="permission.GetPermissionsForRecipient">
-      select
-         permissionEntry
-      from
-         org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntryImpl as permissionEntry
-         join permissionEntry.recipient as recipient
-      where
-         recipient = :recipientKey 
-   </query>
-   
-   <query name="permission.patch.UpdatePermissionEntryTypeName" >
-      update
-         org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntryImpl as entry
-      set
-         typeName = :typeNameNew
-      where
-         typeName = :typeNameOld and
-         name in ('Coordinator', 'Contributor', 'Editor', 'Guest')
-   </query>
-
-   <query name="permission.patch.UpdatePermissionEntryType" >
-      update
-         org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntryImpl as entry
-      set
-         typeUri = :typeUriNew, 
-         typeName = :typeNameNew
-      where
-         typeUri = :typeUriOld and
-         typeName = :typeNameOld and
-         name in ( :names )
-   </query>
-
-   <query name="permission.patch.UpdatePermissionName" >
-      update
-         org.alfresco.repo.security.permissions.impl.hibernate.PermissionEntryImpl as entry
-      set
-         name = :nameNew
-      where
-         name = :nameOld
-   </query>
-    
-</hibernate-mapping>
\ No newline at end of file
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionEntry.java b/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionEntry.java
deleted file mode 100644
index 36d09f8ff1..0000000000
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionEntry.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (C) 2005 Alfresco, Inc.
- *
- * Licensed under the Mozilla Public License version 1.1 
- * with a permitted attribution clause. You may obtain a
- * copy of the License at
- *
- *   http://www.alfresco.org/legal/license.txt
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific
- * language governing permissions and limitations under the
- * License.
- */
-package org.alfresco.repo.security.permissions.impl.hibernate;
-
-/**
- * The interface against which permission entries are persisted
- * 
- * @author andyh
- */
-
-public interface PermissionEntry
-{
-    /**
-     * Get the identifier for this object.
-     * 
-     * @return
-     */
-    public long getId();
-    
-    /**
-     * Get the containing node permission entry.
-     * 
-     * @return
-     */
-    public NodePermissionEntry getNodePermissionEntry();
-    
-    /**
-     * Get the permission to which this entry applies.
-     * 
-     * @return
-     */
-    public PermissionReference getPermissionReference();
-    
-    /**
-     * Get the recipient to which this entry applies.
-     * 
-     * @return
-     */
-    public Recipient getRecipient();
-    
-    /**
-     * Is this permission allowed?
-     * @return
-     */
-    public boolean isAllowed();
-    
-    /**
-     * Set if this permission is allowed, otherwise it is denied.
-     * 
-     * @param allowed
-     */
-    public void setAllowed(boolean allowed);
-    
-    /**
-     * Delete this permission entry - allows for deleting of the bidirectional relationship to the node permission entry.
-     *
-     */
-    public void delete();
-}
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionEntryImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionEntryImpl.java
deleted file mode 100644
index 5ef6e1aaa7..0000000000
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionEntryImpl.java
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Copyright (C) 2005 Alfresco, Inc.
- *
- * Licensed under the Mozilla Public License version 1.1 
- * with a permitted attribution clause. You may obtain a
- * copy of the License at
- *
- *   http://www.alfresco.org/legal/license.txt
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific
- * language governing permissions and limitations under the
- * License.
- */
-package org.alfresco.repo.security.permissions.impl.hibernate;
-
-import org.alfresco.util.EqualsHelper;
-
-/**
- * Persisted permission entries
- * 
- * @author andyh
- */
-public class PermissionEntryImpl implements PermissionEntry
-{
-    /**
-     * The object id
-     */
-    private long id;
-    
-    /**
-     * The container of this permissions
-     */
-    private NodePermissionEntry nodePermissionEntry;
-
-    /**
-     * The permission to which this applies
-     * (non null - all is a special string)
-     */
-    private PermissionReference permissionReference;
-
-    /**
-     * The recipient to which this applies
-     * (non null - all is a special string)
-     */
-    private Recipient recipient;
-
-    /**
-     * Is this permission allowed?
-     */
-    private boolean allowed;
-
-    public PermissionEntryImpl()
-    {
-        super();
-    }
-    
-    public long getId()
-    {
-        return id;
-    }
-    
-    // Hibernate
-    
-    /* package */ void setId(long id)
-    {
-        this.id = id;
-    }
-
-    public NodePermissionEntry getNodePermissionEntry()
-    {
-        return nodePermissionEntry;
-    }
-
-    private void setNodePermissionEntry(NodePermissionEntry nodePermissionEntry)
-    {
-        this.nodePermissionEntry = nodePermissionEntry;
-    }
-
-    public PermissionReference getPermissionReference()
-    {
-        return permissionReference;
-    }
-
-    private void setPermissionReference(PermissionReference permissionReference)
-    {
-        this.permissionReference = permissionReference;
-    }
-
-    public Recipient getRecipient()
-    {
-        return recipient;
-    }
-
-    private void setRecipient(Recipient recipient)
-    {
-        this.recipient = recipient;
-    }
-
-    public boolean isAllowed()
-    {
-        return allowed;
-    }
-
-    public void setAllowed(boolean allowed)
-    {
-        this.allowed = allowed;
-    }
-
-
-    /**
-     * Factory method to create an entry and wire it in to the contained nodePermissionEntry
-     * 
-     * @param nodePermissionEntry
-     * @param permissionReference
-     * @param recipient
-     * @param allowed
-     * @return
-     */
-    public static PermissionEntryImpl create(NodePermissionEntry nodePermissionEntry, PermissionReference permissionReference, Recipient recipient, boolean allowed)
-    {
-        PermissionEntryImpl permissionEntry = new PermissionEntryImpl();
-        permissionEntry.setNodePermissionEntry(nodePermissionEntry);
-        permissionEntry.setPermissionReference(permissionReference);
-        permissionEntry.setRecipient(recipient);
-        permissionEntry.setAllowed(allowed);
-        nodePermissionEntry.getPermissionEntries().add(permissionEntry);
-        return permissionEntry;
-    }
-
-    /**
-     * Unwire 
-     */
-    public void delete()
-    {
-        nodePermissionEntry.getPermissionEntries().remove(this);
-    }
-    
-    //
-    // Hibernate object pattern
-    //
-
-    @Override
-    public boolean equals(Object o)
-    {
-        if (this == o)
-        {
-            return true;
-        }
-        if (!(o instanceof PermissionEntryImpl))
-        {
-            return false;
-        }
-        PermissionEntryImpl other = (PermissionEntryImpl) o;
-        return EqualsHelper.nullSafeEquals(this.nodePermissionEntry,
-                other.nodePermissionEntry)
-                && EqualsHelper.nullSafeEquals(this.permissionReference,
-                        other.permissionReference)
-                && EqualsHelper.nullSafeEquals(this.recipient, other.recipient)
-                && (this.allowed == other.allowed);
-    }
-
-    @Override
-    public int hashCode()
-    {
-        int hashCode = nodePermissionEntry.hashCode();
-        if (permissionReference != null)
-        {
-            hashCode = hashCode * 37 + permissionReference.hashCode();
-        }
-        if (recipient != null)
-        {
-            hashCode = hashCode * 37 + recipient.hashCode();
-        }
-        hashCode = hashCode * 37 + (allowed ? 1 : 0);
-        return hashCode;
-    }
-
-}
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionReference.java b/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionReference.java
deleted file mode 100644
index aa25962e36..0000000000
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionReference.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (C) 2005 Alfresco, Inc.
- *
- * Licensed under the Mozilla Public License version 1.1 
- * with a permitted attribution clause. You may obtain a
- * copy of the License at
- *
- *   http://www.alfresco.org/legal/license.txt
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific
- * language governing permissions and limitations under the
- * License.
- */
-package org.alfresco.repo.security.permissions.impl.hibernate;
-
-import java.io.Serializable;
-
-/**
- * The interface against which permission references are persisted in hibernate.
- * 
- * @author andyh
- */
-public interface PermissionReference extends Serializable
-{
-   /**
-    * Get the URI for the type to which this permission applies.
-    * 
-    * @return
-    */ 
-    public String getTypeUri();
-    
-    /**
-     * Set the URI for the type to which this permission applies.
-     * 
-     * @param typeUri
-     */
-    public void setTypeUri(String typeUri);
-    
-    /**
-     * Get the local name of the type to which this permission applies.
-     * 
-     * @return
-     */
-    public String getTypeName();
-    
-    /**
-     * Set the local name of the type to which this permission applies.
-     * 
-     * @param typeName
-     */
-    public void setTypeName(String typeName);
-    
-    /**
-     * Get the name of the permission.
-     * 
-     * @return
-     */
-    public String getName();
-    
-    /**
-     * Set the name of the permission.
-     * 
-     * @param name
-     */
-    public void setName(String name);
-}
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionReferenceImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionReferenceImpl.java
deleted file mode 100644
index 1346cb638c..0000000000
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/PermissionReferenceImpl.java
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (C) 2005 Alfresco, Inc.
- *
- * Licensed under the Mozilla Public License version 1.1 
- * with a permitted attribution clause. You may obtain a
- * copy of the License at
- *
- *   http://www.alfresco.org/legal/license.txt
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific
- * language governing permissions and limitations under the
- * License.
- */
-package org.alfresco.repo.security.permissions.impl.hibernate;
-
-
-/**
- * The persisted class for permission references.
- * 
- * @author andyh
- */
-public class PermissionReferenceImpl implements PermissionReference
-{   
-    /**
-     * Comment for <code>serialVersionUID</code>
-     */
-    private static final long serialVersionUID = -6352566900815035461L;
-
-    private String typeUri;
-    
-    private String typeName;
-    
-    private String name;
-
-    public PermissionReferenceImpl()
-    {
-        super();
-    }
-    
-    @Override
-    public String toString()
-    {
-        StringBuilder sb = new StringBuilder(128);
-        sb.append("PermissionReferenceImpl")
-          .append("[ typeUri=").append(getTypeUri())
-          .append(", typeName=").append(getTypeName())
-          .append(", name=").append(getName())
-          .append("]");
-        return sb.toString();
-    }
-    
-    public String getTypeUri()
-    {
-        return typeUri;
-    }
-
-    public void setTypeUri(String typeUri)
-    {
-       this.typeUri = typeUri;
-    }
-    
-    public String getTypeName()
-    {
-        return typeName;
-    }
-
-    public void setTypeName(String typeName)
-    {
-       this.typeName = typeName;
-    }
-
-    public String getName()
-    {
-        return name;
-    }
-
-    public void setName(String name)
-    {
-        this.name = name;
-    }
-
-    // Hibernate pattern
-    
-    @Override
-    public boolean equals(Object o)
-    {
-        if(this == o)
-        {
-            return true;
-        }
-        if(!(o instanceof PermissionReference))
-        {
-            return false;
-        }
-        PermissionReference other = (PermissionReference)o;
-        return this.getTypeUri().equals(other.getTypeUri()) && this.getTypeName().equals(other.getTypeName()) && this.getName().equals(other.getName()); 
-    }
-
-    @Override
-    public int hashCode()
-    {
-        return ((typeUri.hashCode() * 37) + typeName.hashCode() ) * 37 + name.hashCode();
-    }
-    
-    
-
-}
diff --git a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/RecipientImpl.java b/source/java/org/alfresco/repo/security/permissions/impl/hibernate/RecipientImpl.java
deleted file mode 100644
index 8d12b6f396..0000000000
--- a/source/java/org/alfresco/repo/security/permissions/impl/hibernate/RecipientImpl.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Copyright (C) 2005 Alfresco, Inc.
- *
- * Licensed under the Mozilla Public License version 1.1 
- * with a permitted attribution clause. You may obtain a
- * copy of the License at
- *
- *   http://www.alfresco.org/legal/license.txt
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific
- * language governing permissions and limitations under the
- * License.
- */
-package org.alfresco.repo.security.permissions.impl.hibernate;
-
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * The persisted class for recipients.
- * 
- * @author andyh
- */
-public class RecipientImpl implements Recipient
-{
-    /**
-     * Comment for <code>serialVersionUID</code>
-     */
-    private static final long serialVersionUID = -5582068692208928127L;
-
-    private String recipient;
-    
-    private Set<String> externalKeys = new HashSet<String>();
-
-    public RecipientImpl()
-    {
-        super();
-    }
-    
-    public String getRecipient()
-    {
-        return recipient;
-    }
-
-    public void setRecipient(String recipient)
-    {
-       this.recipient = recipient;
-    }
-
-    public Set<String> getExternalKeys()
-    {
-        return externalKeys;
-    }
-
-    // Hibernate
-    /* package */ void setExternalKeys(Set<String> externalKeys)
-    {
-        this.externalKeys = externalKeys;
-    }
-    
-    // Hibernate pattern
-    
-    @Override
-    public boolean equals(Object o)
-    {
-        if(this == o)
-        {
-            return true;
-        }
-        if(!(o instanceof Recipient))
-        {
-            return false;
-        }
-        Recipient other = (Recipient)o;
-        return this.getRecipient().equals(other.getRecipient());
-    }
-
-    @Override
-    public int hashCode()
-    {
-        return getRecipient().hashCode();
-    }
-    
-    
-}
diff --git a/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java b/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java
index c81e0c6d45..f9f933ef98 100644
--- a/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java
+++ b/source/java/org/alfresco/repo/security/permissions/noop/PermissionServiceNOOPImpl.java
@@ -113,7 +113,7 @@ public class PermissionServiceNOOPImpl
     /* (non-Javadoc)
      * @see org.alfresco.repo.security.permissions.PermissionService#deletePermission(org.alfresco.service.cmr.repository.NodeRef, java.lang.String, org.alfresco.repo.security.permissions.PermissionReference, boolean)
      */
-    public void deletePermission(NodeRef nodeRef, String authority, String perm, boolean allow)
+    public void deletePermission(NodeRef nodeRef, String authority, String perm)
     {
     }
 
diff --git a/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java b/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java
index 2f2d414ce8..6b0b59a222 100644
--- a/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java
+++ b/source/java/org/alfresco/repo/version/BaseVersionStoreTest.java
@@ -28,7 +28,7 @@ import org.alfresco.repo.dictionary.DictionaryDAO;
 import org.alfresco.repo.dictionary.M2Model;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
 import org.alfresco.repo.security.authentication.MutableAuthenticationDao;
-import org.alfresco.repo.version.common.counter.VersionCounterDaoService;
+import org.alfresco.repo.version.common.counter.VersionCounterService;
 import org.alfresco.repo.version.common.versionlabel.SerialVersionLabelPolicy;
 import org.alfresco.service.cmr.repository.ContentData;
 import org.alfresco.service.cmr.repository.ContentService;
@@ -51,7 +51,7 @@ public abstract class BaseVersionStoreTest extends BaseSpringTest
      */
 	protected NodeService dbNodeService;
     protected VersionService versionService;
-    protected VersionCounterDaoService versionCounterDaoService;
+    protected VersionCounterService versionCounterDaoService;
     protected ContentService contentService;
 	protected DictionaryDAO dictionaryDAO;
     protected AuthenticationService authenticationService;
@@ -133,7 +133,7 @@ public abstract class BaseVersionStoreTest extends BaseSpringTest
         // Get the services by name from the application context
         this.dbNodeService = (NodeService)applicationContext.getBean("dbNodeService");
         this.versionService = (VersionService)applicationContext.getBean("versionService");
-        this.versionCounterDaoService = (VersionCounterDaoService)applicationContext.getBean("versionCounterDaoService");
+        this.versionCounterDaoService = (VersionCounterService)applicationContext.getBean("versionCounterDaoService");
         this.contentService = (ContentService)applicationContext.getBean("contentService");
         this.authenticationService = (AuthenticationService)applicationContext.getBean("authenticationService");
         this.authenticationComponent = (AuthenticationComponent)applicationContext.getBean("authenticationComponent");
diff --git a/source/java/org/alfresco/repo/version/VersionServiceImpl.java b/source/java/org/alfresco/repo/version/VersionServiceImpl.java
index ec788fc89c..388b9068c0 100644
--- a/source/java/org/alfresco/repo/version/VersionServiceImpl.java
+++ b/source/java/org/alfresco/repo/version/VersionServiceImpl.java
@@ -33,7 +33,7 @@ import org.alfresco.repo.version.common.AbstractVersionServiceImpl;
 import org.alfresco.repo.version.common.VersionHistoryImpl;
 import org.alfresco.repo.version.common.VersionImpl;
 import org.alfresco.repo.version.common.VersionUtil;
-import org.alfresco.repo.version.common.counter.VersionCounterDaoService;
+import org.alfresco.repo.version.common.counter.VersionCounterService;
 import org.alfresco.repo.version.common.versionlabel.SerialVersionLabelPolicy;
 import org.alfresco.service.cmr.repository.AspectMissingException;
 import org.alfresco.service.cmr.repository.AssociationRef;
@@ -73,7 +73,7 @@ public class VersionServiceImpl extends AbstractVersionServiceImpl
     /**
      * The version counter service
      */
-    private VersionCounterDaoService versionCounterService ;
+    private VersionCounterService versionCounterService;
     
     /**
      * The db node service, used as the version store implementation
@@ -91,11 +91,6 @@ public class VersionServiceImpl extends AbstractVersionServiceImpl
     @SuppressWarnings("unused")
     private SearchService searcher;       	
     
-    /**
-     * The version cache
-     */
-    private HashMap<NodeRef, Version> versionCache = new HashMap<NodeRef, Version>(100);
-    
     /**
      * Sets the db node service, used as the version store implementation
      * 
@@ -107,8 +102,6 @@ public class VersionServiceImpl extends AbstractVersionServiceImpl
     }
 
     /**
-     * Sets the searcher
-     * 
      * @param searcher  the searcher
      */
     public void setSearcher(SearchService searcher)
@@ -117,11 +110,9 @@ public class VersionServiceImpl extends AbstractVersionServiceImpl
     }
 	
     /**
-     * Sets the version counter service
-     * 
      * @param versionCounterService  the version counter service
      */
-    public void setVersionCounterDaoService(VersionCounterDaoService versionCounterService)
+    public void setVersionCounterService(VersionCounterService versionCounterService)
     {
         this.versionCounterService = versionCounterService;
     }    
@@ -164,7 +155,7 @@ public class VersionServiceImpl extends AbstractVersionServiceImpl
     }
 	
     /**
-     * @see VersionCounterDaoService#nextVersionNumber(StoreRef)
+     * @see VersionCounterService#nextVersionNumber(StoreRef)
      */
     public Version createVersion(
             NodeRef nodeRef, 
@@ -727,45 +718,37 @@ public class VersionServiceImpl extends AbstractVersionServiceImpl
      */
     private Version getVersion(NodeRef versionRef)
     {
-        Version result = null;
-		
-		if (versionRef != null)
-		{
-            // check to see if this version is already in the cache
-            result = this.versionCache.get(versionRef);
-            
-            if (result == null)
-            {
-    	        Map<String, Serializable> versionProperties = new HashMap<String, Serializable>();
-    	        
-    	        // Get the standard node details
-    	        Map<QName, Serializable> nodeProperties = this.dbNodeService.getProperties(versionRef);
-    	        for (QName key : nodeProperties.keySet())
-    	        {                 
-	                Serializable value = nodeProperties.get(key);
-	                versionProperties.put(key.getLocalName(), value);
-    	        }
-                
-                // Get the meta data
-                List<ChildAssociationRef> metaData = 
-                    this.dbNodeService.getChildAssocs(versionRef, RegexQNamePattern.MATCH_ALL, CHILD_QNAME_VERSION_META_DATA);
-                for (ChildAssociationRef ref : metaData)
-                {
-                    NodeRef metaDataValue = (NodeRef)ref.getChildRef();
-                    String name = (String)this.dbNodeService.getProperty(metaDataValue, PROP_QNAME_META_DATA_NAME);
-                    Serializable value = this.dbNodeService.getProperty(metaDataValue, PROP_QNAME_META_DATA_VALUE);
-                    versionProperties.put(name, value);
-                }
-    	        
-    	        // Create and return the version object
-                NodeRef newNodeRef = new NodeRef(new StoreRef(STORE_PROTOCOL, STORE_ID), versionRef.getId());
-    	        result = new VersionImpl(versionProperties, newNodeRef);
-                
-                // Add the version to the cache
-                this.versionCache.put(versionRef, result);
-            }
-		}
-		
+        if (versionRef == null)
+        {
+            return null;
+        }
+        Map<String, Serializable> versionProperties = new HashMap<String, Serializable>();
+        
+        // Get the standard node details
+        Map<QName, Serializable> nodeProperties = this.dbNodeService.getProperties(versionRef);
+        for (QName key : nodeProperties.keySet())
+        {                 
+            Serializable value = nodeProperties.get(key);
+            versionProperties.put(key.getLocalName(), value);
+        }
+        
+        // Get the meta data
+        List<ChildAssociationRef> metaData = this.dbNodeService.getChildAssocs(
+                versionRef,
+                RegexQNamePattern.MATCH_ALL,
+                CHILD_QNAME_VERSION_META_DATA);
+        for (ChildAssociationRef ref : metaData)
+        {
+            NodeRef metaDataValue = (NodeRef)ref.getChildRef();
+            String name = (String)this.dbNodeService.getProperty(metaDataValue, PROP_QNAME_META_DATA_NAME);
+            Serializable value = this.dbNodeService.getProperty(metaDataValue, PROP_QNAME_META_DATA_VALUE);
+            versionProperties.put(name, value);
+        }
+        
+        // Create and return the version object
+        NodeRef newNodeRef = new NodeRef(new StoreRef(STORE_PROTOCOL, STORE_ID), versionRef.getId());
+        Version result = new VersionImpl(versionProperties, newNodeRef);
+		// done
 		return result;
     }
     
diff --git a/source/java/org/alfresco/repo/version/VersionTestSuite.java b/source/java/org/alfresco/repo/version/VersionTestSuite.java
index dda2207120..aaf2ff78cc 100644
--- a/source/java/org/alfresco/repo/version/VersionTestSuite.java
+++ b/source/java/org/alfresco/repo/version/VersionTestSuite.java
@@ -21,7 +21,7 @@ import junit.framework.TestSuite;
 
 import org.alfresco.repo.version.common.VersionHistoryImplTest;
 import org.alfresco.repo.version.common.VersionImplTest;
-import org.alfresco.repo.version.common.counter.VersionCounterDaoServiceTest;
+import org.alfresco.repo.version.common.counter.VersionCounterServiceTest;
 import org.alfresco.repo.version.common.versionlabel.SerialVersionLabelPolicyTest;
 
 /**
@@ -42,7 +42,7 @@ public class VersionTestSuite extends TestSuite
         suite.addTestSuite(VersionImplTest.class);
         suite.addTestSuite(VersionHistoryImplTest.class);
         suite.addTestSuite(SerialVersionLabelPolicyTest.class);
-        suite.addTestSuite(VersionCounterDaoServiceTest.class);
+        suite.addTestSuite(VersionCounterServiceTest.class);
         suite.addTestSuite(VersionServiceImplTest.class);
         suite.addTestSuite(NodeServiceImplTest.class);
         suite.addTestSuite(ContentServiceImplTest.class);
diff --git a/source/java/org/alfresco/repo/version/common/counter/VersionCounterDaoService.java b/source/java/org/alfresco/repo/version/common/counter/VersionCounterService.java
similarity index 92%
rename from source/java/org/alfresco/repo/version/common/counter/VersionCounterDaoService.java
rename to source/java/org/alfresco/repo/version/common/counter/VersionCounterService.java
index 68cf1027e1..fa41e2e373 100644
--- a/source/java/org/alfresco/repo/version/common/counter/VersionCounterDaoService.java
+++ b/source/java/org/alfresco/repo/version/common/counter/VersionCounterService.java
@@ -20,11 +20,11 @@ import org.alfresco.service.cmr.repository.StoreRef;
 import org.alfresco.service.namespace.QName;
 
 /**
- * Version counter DAO service interface.
+ * Version counter service interface.
  * 
  * @author Roy Wetherall
  */
-public interface VersionCounterDaoService
+public interface VersionCounterService
 {
     /**
      * Helper method for simple patching
diff --git a/source/java/org/alfresco/repo/version/common/counter/VersionCounterDaoServiceTest.java b/source/java/org/alfresco/repo/version/common/counter/VersionCounterServiceTest.java
similarity index 94%
rename from source/java/org/alfresco/repo/version/common/counter/VersionCounterDaoServiceTest.java
rename to source/java/org/alfresco/repo/version/common/counter/VersionCounterServiceTest.java
index f9ba06151c..c4ada34f2f 100644
--- a/source/java/org/alfresco/repo/version/common/counter/VersionCounterDaoServiceTest.java
+++ b/source/java/org/alfresco/repo/version/common/counter/VersionCounterServiceTest.java
@@ -35,7 +35,7 @@ import org.springframework.context.ApplicationContext;
 /**
  * @author Roy Wetherall
  */
-public class VersionCounterDaoServiceTest extends TestCase
+public class VersionCounterServiceTest extends TestCase
 {
     private static ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
     
@@ -44,7 +44,7 @@ public class VersionCounterDaoServiceTest extends TestCase
 
     private TransactionService transactionService;
     private NodeService nodeService;
-    private VersionCounterDaoService counter;
+    private VersionCounterService counter;
     
     @Override
     public void setUp() throws Exception
@@ -52,7 +52,7 @@ public class VersionCounterDaoServiceTest extends TestCase
         ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean("ServiceRegistry");
         transactionService = serviceRegistry.getTransactionService();
         nodeService = serviceRegistry.getNodeService();
-        counter = (VersionCounterDaoService) ctx.getBean("versionCounterDaoService");
+        counter = (VersionCounterService) ctx.getBean("versionCounterService");
         
         storeRef1 = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "test1_" + System.currentTimeMillis());
         storeRef2 = nodeService.createStore(StoreRef.PROTOCOL_WORKSPACE, "test2_" + System.currentTimeMillis());
diff --git a/source/java/org/alfresco/service/cmr/security/PermissionService.java b/source/java/org/alfresco/service/cmr/security/PermissionService.java
index 9ae6de5a49..f0a02441e0 100644
--- a/source/java/org/alfresco/service/cmr/security/PermissionService.java
+++ b/source/java/org/alfresco/service/cmr/security/PermissionService.java
@@ -197,14 +197,13 @@ public interface PermissionService
     public void clearPermission(NodeRef nodeRef, String authority);
     
     /**
-     * Find and delete a permission by node, authentication and permission
-     * definition.
+     * Find and delete a access control entry by node, authentication and permission.
      * 
-     * @param nodeRef
-     * @param authority
-     * @param perm
+     * @param nodeRef the node that the entry applies to
+     * @param authority the authority recipient
+     * @param permission the entry permission
      */
-    public void deletePermission(NodeRef nodeRef, String authority, String perm, boolean allow);
+    public void deletePermission(NodeRef nodeRef, String authority, String permission);
 
     /**
      * Set a specific permission on a node.