diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-record-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-record-context.xml
index 235489f4ec..33bd799ba9 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-record-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/capability/rm-capabilities-record-context.xml
@@ -10,6 +10,23 @@
       <property name="group"><ref bean="recordsGroup"/></property>
       <property name="index" value="30" />
    </bean>
+   
+   <bean id="rmCreateRecordsCapability"
+      parent="declarativeCapability">
+      <property name="name" value="CreateRecords"/>
+      <property name="group"><ref bean="recordsGroup"/></property>
+      <property name="index" value="35" />
+      <property name="permission" value="CreateRecords"/>
+      <property name="conditions">
+         <map>
+            <entry key="capabilityCondition.filling" value="true"/>
+            <entry key="capabilityCondition.frozen" value="false"/>
+            <entry key="capabilityCondition.cutoff" value="false"/>
+            <entry key="capabilityCondition.closed" value="false"/>
+            <entry key="capabilityCondition.declared" value="false"/>
+         </map>
+      </property>
+   </bean>
 
    <bean id="rmUndeclareRecordsCapability"
       parent="declarativeCapability">
@@ -54,27 +71,12 @@
       <property name="index" value="20" />
    </bean>
 
-   <bean id="rmFileCapability"
-      parent="declarativeCapability">
-      <property name="name" value="File"/>
-      <property name="private" value="true"/>
-      <property name="conditions">
-         <map>
-            <entry key="capabilityCondition.filling" value="true"/>
-            <entry key="capabilityCondition.frozen" value="false"/>
-            <entry key="capabilityCondition.cutoff" value="false"/>
-            <entry key="capabilityCondition.closed" value="false"/>
-            <entry key="capabilityCondition.declared" value="false"/>
-         </map>
-      </property>
-   </bean>
-
    <bean id="rmFileRecordsCapability"
       parent="compositeCapability">
       <property name="name" value="FileRecords" />
       <property name="capabilities">
          <list>
-            <ref bean="rmFileCapability"/>
+            <ref bean="rmCreateRecordsCapability"/>
             <ref bean="rmCreateModifyRecordsInCuttoffFoldersCapability"/>
          </list>
       </property>
@@ -253,5 +255,20 @@
          </map>
       </property>
    </bean>
+   
+   <bean id="rmHideRecordsCapability" 
+      parent="declarativeCapability">
+      <property name="name" value="HideRecords"/>	  
+      <property name="private" value="true" />
+      <property name="conditions">
+         <map>
+            <entry key="capabilityCondition.filling" value="true"/>
+            <entry key="capabilityCondition.frozen" value="false"/>
+            <entry key="capabilityCondition.cutoff" value="false"/>
+            <entry key="capabilityCondition.closed" value="false"/>
+            <entry key="capabilityCondition.declared" value="false"/>
+         </map>
+      </property>
+   </bean>
 
 </beans>
\ No newline at end of file
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties
index e70df7ade0..e95382a867 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/messages/capability-service.properties
@@ -3,6 +3,7 @@ capability.group.records.title=Records
 capability.DeclareRecords.title=Declare Records
 capability.ViewRecords.title=View Records
 capability.UndeclareRecords.title=Undeclare Records
+capability.CreateRecords.title=Create Records
 
 # Metadata Control
 capability.group.metadataControl.title=Metadata Control
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/model/recordsPermissionModel.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/model/recordsPermissionModel.xml
index e6f1383dce..9b48652471 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/model/recordsPermissionModel.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/model/recordsPermissionModel.xml
@@ -13,102 +13,6 @@
     </namespaces>
     
     <permissionSet expose="selected" type="rma:filePlanComponent">
-        <permissionGroup name="User" allowFullControl="false" expose="true">
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ViewRecords"/>
-        </permissionGroup>
-        
-        <permissionGroup name="PowerUser" allowFullControl="false" expose="true">
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ViewRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditNonRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AddModifyEventDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CloseFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecordsInClosedFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ReOpenFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CycleVitalRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="PlanningReviewCycles"/>
-        </permissionGroup>
-        
-        <permissionGroup name="SecurityOfficer" allowFullControl="false" expose="true">
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ViewRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditNonRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AddModifyEventDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CloseFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecordsInClosedFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ReOpenFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CycleVitalRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="PlanningReviewCycles"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateClassificationDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyClassificationGuides"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpgradeDowngradeAndDeclassifyRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateExemptionCategories"/>
-        </permissionGroup>
-        
-        <permissionGroup name="RecordsManager" allowFullControl="false" expose="true">
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ViewRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditNonRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AddModifyEventDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CloseFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareRecordsInClosedFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ReOpenFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CycleVitalRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="PlanningReviewCycles"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateTriggerDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyEvents"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ManageAccessRights"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="MoveRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ChangeOrDeleteReferences"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeleteLinks"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditDeclaredRecordMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ManuallyChangeDispositionDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ApproveRecordsScheduledForCutoff"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyRecordsInCutoffFolders"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ExtendRetentionPeriodOrFreeze"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="Unfreeze"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ViewUpdateReasonsForFreeze"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DestroyRecordsScheduledForDestruction"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DestroyRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateVitalRecordCycleInformation"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UndeclareRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeclareAuditAsRecord"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeleteAudit"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyTimeframes"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AuthorizeNominatedTransfers"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EditSelectionLists"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AuthorizeAllTransfers"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyFileplanMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateAndAssociateSelectionLists"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AttachRulesToMetadataProperties"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyFileplanTypes"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyRecordTypes"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="MakeOptionalParametersMandatory"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="MapEmailMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DeleteRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="TriggerAnEvent"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyRoles"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyUsersAndGroups"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="PasswordControl"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="EnableDisableAuditByTypes"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="SelectAuditMetadata"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="DisplayRightsReport"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="AccessAudit"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ExportAudit"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyReferenceTypes"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateClassificationDates"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateModifyDestroyClassificationGuides"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpgradeDowngradeAndDeclassifyRecords"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="UpdateExemptionCategories"/>
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="MapClassificationGuideMetadata"/>
-        </permissionGroup>
         
         <!-- An RM administrator does not have admin rights to the full DM repo -->
         <!-- On no account should allowFullControl="true" be set here -->
@@ -174,7 +78,9 @@
             <includePermissionGroup type="rma:filePlanComponent" permissionGroup="MapClassificationGuideMetadata"/>
             <includePermissionGroup type="rma:filePlanComponent" permissionGroup="ManageAccessControls"/>
             <!-- Administrator has filing rights to all records - no other role does -->
-            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="Filing"/>
+            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="Filing"/>            
+            <!--  Since V2.1 -->
+            <includePermissionGroup type="rma:filePlanComponent" permissionGroup="CreateRecords"/>
         </permissionGroup>
         
         <permissionGroup name="Filing" allowFullControl="false" expose="true">
@@ -245,6 +151,12 @@
         <permissionGroup name="MapClassificationGuideMetadata" expose="false" allowFullControl="false"/>
         <permissionGroup name="ManageAccessControls" expose="false" allowFullControl="false"/>
         
+        <!--  Added since V2.1 -->
+        
+        <permissionGroup name="CreateRecords" expose="false" allowFullControl="false"/>
+        
+        <!--  End -->
+        
         <permission name="_ReadRecords" expose="false">
             <grantedToGroup permissionGroup="ReadRecords"/>
         </permission>
@@ -485,6 +397,12 @@
             <grantedToGroup permissionGroup="ManageAccessControls"/>
         </permission>
         
+        <!--  Added since V2.1 -->
+        
+        <permission name="_CreateRecords" expose="false">
+            <grantedToGroup permissionGroup="CreateRecords"/>
+        </permission>
+        
     </permissionSet>
     
 </permissions>
\ No newline at end of file
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
index 20a64262aa..6ce7b8eb58 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/rm-ui-evaluators-context.xml
@@ -694,7 +694,7 @@
             <value>RECORD</value>
          </set>
       </property>
-      <property name="capability" value="FileRecords" />
+      <property name="capability" value="HideRecords" />
    </bean>
 
 </beans>
diff --git a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json
index 65687c61d7..32d77a3f50 100644
--- a/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json
+++ b/rm-server/config/alfresco/module/org_alfresco_module_rm/security/rm-default-roles-bootstrap.json
@@ -17,6 +17,7 @@
       [
          "DeclareRecords",
          "ViewRecords",
+          "CreateRecords",
          "CreateModifyDestroyFolders",
          "EditRecordMetadata",
          "EditNonRecordMetadata",
@@ -36,6 +37,7 @@
       [
           "DeclareRecords",
           "ViewRecords",
+          "CreateRecords",
           "CreateModifyDestroyFolders",
           "EditRecordMetadata",
           "EditNonRecordMetadata",
@@ -58,7 +60,8 @@
       "capabilities" :
       [
           "DeclareRecords",
-          "ViewRecords",
+          "ViewRecords",          
+          "CreateRecords",
           "CreateModifyDestroyFolders",
           "EditRecordMetadata",
           "EditNonRecordMetadata",
@@ -125,6 +128,7 @@
       [
           "DeclareRecords",
           "ViewRecords",
+          "CreateRecords",
           "CreateModifyDestroyFolders",
           "EditRecordMetadata",
           "EditNonRecordMetadata",
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
index 317fd866cc..01a251f7ec 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/AbstractCapability.java
@@ -63,12 +63,6 @@ public abstract class AbstractCapability extends RMSecurityCommon
     /** Indicates whether this is a private capability or not */
     protected boolean isPrivate = false;
 
-    /** List of actions */
-//    protected List<RecordsManagementAction> actions = new ArrayList<RecordsManagementAction>(1);
-
-    /** Action names */
-//    protected List<String> actionNames = new ArrayList<String>(1);
-
     /**
      * @param voter     RM entry voter
      */
@@ -128,6 +122,11 @@ public abstract class AbstractCapability extends RMSecurityCommon
         if (StringUtils.isBlank(title))
         {
             title = I18NUtil.getMessage("capability." + getName() + ".title");
+            if (StringUtils.isBlank(title) == true)
+            {
+                title = getName();
+            }
+                    
         }
         return title;
     }
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java
index 5dafa88c16..3b2c329dfa 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMPermissionModel.java
@@ -39,18 +39,18 @@ public interface RMPermissionModel
     // Roles
 
     public static final String ROLE_NAME_USER = "User";
-    public static final String ROLE_USER = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_USER).toString();
+    //public static final String ROLE_USER = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_USER).toString();
 
     public static final String ROLE_NAME_POWER_USER = "PowerUser";
-    public static final String ROLE_POWER_USER = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_POWER_USER).toString();
+   // public static final String ROLE_POWER_USER = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_POWER_USER).toString();
 
     public static final String ROLE_NAME_SECURITY_OFFICER = "SecurityOfficer";
-    public static final String ROLE_SECURITY_OFFICER = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_SECURITY_OFFICER)
-            .toString();
+   // public static final String ROLE_SECURITY_OFFICER = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_SECURITY_OFFICER)
+    //        .toString();
 
     public static final String ROLE_NAME_RECORDS_MANAGER = "RecordsManager";
-    public static final String ROLE_RECORDS_MANAGER = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_RECORDS_MANAGER)
-            .toString();
+  //  public static final String ROLE_RECORDS_MANAGER = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_RECORDS_MANAGER)
+   //         .toString();
 
     public static final String ROLE_NAME_ADMINISTRATOR = "Administrator";
     public static final String ROLE_ADMINISTRATOR = SimplePermissionReference.getPermissionReference(RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, ROLE_NAME_ADMINISTRATOR).toString();
diff --git a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
index 5f793a7566..0336be3606 100644
--- a/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
+++ b/rm-server/source/java/org/alfresco/module/org_alfresco_module_rm/role/FilePlanRoleServiceImpl.java
@@ -591,6 +591,9 @@ public class FilePlanRoleServiceImpl implements FilePlanRoleService,
                 String allRoleGroup = authorityService.getName(AuthorityType.GROUP, getAllRolesGroupShortName(rmRootNode));
                 authorityService.addAuthority(allRoleGroup, roleGroup);
 
+                // TODO .. we should be creating a permission set containing all the capabilities and then assigning that
+                //         single permission group to the file plan .. would be tidier
+                
                 // Assign the various capabilities to the group on the root records management node
                 if (capabilities != null)
                 {
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
index 897c31a339..ff38a61ee1 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/capabilities/CapabilitiesTest.java
@@ -87,201 +87,6 @@ public class CapabilitiesTest extends BaseRMTestCase implements
         assertEquals(accessStatus, access.get(capability));
     }
 
-    /**
-     * Check the RM permission model
-     */
-    public void testPermissionsModel()
-    {
-        retryingTransactionHelper.doInTransaction(
-                new RetryingTransactionCallback<Object>()
-                {
-                    @Override
-                    public Object execute() throws Throwable
-                    {
-                        // As system user
-                        AuthenticationUtil
-                                .setFullyAuthenticatedUser(AuthenticationUtil
-                                        .getSystemUserName());
-
-                        Set<PermissionReference> exposed = permissionModel
-                                .getExposedPermissions(ASPECT_FILE_PLAN_COMPONENT);
-                        assertEquals(6, exposed.size());
-                        assertTrue(exposed.contains(permissionModel
-                                .getPermissionReference(
-                                        ASPECT_FILE_PLAN_COMPONENT,
-                                        ROLE_ADMINISTRATOR)));
-
-                        // Check all the permission are there
-                        Set<PermissionReference> all = permissionModel
-                                .getAllPermissions(ASPECT_FILE_PLAN_COMPONENT);
-                        assertEquals(58 /* capbilities */* 2 + 5 /* roles */
-                                + (2 /* Read+File */* 2) + 1 /* Filing */, all
-                                .size());
-
-                        /*
-                         * Check the granting for each permission. It is assumed
-                         * that the ROLE_ADMINISTRATOR always has grant
-                         * permission so is automatically checked.
-                         */
-                        checkGranting(ACCESS_AUDIT, ROLE_RECORDS_MANAGER);
-                        checkGranting(ADD_MODIFY_EVENT_DATES,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER,
-                                ROLE_POWER_USER);
-                        checkGranting(APPROVE_RECORDS_SCHEDULED_FOR_CUTOFF,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(ATTACH_RULES_TO_METADATA_PROPERTIES,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(AUTHORIZE_ALL_TRANSFERS,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(AUTHORIZE_NOMINATED_TRANSFERS,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CHANGE_OR_DELETE_REFERENCES,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CLOSE_FOLDERS, ROLE_RECORDS_MANAGER,
-                                ROLE_SECURITY_OFFICER, ROLE_POWER_USER);
-                        checkGranting(CREATE_AND_ASSOCIATE_SELECTION_LISTS,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(
-                                CREATE_MODIFY_DESTROY_CLASSIFICATION_GUIDES,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER);
-                        checkGranting(CREATE_MODIFY_DESTROY_EVENTS,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CREATE_MODIFY_DESTROY_FILEPLAN_METADATA,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CREATE_MODIFY_DESTROY_FILEPLAN_TYPES,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CREATE_MODIFY_DESTROY_FOLDERS,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER,
-                                ROLE_POWER_USER);
-                        checkGranting(CREATE_MODIFY_DESTROY_RECORD_TYPES,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CREATE_MODIFY_DESTROY_REFERENCE_TYPES,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CREATE_MODIFY_DESTROY_ROLES,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CREATE_MODIFY_DESTROY_TIMEFRAMES,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CREATE_MODIFY_DESTROY_USERS_AND_GROUPS,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CREATE_MODIFY_RECORDS_IN_CUTOFF_FOLDERS,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(CYCLE_VITAL_RECORDS,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER,
-                                ROLE_POWER_USER);
-                        checkGranting(DECLARE_AUDIT_AS_RECORD,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(DECLARE_RECORDS, ROLE_RECORDS_MANAGER,
-                                ROLE_SECURITY_OFFICER, ROLE_POWER_USER,
-                                ROLE_USER);
-                        checkGranting(DECLARE_RECORDS_IN_CLOSED_FOLDERS,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER,
-                                ROLE_POWER_USER);
-                        checkGranting(DELETE_AUDIT, ROLE_RECORDS_MANAGER);
-                        checkGranting(DELETE_LINKS, ROLE_RECORDS_MANAGER);
-                        checkGranting(DELETE_RECORDS, ROLE_RECORDS_MANAGER);
-                        checkGranting(DESTROY_RECORDS, ROLE_RECORDS_MANAGER);
-                        checkGranting(
-                                DESTROY_RECORDS_SCHEDULED_FOR_DESTRUCTION,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(DISPLAY_RIGHTS_REPORT,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(EDIT_DECLARED_RECORD_METADATA,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(EDIT_NON_RECORD_METADATA,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER,
-                                ROLE_POWER_USER);
-                        checkGranting(EDIT_RECORD_METADATA,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER,
-                                ROLE_POWER_USER);
-                        checkGranting(EDIT_SELECTION_LISTS,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(ENABLE_DISABLE_AUDIT_BY_TYPES,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(EXPORT_AUDIT, ROLE_RECORDS_MANAGER);
-                        checkGranting(EXTEND_RETENTION_PERIOD_OR_FREEZE,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(MAKE_OPTIONAL_PARAMETERS_MANDATORY,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(MANAGE_ACCESS_CONTROLS);
-                        checkGranting(MANAGE_ACCESS_RIGHTS,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(MANUALLY_CHANGE_DISPOSITION_DATES,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(MAP_CLASSIFICATION_GUIDE_METADATA,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(MAP_EMAIL_METADATA, ROLE_RECORDS_MANAGER);
-                        checkGranting(MOVE_RECORDS, ROLE_RECORDS_MANAGER);
-                        checkGranting(PASSWORD_CONTROL, ROLE_RECORDS_MANAGER);
-                        checkGranting(PLANNING_REVIEW_CYCLES,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER,
-                                ROLE_POWER_USER);
-                        checkGranting(RE_OPEN_FOLDERS, ROLE_RECORDS_MANAGER,
-                                ROLE_SECURITY_OFFICER, ROLE_POWER_USER);
-                        checkGranting(SELECT_AUDIT_METADATA,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(TRIGGER_AN_EVENT, ROLE_RECORDS_MANAGER);
-                        checkGranting(UNDECLARE_RECORDS, ROLE_RECORDS_MANAGER);
-                        checkGranting(UNFREEZE, ROLE_RECORDS_MANAGER);
-                        checkGranting(UPDATE_CLASSIFICATION_DATES,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER);
-                        checkGranting(UPDATE_EXEMPTION_CATEGORIES,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER);
-                        checkGranting(UPDATE_TRIGGER_DATES,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(UPDATE_VITAL_RECORD_CYCLE_INFORMATION,
-                                ROLE_RECORDS_MANAGER);
-                        checkGranting(UPGRADE_DOWNGRADE_AND_DECLASSIFY_RECORDS,
-                                ROLE_RECORDS_MANAGER, ROLE_SECURITY_OFFICER);
-                        checkGranting(VIEW_RECORDS, ROLE_RECORDS_MANAGER,
-                                ROLE_SECURITY_OFFICER, ROLE_POWER_USER,
-                                ROLE_USER);
-                        checkGranting(VIEW_UPDATE_REASONS_FOR_FREEZE,
-                                ROLE_RECORDS_MANAGER);
-
-                        return null;
-                    }
-                }, false, true);
-    }
-
-    /**
-     * Check that the roles passed have grant on the permission passed.
-     * 
-     * @param permission
-     *            permission
-     * @param roles
-     *            grant roles
-     */
-    private void checkGranting(String permission, String... roles)
-    {
-        Set<PermissionReference> granting = permissionModel
-                .getGrantingPermissions(permissionModel.getPermissionReference(
-                        RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT,
-                        permission));
-        Set<PermissionReference> test = new HashSet<PermissionReference>();
-        test.addAll(granting);
-        Set<PermissionReference> nonRM = new HashSet<PermissionReference>();
-        for (PermissionReference pr : granting)
-        {
-            if (!pr.getQName().equals(
-                    RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT))
-            {
-                nonRM.add(pr);
-            }
-        }
-        test.removeAll(nonRM);
-        assertEquals(roles.length + 2, test.size());
-
-        assertTrue(test.contains(permissionModel.getPermissionReference(
-                RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT,
-                ROLE_ADMINISTRATOR)));
-        for (String role : roles)
-        {
-            assertTrue(test.contains(permissionModel.getPermissionReference(
-                    RecordsManagementModel.ASPECT_FILE_PLAN_COMPONENT, role)));
-        }
-
-    }
-
     /**
      * Test file plan as system
      */
diff --git a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
index 60681b35b0..10dd0ad686 100644
--- a/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
+++ b/rm-server/test/java/org/alfresco/module/org_alfresco_module_rm/test/service/RecordServiceImplTest.java
@@ -33,9 +33,7 @@ import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.service.cmr.action.ActionService;
 import org.alfresco.service.cmr.repository.ContentWriter;
 import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.security.AccessPermission;
 import org.alfresco.service.cmr.security.AccessStatus;
-import org.alfresco.service.cmr.security.AuthorityType;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.QName;
 
@@ -275,7 +273,7 @@ public class RecordServiceImplTest extends BaseRMTestCase
                 assertEquals(AccessStatus.ALLOWED, permissionService.hasPermission(filePlan, RMPermissionModel.EDIT_RECORD_METADATA));
                 
                 Capability filling = capabilityService.getCapability("FileRecords");
-                assertEquals(AccessStatus.ALLOWED, filling.hasPermission(dmDocument));
+                assertEquals(AccessStatus.DENIED, filling.hasPermission(dmDocument));
                 
                 Capability editRecordMetadata = capabilityService.getCapability("EditRecordMetadata");
                 assertEquals(AccessStatus.ALLOWED, editRecordMetadata.hasPermission(dmDocument));