diff --git a/site-administration/process_group.json b/site-administration/process_group.json
new file mode 100644
index 00000000..26717984
--- /dev/null
+++ b/site-administration/process_group.json
@@ -0,0 +1,9 @@
+{
+ "admin": false,
+ "description": "",
+ "display_name": "Site Administration",
+ "display_order": 0,
+ "parent_groups": null,
+ "process_groups": [],
+ "process_models": []
+}
\ No newline at end of file
diff --git a/site-administration/set-permissions/group_permissions.dmn b/site-administration/set-permissions/group_permissions.dmn
new file mode 100644
index 00000000..e6847c85
--- /dev/null
+++ b/site-administration/set-permissions/group_permissions.dmn
@@ -0,0 +1,164 @@
+
+
+
+
+
+
+ "*"
+
+
+
+
+
+
+ Admins have access to everything.
+
+
+
+
+ "admin"
+
+
+ ["all"]
+
+
+ "ALL"
+
+
+
+
+
+
+
+
+ "education"
+
+
+ ["create", "read", "update", "delete"]
+
+
+ "/process-groups/education:*"
+
+
+
+
+
+
+
+ "organization"
+
+
+ ["create", "read", "update", "delete"]
+
+
+ "/process-groups/education:*"
+
+
+
+
+
+
+
+ "Finance Team"
+
+
+ ["all"]
+
+
+ "PG:manage-procurement:procurement"
+
+
+
+
+
+
+
+ "demo"
+
+
+ ["start"]
+
+
+ "PM:manage-revenue-streams:product-revenue-streams:customer-contracts-trade-terms"
+
+
+
+
+
+
+
+ "demo"
+
+
+ ["start"]
+
+
+ "PG:manage-procurement:procurement:core-contributor-invoice-management"
+
+
+
+
+
+
+
+ "demo"
+
+
+ ["start"]
+
+
+ "PG:manage-procurement:vendor-lifecycle-management"
+
+
+
+
+
+
+
+ "test"
+
+
+ ["start"]
+
+
+ "PG:misc:test"
+
+
+
+
+
+
+
+ "everybody"
+
+
+ ["read"]
+
+
+ "PG:ALL"
+
+
+
+
+
+
+
+ "everybody"
+
+
+ ["all"]
+
+
+ "BASIC"
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/site-administration/set-permissions/permissions.bpmn b/site-administration/set-permissions/permissions.bpmn
new file mode 100644
index 00000000..e2953bee
--- /dev/null
+++ b/site-administration/set-permissions/permissions.bpmn
@@ -0,0 +1,287 @@
+
+
+
+
+ Flow_04t49zv
+
+
+
+
+
+ users_to_groups_table
+
+ Flow_04t49zv
+ Flow_194nkr6
+
+
+
+ groups_to_permissions_table
+
+ Flow_194nkr6
+ Flow_0fhzucf
+
+
+
+ # Permission for each group
+When you select continue, the following permissions will be written to the database.
+
+{% for group in group_info %}
+
+---
+
+## {{group['name']}} Group
+**Users in Group:**
+{% for user in group['users'] %}
+ * {{ user }}
+{% endfor %}
+
+**Permissions:**
+| Path | Allowed Actions |
+| ---------------| -------|
+{% for permission in group['permissions'] %}
+| {{permission['uri']}} | {{ permission['actions'] |join(', ') }} |
+{% endfor %}
+{% endfor %}
+
+
+
+ Flow_0f4klqg
+ Flow_0q5cs4y
+
+
+
+
+ Flow_0q5cs4y
+ Flow_132k5th
+ # clear_permissions() ## Clears all groups and permissions from the system. EXCEPT ...
+
+for group in group_info:
+ for user in group['users']:
+ add_user_to_group(user, group['name'])
+ for permission in group['permissions']:
+ for crud_op in permission['actions']:
+ add_permission(crud_op, permission['uri'], group['name'])
+
+all_permissions = get_all_permissions()
+
+
+
+ | Group | Path | Allowed Actions |
+| ---------------| -------| ------|
+{% for permission in all_permissions %}
+| {{permission['group_identifier']}} | {{permission['uri']}} | {{permission['permissions']}}
+{% endfor %}
+ del(all_permissions)
+
+ Flow_132k5th
+ Flow_1ozuh1f
+
+
+
+
+
+
+ {
+ "groups": [
+ "Administrators"
+ ],
+ "users": [
+ "admin@spiffworkflow.org"
+ ],
+ "permission_groups": [
+ "Administrators"
+ ],
+ "permission_uris": [
+ "/*"
+ ],
+ "permissions": [
+ [
+ "create",
+ "read",
+ "update",
+ "delete"
+ ]
+ ]
+}
+ {
+ "group_info": [
+ {
+ "name":"Administrators",
+ "permissions": [
+ {"actions": [
+ "create","read","update","delete"
+ ],
+ "uri": "/*"
+ }
+ ],
+ "users": ["admin@spiffworkflow.org"]
+ }
+ ]
+}
+
+
+ {
+ "groups": [
+ "Administrators",
+ "Everyone"
+ ],
+ "users": [
+ "admin@spiffworkflow.org",
+ "*"
+ ],
+ "permission_groups": [
+ "Administrators",
+ "Everyone"
+ ],
+ "permission_uris": [
+ "/*",
+ "/*"
+ ],
+ "permissions": [
+ [
+ "create",
+ "read",
+ "update",
+ "delete"
+ ],
+ [
+ "read"
+ ]
+ ]
+}
+ {
+ "group_info": [
+ {
+ "name": "Administrators",
+ "permissions": [
+ {
+ "actions": [
+ "create",
+ "read",
+ "update",
+ "delete"
+ ],
+ "uri": "/*"
+ }
+ ],
+ "users": [
+ "admin@spiffworkflow.org"
+ ]
+ },
+ {
+ "name": "Everyone",
+ "permissions": [
+ {
+ "actions": [
+ "read"
+ ],
+ "uri": "/*"
+ }
+ ],
+ "users": [
+ "*"
+ ]
+ }
+ ]
+}
+
+
+
+ Flow_0fhzucf
+ Flow_0f4klqg
+ info_by_group = {}
+for i, group in enumerate(groups):
+ if not group in info_by_group:
+ info_by_group[group] = {"users":[], "permissions": []}
+ info_by_group[group]["users"].append(users[i])
+
+for i, group in enumerate(permission_groups):
+ if not group in info_by_group:
+ info_by_group[group] = {"users":[], "permissions": []}
+ info_by_group[group]["permissions"].append(
+ {"uri": permission_uris[i],
+ "actions": permissions[i]}
+ )
+group_info = []
+for group in info_by_group.keys():
+ group_info.append({
+ "name": group,
+ "users": info_by_group[group]['users'],
+ "permissions": info_by_group[group]['permissions']
+ })
+del(info_by_group)
+del(group)
+del(i)
+del(groups)
+del(permissions)
+del(permission_groups)
+del(permission_uris)
+del(users)
+
+
+
+
+ Flow_1ozuh1f
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/site-administration/set-permissions/process_model.json b/site-administration/set-permissions/process_model.json
new file mode 100644
index 00000000..e1b52161
--- /dev/null
+++ b/site-administration/set-permissions/process_model.json
@@ -0,0 +1,11 @@
+{
+ "description": "",
+ "display_name": "Set Permissions",
+ "display_order": 0,
+ "exception_notification_addresses": [],
+ "fault_or_suspend_on_exception": "fault",
+ "files": [],
+ "metadata_extraction_paths": null,
+ "primary_file_name": "permissions.bpmn",
+ "primary_process_id": "set_permissions_process"
+}
\ No newline at end of file
diff --git a/site-administration/set-permissions/users_to_groups.dmn b/site-administration/set-permissions/users_to_groups.dmn
new file mode 100644
index 00000000..c6a71dac
--- /dev/null
+++ b/site-administration/set-permissions/users_to_groups.dmn
@@ -0,0 +1,65 @@
+
+
+
+
+
+
+ "*"
+
+
+
+
+
+
+
+
+
+ "admin@spiffworkflow.org"
+
+
+ "admin"
+
+
+
+
+
+
+
+ "nelson@spiffworkflow.org"
+
+
+ "organization"
+
+
+
+
+
+
+
+ "malala@spiffworkflow.org"
+
+
+ "education"
+
+
+
+
+
+
+
+ r".*"
+
+
+ "everyone"
+
+
+
+
+
+
+
+
+
+
+
+